Analysis Overview
SHA256
50a2fe6063615eca385a46b19499b84f93cf2c00577a7c1af78ccb95d2680a75
Threat Level: No (potentially) malicious behavior was detected
The file 91b5172acfb37a0791d66650385a69fb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 11:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 11:59
Reported
2024-06-03 12:01
Platform
win7-20231129-en
Max time kernel
136s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b60c8f14aecbd4ca3cf387838dedf68000000000200000000001066000000010000200000000fe0a3d9a84749d7756182a5a30752b4c3b49b215365f7bbea0dad9349c61c29000000000e8000000002000020000000613dabb8381a9d4e324d2e58abee570d1e5a1b604068b54339070b2fd3f6aa7e90000000a7b9ec58c78e6bc0696722484d49b7529fe2f856b80d303c0012e3ed3ae469e1d6902a9215138ea88c9aeccf0d9fef0fe2a763bfe9ed5dec289bf9f31943677f15d1c28d0711571f469f521f266c499dd1a6d6f9305806d95470346467a254161957560eb538bc68f1e46330a86fc21eb42ccfc5933d357c1a2029cdbd3a0bfff040bbe0d503faa423deb79ab474e83b40000000c1596d42268edfb2336c20c5359e3575d01d905e06b0d2e6f30acdf9853821970c7c8f92d70535992d3ba71ffb4c534416fef6ec648bc2b31c28a7f07fbbe8b2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b60c8f14aecbd4ca3cf387838dedf68000000000200000000001066000000010000200000007f3a8ae4d70c7d9c1b39c7b48380b3ebceb32d05807555923c75e0568e59ea15000000000e8000000002000020000000f9592409bade2fd431c45f91096a6a7d8a821dc7bb96ed34adb0e95b4ff1c7402000000052e8241c3931c7addc6dc3182073f10aa06e8f06a79a5f986ed7e13b71f8a96340000000eb4915b18ca31dc8a1c6c2cac1390a5b8d464b3d5248f60036c80dbe79b21ee1b041d025042fc131e60769858e9611d593125a44935eefce05a031507e6e83f1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577818" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0588bc3adb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AFFEA581-21A0-11EF-B69B-6AA5205CD920} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1368 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5172acfb37a0791d66650385a69fb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| NL | 23.62.61.99:80 | www.bing.com | tcp |
| NL | 23.62.61.99:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFDE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3654d7177060f496c9d20540133973b8 |
| SHA1 | f7cc706ce4dd2ff6dc200e07e555f37963e58b24 |
| SHA256 | 1caae165283fbf44c299528070d893ce6080d6bea23fc94a2f4ec45b8903f6ea |
| SHA512 | 351f27bb8a20252596fd6bd11e94d09907483e9f059dc32e2dc2418fc1c3bf5d6a829288ea1e35ab4be6b88bff49fed4402ef252ccade2e20ff211852f03bfa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ab04b3f2b7fe0a5feda3f8d78cdd1a00 |
| SHA1 | 77e4929bfea2b72d48eb9e08b8ad420cd8d6eb62 |
| SHA256 | d0c48da630d394b3aacf37a6b0729a786ac5daab004ac823662f85c379d180fb |
| SHA512 | 7afef38263dcb3485fc967e3187a7ba45b333d88576d10f447c1bfa753656888c351698d8ca00effbe3701d5e16ab1acadc8d04e469d066a83baf45686c137d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07cc87143c7f2c1e2fb7e5e686ef913f |
| SHA1 | aafdcb22c6d68e9c44943fc63a3b3e9b7522d136 |
| SHA256 | 9db05ff52e555d05f790163f51e2e087326409837235b3570c412e0db686beea |
| SHA512 | 19ae344e6498c97d7095bb9c31ff186ee66992431a814112f61248ab13bbecd6d4e3267d74d8702b968da80a29a042e50880f15272f4bf6b602ffad9ae337749 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34fc2e376082f763ee8fdba97ff81105 |
| SHA1 | 175d04d24cfe7f6eb2e0fdc1d6195cf6922923c2 |
| SHA256 | f04c04a3fba3af5381cb21136fb78f405c04214faafbc015f21cf3906b7e70c2 |
| SHA512 | 39364658d1050b66f7de82acbbcb35a890778e7085d4a3a9c436c793ce7c04c58eee3819245262ac5f2446b6a762acf21ac71fa54a26e49e62dc1dcb6c860b17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14519f8bfacb53087c0fcf627163a0f4 |
| SHA1 | 5c773eb5cb87135d09c61e9e302b1b19c3c64bdd |
| SHA256 | 03eb3e3a3f047c66015e2220d6fcb83ebce039360b57e7f924f7171d1350923a |
| SHA512 | e2b461e86d7f74bf258d2c60c1af5cd4a5766329d4fd9e60349353461d8c6df1a99d83b4edb53951cd450f1e6b2fd5c29c0e5aacce9cab85e198584b4ce5e698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0848af70ccddb39a05467be6fadf1b0c |
| SHA1 | 9bd2da53fb2082f9e6f84d00bc99b4b7537f8bca |
| SHA256 | 927f86233fc0822417bc900609ce38c177f0f2e359e7a48a29f5bc058a0efff0 |
| SHA512 | dc4f2fc3f7a0d711bbbb26d38abd3690a34e8d9d184bf242482aabba1937e33623910e603a3d16638998811b4024d27f7c18355668476a701377cfc16b4c0d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cc2e829946c7065a3d0bc58819a7fd7 |
| SHA1 | 8e4a6901dc968dc35a5ad36b804ee79bc7db5680 |
| SHA256 | d30aeb0d6a25fc2e4cec323dbdb7873e0927a611bd9cfafa04ede99ed68dbf8c |
| SHA512 | da7b6e321de50aed1c59ca3ea84de4590409eeeaa5f72dc12d0001d2391e58565ee957743a6631da4bc894c7a678369be042e9bc5259d1189d3d4e387fcd7db0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 450c4f89403ac85a71b8e69ce172ccc7 |
| SHA1 | ca66900ef47e9c88dd9c9dadd7d0bac4831f60f2 |
| SHA256 | 0fac7eaddce8bbba2f01ba5a2a4f84719cddd95b60d154dc6d65af46fe7906d5 |
| SHA512 | 637fa8c9dfbdc587aa2400cb0a906f5e37f7aeb838c012ccc59a3ae797b834c9b2b55bf43611a036404739fedc375dc90854afbdc197eda26ea6ac1f5b081629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 746b7cd10ab7641633d099619fd64d41 |
| SHA1 | 426e7581ba941c1bd157814dc47449f56181abf9 |
| SHA256 | 320624caa52d69269c7860faf751409c44ed821bc97d69494a458d4413a4461b |
| SHA512 | f3daa87309054e0b2492aadf4771635bdd2195a33ea1d7e0a9097253669d2d961d2f5b3b94316f01fbec4446b69bfd520670fd624ea218d17f3c89db91c7e2d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a45a84eefc39fd3bb65ed2b5956e10f7 |
| SHA1 | 5a9b0f25a1bb4b96b2b41e18dd140bb43afb7f94 |
| SHA256 | 283c5572e9681ecded134722f0e0d9367743c2e3c9a97ae43f9657c87f79f7d7 |
| SHA512 | 59819af15ed0d5e77c0ed0b7822c4c4047080adbab9f1eca2a6577aa5d056671f8c8c0b63ae771249b351c010c4be431555bdeff26ab77c735f085a4faaa48f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f200366a493ba395b4378a2acf6de609 |
| SHA1 | de8703c00b26ef1993910e6133aa48da0aac339d |
| SHA256 | 7d23680b9dc565631c652f4a0c0db0d6a41af66f92b80963fc730b5411d1b0e8 |
| SHA512 | e2c6240d17a1c3c0029560413ef7369c1b82fe5906043186577ceeecb856bbb2d9b6136557263808cd4b3dd8e53f060255db67a6958e5277eec98adcd851e54b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6ec878ac30e731a56cf8331d11e5cd3 |
| SHA1 | 6861956e8f4d4ceb7b3db08de8432bb7705f3082 |
| SHA256 | f0baeec22141dff4fe9afb172af736a7c1ef4cbeafe05d03598e0efb45bd57d6 |
| SHA512 | 3c59e3e48e3d6faccc8b44afa869cd8d64280b4422897a81db0dae61ce1efd09fc0ddaa588d377670e7ad573ec3bcd687e4b87b55b2e39d4a6dacf3d42f9494e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc00834320965dfce8a84f2b838ec9f |
| SHA1 | 5d3adbb2359d0f75e188efb1e8f6a79599d4a367 |
| SHA256 | 19ad09a6d728a6193fdb3de16f1ba3a27d515c70751c4d150fb1d12d783260ed |
| SHA512 | 85c1ea9c6c0bbf1c7fb03d7aa76d88782ca7197f620c3f81f5d1459037a309a1fc2579417bec7039ffb762f304ef72342708595238a9912b015dbd7d746a499f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bf84c88d2ed7bfbbf07eb56a3bcb760 |
| SHA1 | 6c9e91fd7b21646292cd01c2754a28ce064b7f5c |
| SHA256 | f6036527c03ccf61ceb3c73eea09b5eabb319f480f410691ab29c10d85a85534 |
| SHA512 | e7ef5e3b280763cba7f61f06e3cf79bffcd1ef5dea7894ccd028eaedb605696d31532255f8e11c65f1d2e743acb7770c2a0b65fbaaa72b5caea5de381e21e8f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 954b3c39d9dd63af134716e7a86a6287 |
| SHA1 | c51fc83a7af0621940bcc4ba92c29a0af3717292 |
| SHA256 | 21e7cddfe25469403dbecc4bd5499585408173b7ca64e27dc95a2406aca3b580 |
| SHA512 | a52d8b4118fa42eb165fa8e394c710c95dcefac1e91efb6d13e031d228f56eee1cf3cfc6f4bdfd11baf40242ea9756492f22b1539075876da8b98d444e72db3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0818883ac879965d263a215f1015bd5b |
| SHA1 | 3b62757d9f315298d2d9bf7e065d431bac3286bc |
| SHA256 | 19bffb6c0efca4f91885af21ed12477ff0268c6e8e2e14d4096a74e4d4ac74a8 |
| SHA512 | 0779d415662e26f95265bdef8adc8eb86ebfc00be2b5fa94b33488f2948d2428bd8637788f46d7e3a8b64b483fa3be8c6422057d1e63be7e085b43ce7737371f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3039b5bedcee49a09fbbbab21e40094f |
| SHA1 | 356617038a762e996f5315ecb6e143219344175c |
| SHA256 | 2b481419ce9d2bbac45377a887a25309bc0947dd169b3fdf75d3844773d6aee3 |
| SHA512 | 597a3f62756997b36b8632a1d48ae82ff8c5727427b32c50c18217792ff4a5c99add5aacc9dfc8a70e6f5934de26f6928ec69b70fe2800161c8218c59b1bfd58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 360d43914cb85e37e2930f5f7bdc76c1 |
| SHA1 | b4dd46feaaa414f43b8f6b7ca0af309ff9cdbadf |
| SHA256 | ecd7c99680e0bff43f3131ab943802bc3276a0d9f246d51e45cee2466a6d271d |
| SHA512 | baa72d32ebef1b329e40c24d37d3f21f2cdbfcbdc7a80070471f7d4f66bfcb573f9b26353882971d569e3f0db01cc4df48e0da957769e30435c753adabe81447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5399238d925ee5236efb7bdb5ebbe472 |
| SHA1 | 69026969b460219d04a83f38557e6dbefbd8a61d |
| SHA256 | 8d56b6b00a55cf9358743385e69067eb32aa482cea71a9dc25b2ad6e79df2bef |
| SHA512 | 496b02dcf281a4e86bb7520f28c01c804eb55d938959ac694dab5c2d9b6d9cd652068b88331bc14e954ba53af51289072014dd7f1b21458117f3f8b253beab99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffab1242526be2f1027dbac161e76588 |
| SHA1 | 2f34abf561a94aede2646bf328c706e7e24c18d4 |
| SHA256 | 794be555471e13f002beb668e309efe99f094ec379c6c31ba356b8c2be6b8202 |
| SHA512 | e077462dad8eb47d2afea618dda48a150f8062690f68ed4e2eb2531d0b9c91e29b72a531a992b98e804f17743b454456f040e4fa1b095cb29b107b8222a29927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46b9b40f8f615382b0094f4f5aa9e6e7 |
| SHA1 | acaa3168d399f0754028940c9dad3d733579e422 |
| SHA256 | 27e386d8d994aea0241262528331e203c2d0502d0db6437d300ca1d1b963e3e9 |
| SHA512 | 81e0438f3677c4124b3820befafba0c1231a3bfc9e1908315b21f0cf7d04cda8c63d0ae61fba895cb0540a0100851784fb5487e6852c7ff0ba3d26795d3f8051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 11:59
Reported
2024-06-03 12:01
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5172acfb37a0791d66650385a69fb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.sinatv.tv | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1224_QPXEWEAIYLZKVCAN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2ff1aec5b391d1733f5afc4023fa2d1 |
| SHA1 | 99b3fff23cc9f33a1c7670f51da148ba30aa8fdc |
| SHA256 | 234bc0c729ace2bd0cdf8b162dcba158bb3bda6aec2e321ca9978cf502657c96 |
| SHA512 | 58278f8fdd973ba702cb69b851c5a382020a92dd860dafc446f3258e36740e2910756cb80ff936bcdb1894cb97c962b963dc89c7a7fd9ee6bef5f3d54f2f0031 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 932b3021d7026cd70a78b8e6f27ccf1b |
| SHA1 | 10f41ef74fa58d7efa8c270d44f5d2565268db54 |
| SHA256 | ccee9ed992992a5c86a8542ac9d0aeb3d1cfb177997c77e84dfbeced3689464a |
| SHA512 | 843305f1a4159bf22b7562a5cb7c9799563b04291aeb16b4845f1b51a5fc8f8f65fb1a95ddffb941657e2ea269d683ea74bae0159154dcdcc16949613ef72a45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02dcbf665490e9c9f9c5f7e04f73241a |
| SHA1 | 127b25ee1eba133ed4970b86c151e4a073c525d9 |
| SHA256 | 98c1c57c89e91f8994b7dd0cc752f3a4a0194e071a10283fd47cc46a2c67550d |
| SHA512 | 973225c28da84ce2c2b305fc127d3dbdda178bfaede1277b05caa4d51f11480cdf4e0711c318f7eebf1377af8cd494598cdf298ed936db6d6e60d310978bd29e |