Analysis Overview
SHA256
05c5598aa0ed7c9bd9f8d74795f1d3b25d7f9fe91fe7b2c2c18fb5f866b9f6a7
Threat Level: No (potentially) malicious behavior was detected
The file 91ffcb0aa523ae1493b82cd2be8d4791_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:44
Reported
2024-06-03 13:47
Platform
win7-20240220-en
Max time kernel
136s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09c9d44bcb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c063fa56bd477d43ba71e4ba11092f530000000002000000000010660000000100002000000043e78fef6ccf2838d2c9757413e93a5ac7fadf968a5a4ecae0bd58eeb4a487c0000000000e80000000020000200000003eb9865ef77831a09139da367cf14185466a8f9bf63f0b57521e824fdf8aa042200000008565e3762ad6c2ab730d9cb2ea7cb93a4865ea8622533dc8ee7b644fdc9c2d8d40000000df799f270e2c2865e2e56ef7fe23c7d9df5a918ecf938b9edbdef743ef06b110f3d19c5135b4e7d47ebea5d8eeffbb403db7604f0bf524a9d1a32469d2e8038c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c063fa56bd477d43ba71e4ba11092f530000000002000000000010660000000100002000000014f6b500062550ae56cefb4eaf77c12ed91a64b459c007a99a3d22e4a841b29d000000000e80000000020000200000009cb47cfe3c9814af074fad9174c05bb68785d1e063181af27df30eaccc2ec8b590000000a0fdeb24c43330e7d3e7b6a102124a9bea44ee7c14a3d9eacc24029f99a35e92c4bf9c3dbf55fb2f7ee671a36318ef320d9487653a8efce7127bc296ee62602fad9f847a572a83fc309ea533f8eaa3910082f81b34940e20602c32545842de4cc73c2885e08ecbf4e90ab7383b303d80855b62accd8d2c70094ace3a5f189c5de53c317cf09d3cc0c820c04a6266b79040000000eb977cf9c8293e1179b1dbf4ed712f9d02da5e78c43bac6be992455d0f960396d055b53350c72c175d449a36353e267b606224f5a0a8d89fa58820625296c7ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6FEE7291-21AF-11EF-9BF8-4A0EF18FE26D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423584152" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ffcb0aa523ae1493b82cd2be8d4791_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.motherless.me | udp |
| US | 34.193.97.35:80 | www.motherless.me | tcp |
| US | 34.193.97.35:80 | www.motherless.me | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab234C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72e028036346ab419377599851adc891 |
| SHA1 | 0e1219ef7c0a4b17496141b9e47b8db18bb1399a |
| SHA256 | 25f7fa705cee4416cd9348c2497d2fd99d0f69bf670896487197d7525a23a4b6 |
| SHA512 | a2cdb06ce8059b385316e0ea85f1671dbeb0aac1cd1a42b77f18cbf94b9c5f7fe0a7efb9115ac6790d8e3cf6f075fe2da4a8b063a3c2ac7a56311ecb708c4a4e |
C:\Users\Admin\AppData\Local\Temp\Tar242E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abad3d91976a69691bda22fe6564dcfa |
| SHA1 | 270145c54bab76b5ad83a288dcbb97e1997ecb3a |
| SHA256 | 6c6f5b7986f0dad80040f3afab213d9c11a8847a653b22d3c776ef2806363852 |
| SHA512 | 871c6e53b71213042ce447a03bfbc8853fa61601ddde8ba4a5015013d32d9e4b8094d896f43e8f6596f8a4285e050e7089ce3d92a262b9de970afc0d44a6bf20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ebccad92968242e5fae077a279d6c26 |
| SHA1 | b9e3edc33b450809f635ca86ac59158aff8d5df2 |
| SHA256 | 65a126ffdd945f471c9dd24867d90bb6372607eeb45a17829ad5f65b494dce99 |
| SHA512 | 2146284fcfe37b4700fc862d3df30a76f5b11177bed5625a95df51b98f3f64e7d01c8da9e9b9420a23f40940ee5e60cab923b6b60c64fc22035242ebde63f92a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4817d29284ae3562695b2bc14681da25 |
| SHA1 | 9a474551ccada3d5502554189dd1315360c04c37 |
| SHA256 | 18aff5a35fc4583d3faadaf9389905de3f46e310d49acc8449ae4f31ebdff47a |
| SHA512 | 06f7a7ab440da9f9a50d3a38969b36b3225b0d1ac2ad85ea67695afcd897f782869cca6adeed837be7d85cb08f2bd95cbe2198f98792431d8d539d068eae1842 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2859b39b930a03ccc306fd3415ee560b |
| SHA1 | 866c761945c1b4f4c4f527f4f83a240a4d52a5a3 |
| SHA256 | 73dc9ad89e4103fd73063c43a6065f948e3c041ae8cab66d2c7b800cae07e30a |
| SHA512 | 6f28f6aac3a55b1228d8b928532491fb2bbca5473dcbff2ce352127d155ce2cde6e9f41e9aa2b95930ccfc4f9ec93d8c6125980e375f213104a5e775efae079c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a5b47bc57f13d8d848caefdfa0f48ed |
| SHA1 | 8b45ad9aef1db9e603451dba8182651f00e455c3 |
| SHA256 | 2b8cd07ec4e15f9ee8aad15360d1211c774e511d723578eedc42bbc6e661a12b |
| SHA512 | 4c12ce3d8c8bdde5e9f58ad266a7ef9b2b1bef49dd3176268d5d386b9a5eaba298660c572b45192b0faf5aa2fa28289846183b85221359cb4dd5ea84a772c6ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7aa79a9162fb49323f3283e7c642b8e |
| SHA1 | 69075382e8ee2403a782fce08a8d20464f2f0f52 |
| SHA256 | 282bb3b47da99e5e4439a2d5d0f62aaf84391790f80f848aaebdbfcf80b9b8e8 |
| SHA512 | 6df29fa911389cca595b8e14b07597decddfe18288da111254869a2676280a38d9065e64dab9649ae1cae97f96f1e923af6f1ce04c799d606572fe18997a7843 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4820f99cf65a0190f7d99a641d28b25c |
| SHA1 | 76511c27c205b58bf5771ae6587c28fb3fe6e54f |
| SHA256 | cf545f448eaec15d045e3a10d53be13964bf1b71cdb5294ce9a2b8e984105c9e |
| SHA512 | ffca830c85df34409388ec78de4a64e4716487f52ad5b04f08430f41738724002446b6fb3f8d07eba7f29d8104141c15d23383b64bfb48cdbc729959f90bfd88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1d860acb6960b8fd9fbc1c160a8a6e5 |
| SHA1 | 45dcab40bdeaa39532d714cfe2968f5107358a02 |
| SHA256 | 8de0d121e08a8d161460114fbd4dcfdb9af8e3b515d64948f361d204e1f5f927 |
| SHA512 | 74af0ad31d87ed4f52a5a592f23a7d7bfa797cf8ed4a084174d8362ac11249a91dfd460297073bda71ad03402434a8bc041801a972bc266eb4db860e819def47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc5d7a828009ed7cd670e38afbff68a3 |
| SHA1 | 53def19e926658ef202c75d8cd5f32d390a8f2b2 |
| SHA256 | 6ebf96f382dc56edd13a4e9a66d8c53835726fcba4c9280e448443263c9ba63a |
| SHA512 | 0edb3c9dfb113aa51202e0a5eb549a218f05db75b11112aabaac1914799c5be27194c9d54abac8781af9af3e41c44dcfe14f96244d166cc44d89998637ab2ebb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4eebdb7c43625778729b85849f6e375 |
| SHA1 | 6f38c4a9f17d3141e66de5370f5933f70b493b7b |
| SHA256 | 3efe1b7b0e51bcdffe10e4cccf7776da50fe05ebcde81205c3f8ace674d0dd4d |
| SHA512 | cd900b2d3b4bb76d22e3fd8eb1e1be5aa19b6878977b069acba06f5e8dd2eaa0d5e4eb00bf5b3989ce6334118d49185a04f16e92197a3564a4d1e34a75eb2c0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b73a32d6bb4a6a0d13cd8a38692218d |
| SHA1 | 6e38b0ed3e2fd016e40909d1a659a2247e162b70 |
| SHA256 | bf0cb6d3f65f364124d4daa2a3f01e42e00a27c56ab20b7253a517e03105465e |
| SHA512 | 64231305db5b1e2f8404132a4b6ad2d1e113af840a4972937cb1129dada2413db06bfee97cf50a0cc66933aabb07211270ad0f43d9d9974fc1adf1c2fd550bdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32753251ce1b75c291a2f5f287a83d74 |
| SHA1 | bcfc5c1ee40f8f5858060a490df5e1bf04e2b87c |
| SHA256 | 21a351c2257bd1bb1b1cdc324fcbb50d08e20728e4b4f2690b6ac9f06abbee14 |
| SHA512 | b81182799ea95749799d1e1ea35f6640dfa56792bb6e3675fba0518cc8ee7bd26f07e07a5dd08b824dd8efb19e792e39580a9802aa1512dacce99593330a82d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78a7a167493795889c3af743f4976bef |
| SHA1 | 69d1d786ff56f2bf9a825d0355f4d57a782e56e9 |
| SHA256 | 1ef564bc9cf4a451e2c96f6f5535ac52bf2f0163898b4883dae464ba8b2b11df |
| SHA512 | da055fb3a435601d81193f1c84a200406eafb04e9e66473f53bf885ba2a9d847d4bb9603f694e2b8468ca146b250382e6b73b93afcd99e3e0be5a7518ab29ae1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b371279afd2aa0366fb806e69327811f |
| SHA1 | 502ff87fe0d31b96678fc7631f19aefab89ef664 |
| SHA256 | 0360001e25cba440e15d966b4f62d8356981ee071a53fd94810b5a5526c564e8 |
| SHA512 | 9ef4c9672a9e3b1608614ca7a166dae6e2b7ba76f78513c6f86e4c279cd7a57d09ab0dbcdd1e2ffc06253414e947da6ffc34f07ddb016cdcd7d86ade8fe727c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b157e98847dd285759645398df944a0b |
| SHA1 | e62096a7dc4bba0b8695b607c73a0650a6f6700a |
| SHA256 | a4a739f1dee4d22b265501fa490a2577c925d4719bd0b582f1233386267607b2 |
| SHA512 | ad501823b833ae6db4920525d10e2855c2e792f86c0239123373535f6cd96e96ed1b0e8d17e6eb01e13edbc55c05eacea22986d20e298ed1508bcd5d23d6cfdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8daafd8de44471c5c9611a8f58abb65e |
| SHA1 | 19415028a5e77bc5b6569c56a6040e0c3de91f3b |
| SHA256 | 577f761f82ac75f2c6a9a3cfd834d6d22280b6e8618126cb1684a8503854bbe4 |
| SHA512 | b4b57fa5c3f8c25a00023879854e927a233344e81bc04b72811f7791118c6aa74ed23a24b6237857e9a3d7cc74a2fbcb0c8bdd5582f57155e7eb42968d3e9d41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0ddda2673abab5491c1adde841cfb84 |
| SHA1 | 95274064cec30a7c1b295fb839cace1a9335cace |
| SHA256 | 32746c540f4159741bbd0f1c3dc02cb4f597577a07fd51badf9082c9284120fd |
| SHA512 | f4ef07ac308088d5e3d3b438605571725124def8660b2e83fd964f18fb33a8d19df714ac6952eb18387fb417fa48cd8e3b0a416fc31ed80039d9c120c6bb571c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c5878d32e0ceb5abb3c078987818aea |
| SHA1 | ce1bfa2c33fb15514ee8640c9fc305a93fe55274 |
| SHA256 | d349bb02a3359cbe14ece8e12b2573e95a4ea7eb785ffc49cd2f138c89279d94 |
| SHA512 | 89b297de367c4d5c4543ebdd35d81715001ecb3de37d922d14df5400efcdf3e59e85cf0b80a44a6e52985ff09907a92f12743a8095e437d5ef117730f3ea49f5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:44
Reported
2024-06-03 13:47
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ffcb0aa523ae1493b82cd2be8d4791_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fe446f8,0x7fff1fe44708,0x7fff1fe44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,11777346692492562662,4254762035993420691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.motherless.me | udp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| NL | 185.94.236.246:445 | adserver.juicyads.com | tcp |
| US | 44.208.124.139:80 | www.motherless.me | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.124.208.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| NL | 185.94.237.74:139 | adserver.juicyads.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_5104_GUYFNSNNWBOWUBLA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf2599b361fa94cb619971df8f5fa068 |
| SHA1 | 77d2200440054336bde811dae150bfd558396c4d |
| SHA256 | 2956f4b071c7ec8ad2f450058e4ab9f8541ab09f69c6249b4b3f5a25b54d14bc |
| SHA512 | 1a04081e12619f693267ed1f2a9406787d62b247d387b8970bfc8cc846f55a3ad9c7b4f41a4a3c7c91aad71fab3f3fb708e07ee4166ae0eaae3a18ab38c7d89d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58817fc4e85c8c104d23cd5b31fa48d1 |
| SHA1 | 4841ca45961408e84e2cf0a317a26770b0490003 |
| SHA256 | f953476bf2b2be921333dfb13bcca9aa01665330be25e9f0b2749753beeda819 |
| SHA512 | f414d54135ae5300938893d0cee063484f52179b2c730e95d1dfbc2edaeeb79d64fbffec0ff85677e0b5afb7939d681924b942fb4a7c46371ffeb18cb49e1be3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 762bb7e4baaf4774bd86af78a0456781 |
| SHA1 | 70855704c3e26978f75abf6edd23aead802bc5d1 |
| SHA256 | 70d3809337daea29cce756ddd28ca27236f055502fb301a625ba19eb60b2ef2d |
| SHA512 | 6477b14d1f79cb9cc3d7442255a18b7e53550c080db0b48e1b20f54ea100b22334298255b71aee6bac1bf9c35a3710550c0c5fe2206340c893d13cd01245d980 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |