Analysis Overview
SHA256
f96444337f9a8ed13388acfb064f201e31bbd32a5ee202013bac5811d0ecb484
Threat Level: No (potentially) malicious behavior was detected
The file 91b5df071498450cfc3fc1c52e861d82_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:00
Reported
2024-06-03 12:02
Platform
win7-20240221-en
Max time kernel
141s
Max time network
123s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0720aefadb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c45e5eac66fa47b752ea8fd3fa1d6e00000000020000000000106600000001000020000000e84ee3713999e9589bd7d119f2ed935728fd22f1cd42ef427828823c6664f7de000000000e8000000002000020000000b064aa44b36f77436769c5255c58127b3891d833d4fec24bb992fc9bdebc0bdd20000000f8bd15fa9075853cc11d1663d93b2a97716f4933ea9b37ce8e03c1176e1157ff40000000a51c58d2dbe4b5464d9426eab2c394a138e949249d625431e411adac56f760d3e15d89e0b4f23e3bfca4404440cab96b4ddc11dae3ce3dac3db4216802a56989 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c45e5eac66fa47b752ea8fd3fa1d6e00000000020000000000106600000001000020000000e48f2b154d236f2aef07eb4ff2d10864d5a6b92b2e57a9ec8b9ba5560ab150b3000000000e8000000002000020000000e470308e22a2d1b40d2566c7c5d125fc3bd2cac2d7aa0b212d6060c6596085da90000000a52f15a53496990b526b8680964c38eda01e5dd5a5b64ff3bd650b65ecbbda0833a69f39f5a300f9b66059b930b9ff07b31d1fc8a3da72f0bcefb844cab4ad3d052fc32750aaadfac0e7049540d5691dcfb96aa41dd3a9dee261fa9ea77919df68e90d5fe26d5937ca40f9e5ea94e178733cf5b3c5b1eb6a8412da2360a6ecaa3f2e853e397c5fa4ab0eb4a1425963dd400000005553a333cd0bb9336cc332da252964790b70ed11f4ccf455a057f547a38ad9bc003ca7eb8ab5a38124e0f6580b384f3d8c4523edaa6709bae98582a8fcf56044 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577886" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D8878211-21A0-11EF-83FC-5267BFD3BAD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2724 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2724 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2724 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2724 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5df071498450cfc3fc1c52e861d82_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edu.xekga.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab17B5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar18B8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d0f1d3ea599e5719c60bc8c077dbe5b |
| SHA1 | 5d278b50e7fda583a4e462342ca201c0bde7d0c1 |
| SHA256 | c35e151c257a22eb63123e07a5630c72f5848cc4b4b486c40cc602bf741acafa |
| SHA512 | 60aa5bfb05104c679b02f68eacd682674248b001c207599609c14a5fb8d891693352607d4587defeda38c7e929665ddab84d0670ce769a49625cca895260caf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a451a8e890df657cd1fd244c1f3e40d |
| SHA1 | 5985810c977abadb06e0be5e39e08ca00b14c7ca |
| SHA256 | f003b90b2095ea4d83d30f48628c1d40300b65acb65df22bded5c57ad5d083f3 |
| SHA512 | 68ce30e6a6d3771005cf690cf03175f19a977756b4f7be70357889c67895976c2f28b21a00f51cb4bebe8ad8aa3e3f22bcdd80f49323d1a6e2fdac37f6286824 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be9b04333d4b16d9127a590784310511 |
| SHA1 | 6ad436a9a56a32c77a01c1d8cdd28aeb2792d4c9 |
| SHA256 | ad756706f6c610e3a502381c2c62b7aa4da80b26b22863a1708d6d33c904fbff |
| SHA512 | 91e4a5babefc8556b7e5f71c8578ac96dcf23a885bc53084d38cb683ae0f26b25db1cb1c630b65a925b747dde1a0a8e5df51f788654c81231eaf7c89b05ee204 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb1e6e0d1e600c32130da4fd0cf40ee6 |
| SHA1 | d2da8181b07338fc312deb3f80ceaa197bfe36b0 |
| SHA256 | a6547c290daad2797a68bdfecda2f498a0d93bba599eb63733ebab7b88a7b622 |
| SHA512 | b06372379a8e1a98aa9a24583153aafc37c8f19d0a43fed9190251efbffafe0f2731208eac70a35b97af5e6a03334acc518bcc38e18722fd484dfbaeef449913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a85554bf08d4bf5501b7029b8d261eb |
| SHA1 | 3ed90befba5db01f55c0955728849f348c970847 |
| SHA256 | 0c8752c325b40a0e53ac49a6e9ec8c2ae335c712773ab6b24505e45205dd43e8 |
| SHA512 | c6e3eaf228b225b46abe834629ec815a8c5adf5c84cb3672bf9a2889e2c9ee64d6be25ad639c074bec942bc0fd2108a6e3f876074bf4aa177068dd5a05d1f001 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01d0ab66b9815618e8021f225dd7e677 |
| SHA1 | d224cb8006cab3d860c2b323f6c0f07b4c45ba23 |
| SHA256 | d53fe760bb641f8c6edb29c4f58a0ddd2a9eafc995a2f075ffbd92ac9650e962 |
| SHA512 | 0a7e8bf5bc0d8989fa345727209ccdcb744e7b5f9be0cdbd06d9091a46b1c26a66d392aa8e00ee024904a9e480b972ff741179d571671b37601e50736fad03ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 941170e625a667809cd3909dee113469 |
| SHA1 | deee81e7c2d0db4ae3c328ac7fbfcada60656a52 |
| SHA256 | 937b475a4ad14a3245f89576ecc7ce57d70a1958aab267c44ccda0b18d4dbeea |
| SHA512 | 4e2b5c5c3240abc7f1bb53623490163a17199bd2995b1aad9917f68d3d1723fb73b8ad7a5f783b0185b51303c203ca567e2406fcd92b821d6f5c6dec0ef1bdc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f46f28bbc525ab208c851f781911b6fd |
| SHA1 | 162df78637c0ed793c446aa38bbaeccc98fad497 |
| SHA256 | f68a38995cfe798c82b25c9dfd85314056677dede1b6fa33ed782f72ba9ddf5d |
| SHA512 | ccb4d694614e04e4239caddac3c1d07f8b147ffcea6f3aa0330b207527aee007502d4375a66147f8d472d9e472ca567befb70a0afaa8a7d5d515ec4f92dbc4a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3681e17bb2c077edd7c2f2add450f36 |
| SHA1 | 6f05345b533bc7d6b547bdd6f98f7fc37817b676 |
| SHA256 | 394c68a2c6bcd406d9c906834c558fbfd2cacc943015de072da1f4ae0ba2b23e |
| SHA512 | 63ca274840eed3eb31810ddc3a60569d6ee9966f52a26533933baa36b919a55931d3721ecede310dd03b1a10dbd76131962c809a3c27be115bc97bb596df06d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f134bff450f3253459d2de367cf3264 |
| SHA1 | e3fcefe7b91c896d50c4209b90cb4508e64688e8 |
| SHA256 | d5f6d64384aa0bca418c83675487fe5392c54b41a999b784bf59bc72b374fa1c |
| SHA512 | e2353d5610fd2abfa2965fc10c49e266daabd8f1dd466623813730d037003f910bc8ae2e9670e2878d786b28e9746355adafc32a1e8c5ac6f451152eabcc8c5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5db896140facfacb1f52956773984043 |
| SHA1 | c6f1ecd39754277abf5f6b7e83c6ff144a6e2595 |
| SHA256 | 0b062669aca16aa557cd82df15af94df60576adc80c0c63a56aa7d7f505a123e |
| SHA512 | 030cc81ac29a6825ce207ce5e55cd5c46af98926a262a63480b6660e1db0f3e8238132b73e09947566b9084a83f07259544677f4bc30030996b8028ed82c40ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f276b0885a6f605897042c3850fe9117 |
| SHA1 | 4c359d08bc964d6adcf97c3abf42eb4e5b639f7b |
| SHA256 | aeab49e3f4af4a1ccf1feb657e8b2ab06baad37ea679f2ccd3421123ce0ac7f8 |
| SHA512 | ec914f518ade2714baa48c7c6d152c58cf37c445e4c8f4f957fd9630be455910e2819b3f2ab2f445f4eadcdf682d1df82473e80614aa1ad42f958d83868ed2f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b77693f438658d374a1c7dccd8559e4d |
| SHA1 | d13855206c3f878cff6436525948d96cad13394f |
| SHA256 | 0ac0d8c9213980b0ddd6e916283431be54f9fcaf2d5d77730fe2509451cba511 |
| SHA512 | 032147ca55ac7851c723e83fa47253a9f19962da6d63cb25c2c5b0d019eb601d487ee2ebc27b7bef18ac445ad7b3dc62b05752187427a6a913c50ae16bc93769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a91c207f8266a5836cda8799cdbd9d4a |
| SHA1 | 310014e668a89d6766d21b9e53fbe057904609eb |
| SHA256 | 5339a456d117f520e2ef9f4d181c66091a835884af4e197aadd56bc3ac5098e7 |
| SHA512 | e6a05d89e0dc2f31e9c9a3e6f7e99e880a32769784d08f5930c0f13bf3cbc40ab3b11a135b9fcac8384979bb25b922ac3c2cb15190628028767021a2dac50724 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c4a75afd859ac838a35c8e7ca4bf26b |
| SHA1 | 6c51659a7fc3c83180e140fbceab9a9610fae858 |
| SHA256 | 7f2d344348a832904aa565ec4c71af64889d8da1fa9c8015324bec80852dc68c |
| SHA512 | 7f5d44746cb74590cd4c1e9d7049194d45666ef16d5917e86106481a7d9685a44ab86d25dcf5e8953eb68e61ad3fea187a8cd2bc5ed94254fa42fc188a9ae010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b65edfbe254895f29ce7f60552befe9b |
| SHA1 | 8cebe89687e4f362e77d3881bf0969d1bae9737c |
| SHA256 | ae65b48f3bca90e5b47f9ae118ced012a984f4b4b747c8fb16190482bed9a09b |
| SHA512 | f06ed5044fa7a70938e62f5e8ba7a909dca4344a3b6e8af49cc6807daeedac59b2b0fd16e93167da62ca43b72d256326df788ca8ac8d1b06b84d09d61709e7af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 600db6dc6476614c926e9ba364f82991 |
| SHA1 | 05e2d40528b51799947e31f5d0068cfae1a87f07 |
| SHA256 | 6ad854776bef6b57cdcda210cc2abd9a191d39c03522db82b06f166d90d795c8 |
| SHA512 | bd3cea036cd03024d46f8b3848fa469415ac21da34352f61dd2ecf9ab9ca5909376a3d22cd1465c4e280663323f7f0aa8b1a85bfba3826ae9580279812c455c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83d41081baccb6e7e7f4b13b72685bc6 |
| SHA1 | 3e6dd25bb58c6746694031575211ba0087af7c71 |
| SHA256 | 8c534e2b4f8ad405dc5eb2d28f31cdc5e4849d5c83103d52e00cd30060276ae8 |
| SHA512 | 4c402deb9720ee9ac6a4e2e9066f106d60e1abaeca4dacf4cfb5be6d9cecd921538bb5bd9f4c3025069ee81e6258b08ad6222a7eee5660c7427ab91403d18162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53ae735fb58dfa4f319bd47e9c98cd58 |
| SHA1 | 8ab765e9fe023a80b0abe8576ba81879f017750b |
| SHA256 | 7558ea449897d7f823d9141fea8bdaa639414224e57a5f13de60b5285f09ea16 |
| SHA512 | 8ec35a3b9e8088452b15ae9474249d2c61a8000c8d34d1907bf2cb3dfc631cb837d996e4c271ccea273d3220e71952eb0c3b7843e4a750bc3047e8cfc38de3a3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:00
Reported
2024-06-03 12:02
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5df071498450cfc3fc1c52e861d82_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edu.xekga.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.53.126.40.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_208_GCHTDKOMPZGBVINM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0127a63ac31a7e05511bf40e5ed5bb06 |
| SHA1 | d8d45ac34245eb02cda4f1e1e3db91a829b83b59 |
| SHA256 | cba87f034000c5f26adc7bcfbded5bee41bad39046a4b051baccb305be9a00cd |
| SHA512 | fb378d1c0e49f1731eea34861100ecf60241a19655756a2948afeb0792a59c26b104d24ac3430986e2042adf74b42b028253291ac5ec123d533bc696e285c0ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d4c4ccefc89dce9691ee6da0d6eed1c4 |
| SHA1 | 84b4656ee6bfcc2344dcf4c7bce2010ec0d27efe |
| SHA256 | 3540422753fb25127c11e258fd3dc6a3730bfbf9874dcf60aec5db46d48a3a5a |
| SHA512 | 3502971f093917a0958b38771ff5a2496d40abcc2701265ce2ffaff42423c2ccc2e7ad0e9bff3ee79037673d2130227b2cd9f11e0377138cdc9faadb145d435a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9c87372feaeb697db8d5683b24ea714 |
| SHA1 | e88ce2ac20fddbdf8706ea98c943dbfee6a27fc8 |
| SHA256 | b19c99d2cfc0cc73bad823386aa245356768c5642c5dbae6b4c06a68f8665710 |
| SHA512 | 9b47d149d1f3d39a667b34f1f3860a3001cb6f8056e9a23337de77c23622a39227952f02952cd50068c97f525e4df9256d894fe3c71d11ca4da510e491d031f4 |