Analysis Overview
SHA256
02045e816bd8f2583e1e629f60d2414f6f600fd9c4823851d050ef44fff17511
Threat Level: No (potentially) malicious behavior was detected
The file 917852539181df56ae2dfc036b97eb72_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:37
Reported
2024-06-03 10:39
Platform
win7-20240508-en
Max time kernel
136s
Max time network
126s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000b4355e449c708ca002bcbab7b914d682399a45e20b245110df3d2a28a40c550000000000e8000000002000020000000192ca446a5804771a5662ae18d43b090d1577de77a2e48f8711a18e534c006fd200000003dde3f7d8093b4d5e3b68e311f119040df927d7169c3c0473c0f28b894c893324000000055e4ae8e60a494472c6476445e52932ce29722fcf06bd2f058108c9faaadd5a2a5a31100df54a1989151b57767e256e1d92157a94ad48a8f1ce53bd66c4ba8ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CB71591-2195-11EF-AE65-4658C477BD5D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572900" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906b2550a2b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000357a28146961a698b88ebbe1cd6f8f16d49b0c68efee581d88d0924108a62522000000000e8000000002000020000000a845802a14b975d6581a4447f6661f7d97204898030476948cf857b51ecc441490000000db2fea457bfa0e6d3edc0d2c4b38e00a3ce8855350ab241c8aafbc1206376d9fd3e6965840f01c96e68dbf1d6acaab6fe6a971581d5e7c03f61329fd24d6fd3da84f0439a6567cf908367247be403425d243d6a793022f48a3d705a9b3f1447cdbc62983c38c331ec972cb356c9789825e0f1501c350af983bdebdc049e167789f3e22fffcb23cab2b983a011547120540000000f5874a8fdb0f342189e3a20f76dac0010cf0a7f11bab40e429508e2816197b2a43034e58222f8094890544310d36bd3e0788a97c5bbcce53a5fa389e5f06d9f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1940 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1940 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1940 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1940 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917852539181df56ae2dfc036b97eb72_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 220.185.168.234:443 | s19.cnzz.com | tcp |
| CN | 220.185.168.234:443 | s19.cnzz.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 220.185.168.234:443 | s19.cnzz.com | tcp |
| CN | 220.185.168.234:443 | s19.cnzz.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2176.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar220B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b61492427cf6e55c8238223b713e608 |
| SHA1 | a352f83536795d6f1a6514cf449b848f806c6682 |
| SHA256 | 1ece2587f51fd068cb538f9549386a36a54de08a5c5741716c5a363118955cab |
| SHA512 | 39f8d84eb2bd6c97a24cb576eb614bfd46ee7623de2bff43c7bdee5e25811770569f4c77416e7800a92cb30b6b85f4b3a0338423781138b01f1467cad57ccb80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b88b5150c0a85e2efab9723aaec78333 |
| SHA1 | 463f6defba8b95d3e5b566e2606642698754d315 |
| SHA256 | cec692035b00042f49be6d6aa2521b7c6f5cba5be85c3f9c2a7a564c4745fff4 |
| SHA512 | ea6e8f12996f35ab66514b443cfcf1f37ec8d0960c23c3e7aa01ced905e084f193aae7b3a5f7df1ea4f0ba9b2e3b06a977225009c8106caa024aa4024d9d6da8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e049186e83cfc254e0e2ee132f2ec528 |
| SHA1 | 2b958365b4329fb1caabc70b7ea755543cd20fe4 |
| SHA256 | 9dda77ace1c76956db5a7d69d337f18f5fa4ab27cfe862b4cada756842683e03 |
| SHA512 | 68203afe21606cd425a56b540bdb28a9c1baebf14b53e73bc82bac0cc1af0c665396efbc2ef56b4395948a445785e766547b65a109144baf14d9e87c252f0d26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9a295aefaa3105a0becb8a01a4574b8 |
| SHA1 | 0a4893a2e8f32aacb363fc8ea6c046872043ce40 |
| SHA256 | 70cc141e795af2f8573da397dcabca018c47eb702a93f829607aed33687a0aa1 |
| SHA512 | c0cbbb38c462b65ce0cdf94efb5437bab51313d9b163bd4f86e058a71ed7e4b569cd811e8d10f638c31770983dd823e07ed9bf94290debb246ffe33eddfd5c96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26b74416df35273623b2483ac7e28eee |
| SHA1 | d9d7aa294a5a066ec5693252ce0f021647608188 |
| SHA256 | a3a961435e72ecdc62177ba769a2a7360c44117a16783714a2c36e69e916272f |
| SHA512 | 364b61a65ed889c25b431769b3854e181d11e87806724ee55db5a6e934c38876f9161d70779078bcdd5339268a660af531f34f25d43a43ceb6376e16673311a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71b13e9cc0dcc925c98fea2bc07a8d40 |
| SHA1 | c82af9366bfe8a5f74c6aecec9e98249e4625401 |
| SHA256 | 83a0cbadfe6999426ff71e2a9934b510cb32dfb5914f9258bbfecff3994b78c4 |
| SHA512 | b98ff9b77c82cc2e246b4794bb4d803f545d10b3a3523692dbab7dc0bd7ac3df198f1faad8bfe49b6e4457ee52f46c303529f98be89df8428be79224349ee2e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa8acb82260d2b6903eeeadaa1f698a0 |
| SHA1 | 5a4742e690b9e0315b47591261b5baf7ff3cc3c9 |
| SHA256 | a28917880ff7534309b3d497ffff69b3d3d7f834cbccc9997b9934a84eb55e23 |
| SHA512 | 7e3ca92106c4c4e0cbb13fddd27528f4a7406308a20963c4fda3371c36b3cfe77cac761283b07a91c3a6c995a60638c5bfd971505aa3bc454cff817c290a035e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec8e0f2b754c71551963f0c951f9d514 |
| SHA1 | 43fd40b67d7794869029a794dc982962955229ae |
| SHA256 | 7d9bb9509809ac0af0eaaf6e6f6b700e77d18d48db4b6e09602f7932b4b9cd3e |
| SHA512 | d611c95dacad11fbc87a6246d085ce4e2119cc439406fe72122625303bde327312b2b1974e4dfe900cb1d4e5af710f391807163a0ecbdd4c3232a53320f37113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e977f4bc4729c434ddc96bb9deb37aac |
| SHA1 | 67ed0ba8594635d18b079ee6c3e21a56fca246ce |
| SHA256 | 9a0e2948bc0e788dfab95f20358bd0ef2dac98441af6c7bdd0c9f28f6aa3be88 |
| SHA512 | ac8b2009290430b60158252e2e49ac92f84b7e7af40e882c1983d0750644459d990afff1ec473b98c5bddea7ae77ad0a86d65ab796ed8d56dae7f19c734db743 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc43bedf930896496aa40a7f27c6f5c4 |
| SHA1 | efe0fa8d0727911861b1ead22e9e1ba7f325ce3e |
| SHA256 | bbfdd3c77ee5930ec370d32a686cb6be711f20a3c46d6adf285037a21d9553af |
| SHA512 | 33515e1142dc0e695fc60e567ddb6a32becc2e8d5383e005517414cc33e13132d6b4ca410c4f1ec5264495db77842ca4892c7b6f6119747b97f6d1a2c934dea3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 276ea853bf1e38ef8947249be33017d8 |
| SHA1 | 89bb4aeae1ff4e40f62a8433efe2c77161f5b5ae |
| SHA256 | 3329c98ffa66a5ae85eeb89b9fcb02b0f798bb5a5687502c5991db73b4802bae |
| SHA512 | c70324871c7e625d1443ff7ecf6dee6569dea9313c90a0b1bf66d1f01118a3a976ee29525fbf2575bd09190e5f584d88d381c67d8fd2926e1443a5438d8fc48e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cf48323e7455969f2ad2d07c7748dcd |
| SHA1 | fd342f2649aaec1e3029654f84e69cf5ede7422b |
| SHA256 | cfb293687e41ec8959500ecf72d392678fb5bb077b35d154eed4c80fc30d6171 |
| SHA512 | 1083d1c478372cdc9b790a04b28509e7875ca686a2ae703ee06eb1a4c1ff0ea6b6352da85b67a432b214367ad13d435bbd8821492224f790dcb4ac3ed111de4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27fd8a00213822ce21f091652342d61c |
| SHA1 | 8696127c9da42e35d6a194f4d4db0ccaccc486f3 |
| SHA256 | 11cab5050ebda9b4288623c5a190e8c792dc37e232ff07641f3d5252fb29def0 |
| SHA512 | f8915adcf31b5e03195274268155bfcf0d99399eaecfa25a62bfd2ae176a18a6d3e77b15c381bbf18f5fde3bacdcd55cd3c6cd029a81763e48188bfed1e31555 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d7809ae5f8bb3ec14853a00e1e7bda5 |
| SHA1 | 8da40f4169279045ba3dc82167ef1147b8a579fa |
| SHA256 | 81651a7a273ac365d0ddc5f8b7e248645683f39dc0951e4317650f7e8d2d21f4 |
| SHA512 | 2eed5c1967ddf2fb7ddf440d9715c7c8293ede01b8bd69d2011d0ef8777263a2a5a49fc9e26e3ece12bed0ef95ef311212271b1b7eda80cd6d1dee3feb76f70d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c369de99312280d94f5c7f79d5fb3829 |
| SHA1 | 442da84f7b2ae7861fcc706f6531e35fffc84724 |
| SHA256 | 5b6e43453ce794b367bb44caaba731d907e47ec560d3c081244c1ed3e0c0ee8d |
| SHA512 | 309daad606705e45b62ee189cecff441857c30cdafc4eb1a4be316585a450e089645d9974515085a7a225d1c78f8fad4be285d05e698057495f10acc97183939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67e08e9601bd884ceb9ba0db1f36e930 |
| SHA1 | 8335a39248c15359155aafd7dc4bf5107a7f5dbb |
| SHA256 | e507cf7f1f8ff73028955eb6a108b5aefd59d394c5ec59a6af91b45016ea6bea |
| SHA512 | 356d3fb4b82fdb1bcdd7958dd77d43262424648b07dfa9c756a14d84ad8dc920d0b7a4775aa0754f323c7b29f492224a8b13cad664dbb0a207892798dda37c1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 843ba81b8a4cea76fcaae2ca902b8519 |
| SHA1 | 08b761468cbf9795afa342db600ea49fcdae004e |
| SHA256 | d44097f01a0a06737cacfa85dc996432bf1d16637f1186b8c53aa0a8d98ff4aa |
| SHA512 | 81873d3c9d56b248bd563697fc69e415c4d6aabb78ab13ac5114ca0086e04e0941c2a3face9601a8ff83088e47e640124eccee9bf26bf95c2f184cb14722c3c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc1db022bd26204d9fe842746af3de42 |
| SHA1 | c0a0b9bc851341c0b95aa7fbff4a23fc1477cc0f |
| SHA256 | e3f22b55984c0f33653a67d52c01e7854624cf19a62381620e53bd5cc57e4660 |
| SHA512 | b68b28b131711e219381b5ca383257976b8701224d27c1c30bfa41085e3df922faaa2c0574c1db06da67d9deff9dea44ac793e0d5bd92a107fd74a20a914bdee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dd31e46aa1f453adb4a85e3850169d3 |
| SHA1 | 790c0b6e2624648956c73c2c544fc9a794269471 |
| SHA256 | a14b332d7e20ad371f2575bf7d9d6cb2b59789530f15e173d92dc9518ddb9745 |
| SHA512 | 07b9097aaf2121e9cf9e34e217bfbeaadfb95d07e2c920242a4b183a24a712925e0fa99c736dbf9a320eca99349c1a3aa947cd578fab770ba0dc9f17f53cb1b2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:37
Reported
2024-06-03 10:39
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\917852539181df56ae2dfc036b97eb72_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16313372449435613486,17991905685561683054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16313372449435613486,17991905685561683054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16313372449435613486,17991905685561683054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16313372449435613486,17991905685561683054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16313372449435613486,17991905685561683054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16313372449435613486,17991905685561683054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 220.185.168.234:443 | s19.cnzz.com | tcp |
| CN | 220.185.168.234:443 | s19.cnzz.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 006539c54090635e8e5e5a1ce166b729 |
| SHA1 | 2aad622c8d2b649b2362319f95e677035e7ebaef |
| SHA256 | 4774f8d4ebc6b772bc249ed8a7f8b2d22b2603a59d13b883a8d8184d5290d4db |
| SHA512 | 72e722f907cf991bb37da89b595bf418cea5c79cdece845f15676d926c92c563138f59cbba7cfa1c75f4a634a73011212ef401921d519364ba33bb03ad107ca6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0df17cc6fbfd7c931ee7c8bc94a8827c |
| SHA1 | 6e321e87b2e8870cdb302cefe1da08e84acf7e6b |
| SHA256 | 49d2fcb83db13a8682b304e88b36183f26103f8349434890295316d2bb64b18d |
| SHA512 | e9f41a443d3e216c46566ec988a7fda9ec922160dba394d23670e42dcc4ffcb59a1903715ed0a0b5c2bb17f73d705aed7925d7f15f57690a030cf632fe2b7d38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1eb0272af2586ed6371c35325fc40212 |
| SHA1 | 80ef3a08ab5d7e5352b79f2c9ef1cb106e2bdec2 |
| SHA256 | a6f0f833384ad822240828c02f6556a9c7b0ec4c78dafd0b775751b6febe8a60 |
| SHA512 | d0ffc2b6fcd0245138744f1eacb3079f1858ea7b12f65406ecbcd234fb57aabddb714e037d578dae23e886650e6bcb05cc3e889e0663580602041f894e89a46a |