Analysis Overview
SHA256
7038d501333e0188c6efc6089e7b4a7437356d8bac81d7e130ce9ccd644bef8d
Threat Level: No (potentially) malicious behavior was detected
The file 91fe4d4ed187c78508b57f04dbdf352a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:43
Reported
2024-06-03 13:45
Platform
win7-20240221-en
Max time kernel
144s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423584075" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40D58841-21AF-11EF-B2DC-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006ea9f9ee4f8b524aa0af0be9822a9f99000000000200000000001066000000010000200000002895e1ab6c2ed35f1a8bc4e9621b30b53c046d6a309eba67cc105a353fde9c67000000000e80000000020000200000006a78678c9c062bb0b899d3e1baefd1f87f65330a14045b81af5399df633b10d59000000014c309f550ce290bc6db2e792c775b175872446ccb4784bf74f9da2b7b4b12f6bb85c78bea484babe2ee69ca97148d12c891db549c9beb50a85eda150e3074c47b59a48c3d7dade63515670f8c26496e4cf65ecf7f48af5c9f1952dae23bedd6c0e51a0cc097790747b1ae1dedca450c50fd69963cafa1b581cc326963bb0c8cceb20a632432087852f9eb0bbb949983400000008ce04d19de94b5c2aacf9493190ee7336f37b188b0ec57b9b40010685d13f7465750f4a7e2de8a0a503e5e747bdc640a4e11d9ded12df89503c53ecce850356b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b71459bcb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006ea9f9ee4f8b524aa0af0be9822a9f9900000000020000000000106600000001000020000000e69560f1954efcddada3aebbf6184e25aa31d82999917bc63c2241e6b2a2a45a000000000e8000000002000020000000ec4c47b34992528187c1f951bdbfb55087fb921c684dd46552c628dd215a5293200000002ffade82aa7d7bb2b1198e088ca3e365903c01b7a90040aa83b2f02ccccb5ea540000000fbb2b5a234850e64fe995639b70bc83392e31ecb994b02a679c684df2775d316134a3fa0354fd734fae1ca602b7bbda34c9812fdbe560bfda17b8fead8899179 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2888 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2888 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2888 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2888 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 24m.clftx.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9109.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab91E7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar921B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbbc0eeea7e9745988ef1f1d7ae66063 |
| SHA1 | c0682e97f85d8f2dfd0fd788cd314f6eb6c37ea2 |
| SHA256 | f6d67bb7e5d7716bd691d0c3170ab50002af1d258a05d70061b2ed28610bea13 |
| SHA512 | da7c2fbb6c7855e08367a949231f46eabcb076246223ce1c35e5dbb9b96cf50bc17e176b60fbcd39c87b4f03b95617522f62692352da73ea4aae9c0ea13d14bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f3153e6f9221f21743ea19bcedf8a4f |
| SHA1 | ec808ee35007a5f7530b2817e3b56c980e458419 |
| SHA256 | 69c2facae31e4c5c6a7c6dbd390a9dba1ce508afde2921e1472510749ffc6f0a |
| SHA512 | 5cb82c58dce034c04d2c2e12c5824e2385a7b96986df081b3796511195d03ecdbbeca68eff529db03809517ce0fdf77a7f4449e74c592da9c83134ae876c449b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab8234aa581d96aae3fc6823b25866b7 |
| SHA1 | 830d1c7dbaacb8d43220a9f852f113a85a280c40 |
| SHA256 | 9b25e14d92e627da6848171efac5fe812956598240b7a331fc93e4bf96bc55d9 |
| SHA512 | b38169780b99fb7f8d6167ab34cc53df1016db726557c6fbaa4f8837a81c55e54893e2111fdb626b1fdedc6751ee0315c90d172616f12a413419ab32052c67d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7523474ea0ff1c53961618e93b05387 |
| SHA1 | c6144988b0178dc6844fbec89cc40e26d5ed171a |
| SHA256 | 42d114ec2a7a9cc96bb98967043b8389faf4506f03e40c146d633f34a57a54d9 |
| SHA512 | 6409a0a40106fc3257b353411172562b77d09f7ae7885d3f171da38cf03987314a209f46ec0b0159c5c0666362764e8ae1e10331ab8a7dde168622320176fd07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de4174aadc4a7d7cc649be1e5c99a6d3 |
| SHA1 | 39ba4327cfa5651d7bcbb763d0db40043195d425 |
| SHA256 | ea3bbea64e46f3e8e6882cb5593471377b772a2bb976fa0b6089a439d667b944 |
| SHA512 | 1a786104d73301859c6ac839009a5de5990f3700a744a981b249e316dcb3fc32d6c8af7ecda41e37cf833cef84d0d96be438afdc7d6c356b74556ce176e4b540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1efd3dbbd2e57061c0f4cdc60152cb62 |
| SHA1 | 27e98798b4206c992dd71b412097f2bce48ef7a2 |
| SHA256 | e27d65a25a36bfa01321ef13d162f439e023513577b257bc519742030e6140cb |
| SHA512 | 1cdf29c0bfaf59ff24c37363bf6a071a167e0ad708e9cb596eda835afd2b586d90d00b4812e226f7d8745fbf11c5fcda8d0a99ba60a9f998461df73f308ad7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | befb52e2fe8e90a4d4c8f02e78ff5101 |
| SHA1 | 9d3fd8ba504b0a54d9216c2873dac65160d44bee |
| SHA256 | fc32ac4f1c873913d460fc92a95f165166d306ee38c93db85321de36008c3ec1 |
| SHA512 | 6fd5f22c4215b6e26d71fd710024766c41611c65c584f3203390689d1d4f1b7d0647a5f0739d4688429aaa26c24bc26a4db86108a57ead9046ec23e05c912d3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a3a2be3a7ba0df165658da0847220b1 |
| SHA1 | 8ab2e53a85d48f8d230f7ae34d307b1af0207d64 |
| SHA256 | 641ce0910aeb039509d2508ee9826214aae2a31511aa9ba88f04768b31a99f7f |
| SHA512 | 4e9027c35dffc80f80e5cb2e0c47852e4049d48787f34c445c872cc921558a1cbef03d2df50918460b96805e60ebb77d27d610a791df0ea46b9600cbcdf94027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3407b41fa062e0ef9eda048faa66d15a |
| SHA1 | 54a16eaf19258687ec8a6f2c0d1e74a37947c484 |
| SHA256 | 078f3ae4017a727b640bb88e47224f3b9bfe5710b0e06a5281cd0ed03e13a03f |
| SHA512 | 1eb574e2d6073ca8e5b3e221ea198826da599ee43563c50c08b810ec6d10383aab2d8d68de4b9b24a3328490ebcdd12cb5234c41c3ce8ccbcd1fc6d9a65e75a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f40b99e7a5236e179b9a6f292153fc62 |
| SHA1 | e7397ed4c39d9ed940a303d0520f1611a4cd21c0 |
| SHA256 | 64e17afae66d9adb6159b5b8520540d889ad8244e58a62328c40cef24bdea9cd |
| SHA512 | ad51bebfc0555b4cf406cff2ad8a34fd9c072becc3fca8f8e2ce5ea0d6081ad721958d6f9cd77386965115fe458c4401459b18dab8ceceb43b9a00e264210f65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2405bc5c4195de8be5f4158db70010f |
| SHA1 | 731f2171fb044313c4b5dd5a0fe64e2426894cd7 |
| SHA256 | da6d662ab25ac5d8e6bd941c85b72efcabeaa23d03c322cd976aff24acbe3dc5 |
| SHA512 | 0654dc2accd2632e68dbc123ec5f879ea1300fcfc6f00090f6bc04f8ee1290dd62c91ce5f651a9ed06a9303f14dea50ba8f4511241e4118c5b2841a06a1727ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f53d2c5861522f35fc3abcff3ca78eb |
| SHA1 | 7ccfb9850025669a8733dad634f666fe1c12db6c |
| SHA256 | e1f2bd853843df55e76da9e10920c2cc5db53aefd072a1333a7316f400880de4 |
| SHA512 | 45949d8660d0eaa246d4d66d6a3e77cf33cb851f57d027acab8dfa0ad0c8ddce6dbe3c90af03c8efd3fc94a94ca68e628887177db46d3042ceee347d7370a71d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 669788c8741452b23346077c53a9f584 |
| SHA1 | 598588b6a183941f2945ee30dc72b948a9edc4b1 |
| SHA256 | 11b75fa260cc2c6c02e1f20fb15cf392761aa2d6d6fc6527ecf4b5c7e84355cc |
| SHA512 | c659cc2ec1063b46a9400d45e89fa279962e71b25de40b238e8fc97c627e81c20b4a07066c8255187d7f061962bfdfc3f5bd238d066d9672d71f9d8101858095 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23406d8d030a6592cbe5ea05876c7a8d |
| SHA1 | 08093f0ebdad208aaff5e06aea4050b82f2b8cef |
| SHA256 | 7b73ca0f8ebfbb494f2e20488aa3df1bddb76ce4e5acf0bb1a341a350a4f4862 |
| SHA512 | c25ddd4d67cceff7ad90e152def63a68dc86bc819627350547c59aab7380e012c7e6ec023aa6e7c06c88c18773adab809ea1da46d3f8df8e370f1b3af837249e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fe90cd9faa21aa875bbb0e5728253aa |
| SHA1 | 9b287851e62ce12a68c696e0ee094ec12ae7568c |
| SHA256 | d18f8b0072fca1a5b1223f7855fd442976fdd8558159d4bd57dcd54bc6ae244c |
| SHA512 | 2d01577f2115e90baaf49f562ebdd45af56d6688aad9549fb6841e2b392bb73ec442c6d0aa71b9995ea3100eb21cc47ad62f172e7ad6ab607fb97fdc7867dbdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35cad16b97b0c4a27cdc0e9c9cab2ca6 |
| SHA1 | 58b2d5e9ce3c05b2e5e10df8c2e5fc1d5341c693 |
| SHA256 | 07736ed0d06db09a48f4c2c4342157d676eb489d4e0a4d250d11dd4e5af8dea4 |
| SHA512 | 19c600a7f5b79736775d4c90b9f3ad2924fb82c285c673e8ba6854439dfc78aaa5734b551b7ceb420326d37e6833e6762d8fcf4376b8df65e2bc3cc1e6976afb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 352bce8c94f4feaddb1f1d0d063a4507 |
| SHA1 | 79f6a8fae2c7e9379f756c22199a9abc6a1fea54 |
| SHA256 | 89dc52e49094c1a12984075fd0913c8e65e80875dfe7f12c4782bda1bd66d809 |
| SHA512 | 9d5da6f0642cce2a47173903260c4de39717457db82d04b08060af08fd04ba99c8f865eb1e24e80cf467ba7c97a4478c775a7243b7ce92f512be20b95e055c94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3bfea364f764a3ab3c89a1e95551be8 |
| SHA1 | cdd708ede5fac423ddc5c5ac358972e224e0c957 |
| SHA256 | 24bde4348746b03ea49378dd3114588ea2a2cf93c31776434767fb9e4516d20b |
| SHA512 | bbc642ff2e3d4d6542bbcdb2bdabc5d694e0026c4f01cab395a190878063cbe3aeffa04eba8092cbc12dcd37fe95b57c9ab23531bf91016b95cf9440d989f54e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9af97b0aee970138aa0d537ab294a539 |
| SHA1 | 606b552483e4260f3dacbd1170250b794a1ff396 |
| SHA256 | fc91737ef4236e53830eee526ac954d5944c51243a05484d57ba6efb6495099d |
| SHA512 | 8f039b41f2778082f1747293a1afb45aab61a04aaacc0b5f15f5dc3228ecd822d827fcb9f20ae39dde49256e22eb3f5f86561bfae74f2be83ca1338c48d1986c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d744af694c87dc8828b38377599a83c |
| SHA1 | 9418af4d30c74b4e6f662d9a0de0ae3e849740c2 |
| SHA256 | 1469d776e142c4aa23118b155f57a61ca1d875087689db3bfbd37692e1e74b75 |
| SHA512 | 98a336f5b6a826afcb61a21e2d768fca4f44e45584fe977e860cfc2bc725e4e3d4093656f951ad092fc0a70c8ef3ab6ec415c3c1676a76103bf5c27f135f9077 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:43
Reported
2024-06-03 13:45
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12901480814684973602,11980584320068428930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12901480814684973602,11980584320068428930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12901480814684973602,11980584320068428930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12901480814684973602,11980584320068428930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12901480814684973602,11980584320068428930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12901480814684973602,11980584320068428930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 24m.clftx.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_2468_NUQDWKVVMDBKMUJJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a1a184d0739c8f22bf6ea036f74f13d4 |
| SHA1 | 8d1727e0fb36e822e2fa739dfa26a207c7149c82 |
| SHA256 | 19048d50dd16775c22a58132c78143e318671a9b5f849c632dbd3353dbf5eb14 |
| SHA512 | 48dc59adddbdaff7409bd105bbfa83198e12e57e6fcf3a4db1660056c9b86a111214fef268b3bee8b06fbd64ce91e139c8ee4c381c72e5ffb523b5b9f9c53654 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7707ea0d4c9d12321d15301f15b39dbf |
| SHA1 | a5be38ebbf6c2f01c71dc60a46a8fd61c3c446de |
| SHA256 | d950119a1f9f2502ebd975825ef55b12734e1ebe23f85e0b4eadafcb31f502df |
| SHA512 | 7e32e13299b1cc1350e96e983f97df3b02df627d044333bed2be2d14f2b04aa2b078f836eb501111f4371c07963d42b21c08b8011f09998f56d2b5c88708408e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 272afa3cbc5dfdff07e75afb8fb5102f |
| SHA1 | 0204b4bd116b38929db58095fc1bed06eec5c4c2 |
| SHA256 | 6b6a122eb65897195e5e26413a666de292ec7077245f0e37863767f7c6d19682 |
| SHA512 | 7964f6fd530ac47fc7a5bd28b606620c48276b3000a1233fde530d6874d23aba1a0109467eaee8c0e808d39e8401bd24aaefc231fd6f9ab97f769c1dd2a4b782 |