Analysis Overview
SHA256
2451db0018a6e32f383ad0860d24342e1941cd9520a40c40006fcd835f65ec1f
Threat Level: No (potentially) malicious behavior was detected
The file 9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:53
Reported
2024-06-03 08:55
Platform
win7-20240508-en
Max time kernel
143s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000008697f047799c6135da3fb3214a27d7a2e89eaaf5bf3961e6c559cacb6c808d77000000000e8000000002000020000000e69b645631e0ab6eac3a21335edc22522e149e1483a611360612283e2b701e0e200000002c5aa6dfdf623fc28ac53e5f5aedca661c5a78a87b41d3909648deb0ca7a5a3040000000381f081e04e5d5be7a97bf5ffd65409b4e83adef5c759c471f3c413d0be2829c183ce543bfeba0b5b969483e5659f5cde5df2e26b14c43c286574d5e841431f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000000d8b1e6189016e348a0239d9f54386de8bf51a31a7e67f0b9b699d98d1763edf000000000e80000000020000200000000ab2d092011b70d027d9e11950f68bb84dd1edcec595ec29685b2862fed27f3190000000944f81ac96ca45b13de5ff6aef33cb2b2e4a4517ecdd7860da020e45f74effdd8ac8d4a03303b75264092c0e2460d7abdbc177cc18c1b0368c25a70500fcb452bf07e97116e8402634b36a5b394ac424f85cd074158615b84109f406f556f4420e311c8f54d6932491a32922fa74cc6d50f6d6430b2ee4099903bbf483202922503b77b013b5ce85e20a46922d977db0400000008a35bfe5bb641e5c3d492496106f99949abc43c19bf4ec6d74fb05f46084d2fced904df17e0363a26e3195afa931fa97e7d3021b2d5a16321e1b26ffc9b54d19 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 507cbcce93b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B71FE5F1-2186-11EF-8C92-6A2211F10352} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566662" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1368 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | goi.clftx.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2242.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab22C1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar22D5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2281bef1f3430f3f4ab4b669ffc8f410 |
| SHA1 | 020f675e97675fa6fbf0e6fa6a498139cbf52942 |
| SHA256 | 20314bb02dc4b29b55f8218996940daa120eb16fcc1323737e7f160225021fee |
| SHA512 | cb2c8ef0ea5bc7797de7e7b61c7daef7702875f5e3b7867ac027274d4bbdd00cde147efab09bb57e156a22ea668cac267352bc228a467be65566cd36c21a7747 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db00d0073cb439d713e24cc1deaf18a8 |
| SHA1 | df77c6d07cac4542720731558ed31dfb401ddde7 |
| SHA256 | 624c062d90ca96c9d6ce1c5c2acfde78a13fc49509bf2232e236033a58685d40 |
| SHA512 | 918328caefcc6f641b664ffa2fcaf12290c30e4623412c487917778c2c272db217262e54d001f1165916b8f2402ec713723485de7276b95ad161cef035c9eb4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcbffcd3835bfa62cf06f859c5c5a050 |
| SHA1 | 020abba64f7b8ea7896f2e74ba9d16416f641e56 |
| SHA256 | e6b538b1cfc7c6785cf95bd62697b6bf947a59d60b3c0fdfe68bff3ca2223b68 |
| SHA512 | b782c9705042cb4af7a8f9dae08a30a6f370d160626cb915c99ace5e7ec5c311d82f9d1624e29104a0a5f67f2fd0e22ede34442ef35cc160c83397a14ca22185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b22e629de4ecdba4ce589db00fa12f6 |
| SHA1 | 5ce57d1f46b5245f70abdae44b1e7c31da18e0e7 |
| SHA256 | 2a38a6c80ef367df388131f8469128a5404fb114ef817a3c66573e64258c4c3b |
| SHA512 | 17bde9d9cf7854e6d1e4d36ea50b8905552b62430d9f7ff8204401127e694dacbfc4b44d19e5220738686c150c5f27827f992d6aee4890de245e1d12edd1e0ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb80ef58831a70790f8cc282489fa324 |
| SHA1 | 8390f1cd137d40d867a0d99fb5ec2494cd30b868 |
| SHA256 | 214f13d41aadaaef94cefb6ff3886cbff769fc53c17eef9debf9dceca53eedec |
| SHA512 | 2cebc9bfd52f3aa607b08bfe39acb8dcc5a56d9530afb3be56659b8830ad1ea48fa78e389b64d72d992b7ee1ea8b7dc3375bd28055d1f5803ee09d8551606d9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ab4570a933e8a06f7d7424e42eac6a3 |
| SHA1 | f403642d20dee017925070e9054d67fafc7ec2ad |
| SHA256 | 391df194ce7fb7759f5ce05be238c97d71303710c091f067a03d24f50463bdaa |
| SHA512 | 13bd5fef14bbdfdbd169ed7cf07a348fe75626b8361bb31af9542d1bdd2b441085dfccd98a97dbf7da2f2b2c5794a9b6c82574f7563b2e53fb37d958deb380df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 821093c754d5bcf67d4aa0b8c40e4670 |
| SHA1 | 2437e94460fb9ba9b2ee8ad561aa124e7eddb9d1 |
| SHA256 | a714dadab61927a12ecdb4368e73ccb642c22e6062629fe3a0e05b23618f4653 |
| SHA512 | 33eca734f3419e45af50561bd80d925b4cfd86065825dcc995fa23d5a0cb257825bfb1f8bc625fb1023cf8797607969a62fdcae7e7c3e7d9bf99aaa8b5b90186 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd23c2f352be139d174ca2ff38b378e0 |
| SHA1 | 44ccac84ae44a2977cccba6a7a7347439d0a334d |
| SHA256 | 4a854f48a014cb5c8cb2274a406da5fdf42e640911e2a1698223c766cbaa2bc5 |
| SHA512 | 3b94729589d612e7f63b78a57de7bff8bb5e9b07ca5177263754a71eb6ea65b499a58d51cd2ec5a0809b0db36f74533868566daac85906f48f78ab81bd75c406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ede88d01ecd577a3a3f925106f57343 |
| SHA1 | 27edf9658989fd967fced7a070232e12e49d2491 |
| SHA256 | 32946e607eda93ef35991a8e8715f1e40b6c7945c518abb2383831c1788d9a1d |
| SHA512 | cd583c14cf4bff9fb873f410b938524e80d9eb360945465954cb5c68c09f7fc28e43be57749900d0a1dff03a8821862fbf5b54440304f64b6e0cf8fe93f37775 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49d0489d0bec15e20a7b230be991bf14 |
| SHA1 | 50f86ed36be412eec4b038ea94069ad94e2a23a0 |
| SHA256 | 1eb7be3c2fc29aa31083b20a925c47cbd890dcd19cbf568af132b4ae4a317aad |
| SHA512 | 7e54c49fb6f1c9557bddc22171eda74a2ef66e4e420a99b7215b581df6f4e883ec40a77503f1f24e392a4ecd8e9fabf8e2d237b56a7298b62d577c737a86f334 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7b21794c5d2d2929441237786293fb5 |
| SHA1 | 106b77915614cda7d6ef4e0e9e4fc134e5aa6c28 |
| SHA256 | b7df9a6abb769315738f75d8ad5e9f65dbcd4b179bf56d50cf90c3dae8dffe46 |
| SHA512 | 32a1f095d7fe6191f61511e0c539cee2ba4fb32bf33e0a042ec14acc5abc1e6d88830ceb991c1cea9d0747f8485301f517e01fdabac1a5602c79100a9060fa44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d19fbe7b4f0f1737b7d6bfd066f275 |
| SHA1 | f15b667467f5a1511fc3010c27bce412dfeac76f |
| SHA256 | 352fb268577093356e153c0e3ea4d6e3792f3d4ca6ab49aea5978d65a572107f |
| SHA512 | 0b14c04d90c2dc8a4632cc1067901897a8d8f64bcdd679bfb374f3e5cfc5abbd55bc76dc6d8d037fefe5ef36b079401eb04defb705ad89922a01e9f430d6b505 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9baad5a259e9eaaffb342da985faaa1e |
| SHA1 | 2e986e81dffcc01dc8e70e5f34f7a131463bf7f4 |
| SHA256 | ef5c39e5b2ea36e3e973539816dc11a4c834a9907f657c9b6e2a36baf710415a |
| SHA512 | 9514f71215d7427170a8c55bc9dae814d7e4655e713d0c0d3c3be5a1f03526da6a825e7d411eacfd136c530182c70d60390a29efabfa2a2550e7db1fb8833ff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f475fa6acc7f51d4e1923cd9abff696 |
| SHA1 | 54729b2ad5a2357054717735e5928a88a955a35f |
| SHA256 | 973444c117853a905c3a58fde6581ce4dede1510bf0f786e30c16f46792f3ef9 |
| SHA512 | d430b0378c3e3d3292f19155d998b6e2dd8e0ca48e261f6d163344b78160d4ec29f9613e825d896d8cce32a51196838a73d2beeeb17a71aae7454c3bbecc4503 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0aaeabda54a34a8174d6c1b35327a40b |
| SHA1 | 07ba4e4baab18d65370c72c8c630694bf41ec5f0 |
| SHA256 | 0558a98d1d8af8f110a8b4c62f7a6344b96ce4517e329f1eacf0339017e0a082 |
| SHA512 | 6c5a9bfcc2885721a792515a404244e5d00d8c19dd2ee737876124ad659d4f0cb453c7ebd9cc39684e483567373b3f06db483bde93a700dd11eff33f06ba19da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e758eec9836c4e6ec6ce980165da6ab |
| SHA1 | ab14ad52b92ff785523aa3cdc317f9170380848f |
| SHA256 | 3110810a4ca0f01c24876547871fcd25e33848401e3b8d06abcd2591219a4a84 |
| SHA512 | 82eea8f5aca06271491126191d3556814979e93cf0f81aab3e109a451a7f1f154398e8e3a049cc203edff3088bc3ab25b1e49a3d51fb2b96114976a9629c8598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79588bd292852443beb7260781df264f |
| SHA1 | ee78a42f35e17d83b2e5a41d6deff818cda05a74 |
| SHA256 | 96200fd022c4b1b5e81d0fe589b9beb45fed0f2454d8fd2e11e2017ed9d1d2a0 |
| SHA512 | 7af3c1f6f833424baed841354823575cef9a1605f5abf863b416c6bb6c8546ee85f4ac8b97be9142db8d26cf308b31a4ccc91b8a0324fb7979cb5ea519135b20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98b916d44ade3db66a7d608fa91beb7d |
| SHA1 | 2e72fb7014dd448e3da8fe0adad1338d082216b4 |
| SHA256 | e4484cb5f73bd4ca557a8d586d28d6b062dc9a327d646fdd76c8778007fcda49 |
| SHA512 | ba14f48e9051ff90c04679f58d70ae0b1814f23f80cbe5849ccf88ad0df1539c16bace6937346d185314548cb4dc427408f9e50044cf817326593a2051f9ba9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e9ddd39dc16e8e69e3b40ed75b085d0 |
| SHA1 | 32e0d5ac4dd99d9e526d2ba104a052622fb84c3a |
| SHA256 | ad7af918aea4b9c43803fc66a7aecce45cc592ee55b59ef9b3c705a4339002b8 |
| SHA512 | bd07020537befdde45ba22a1c1e40b4bbbda54cb16ba542bbb9fec5d30ef33caa73cac893891087936d0513f76c1f8b2a68e4f4e363423ebcd77174145b050ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 199b065ab205e6b010e25013b2b1cfd2 |
| SHA1 | c055a2dccc75e368905403590db3dce4d099599d |
| SHA256 | c16e632bbc02380a56e60cb1e3ba0d81415f8a334a0ea119778959ee5301b2ad |
| SHA512 | 898c95856ed6fd3385b99c4c1ed00bb9b091fb36c3cec834161e2f3043c901a01f93fc83bf862771fd13f0f96f94648cd32c8bc224b7655dfa838836c0fb81f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56d480a8098bc1a6156a87ea30a8b32b |
| SHA1 | 2d38dd0db98a14a4a6779ae03eb61edd947a2204 |
| SHA256 | 2e87d4c32c0a6d5c630ca3c978697ce157233cfd38ad47256254e3c8c4d0723d |
| SHA512 | caecdd7c866591a0b00c724d375ee1326eda40b62ff88ab08f15f2948ad7e5ae0c5b0c096d4d02355d295a8b5202c74b4fbb3c35beaaffdee8289b891d67d54e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:53
Reported
2024-06-03 08:55
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa80746f8,0x7fffa8074708,0x7fffa8074718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | goi.clftx.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_660_OSYUINLMEXRBUQQH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87c51ab554d5d094641cc1e531346a01 |
| SHA1 | 5639d5537bb8db3a7b389c12f2e6e8393de039d7 |
| SHA256 | 6e761cef1c9076492127efb7fc7ec406ca3af1d05f292cc9ec21ffe6b50f18a7 |
| SHA512 | 3dcebf789a7c83d25298bcb0537c0b321f61fa1121ca95e5178766c51e53356d4ae3e8c89d5f4e640e1c5775dbd4fbf83d25b470db57c6cc3edb970db8a27604 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5dba6bc990ee256c91e68939ddd73f68 |
| SHA1 | f075666899e364863239a6279ce88966f5b0fd6b |
| SHA256 | 88911914157afd1b211e768d753a79022f8fa5b71fb1ea26f6249f2a2db7e668 |
| SHA512 | 40b767b53524f4cd8a679440d89d3ae163afa465200f218b0f968e4a99165c61d8d53a9a0330b0f21ecc233dd85cea78a661736c6aa39049f37f7e8e806fb8cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2893af0407757133adce96fe3cfbeef |
| SHA1 | ef9c5e9c03dacf39d56c64099d4464f39565464d |
| SHA256 | 8dd64c115d0e92ec07145d9f12abeb49e97b3447fe7fd9f5d9bc2cac149ae61a |
| SHA512 | fdf11b738d1953e594a5f65d2c78e3bbe600abe759a1012e92d2378021ec4fc4347db32f24d184f7ca6fd623da534b37246b81aa62c979473cb07ca406edc38f |