Analysis Overview
SHA256
be049c988cf8b19e5946383f7b02952f0375bcfbd1bef9a1b889ef894322b2a2
Threat Level: No (potentially) malicious behavior was detected
The file 91ea1927443b3c0395e83f521955e2e8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:15
Reported
2024-06-03 13:17
Platform
win7-20240221-en
Max time kernel
137s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069d212cff8b63843a8d75ecbf69216ee00000000020000000000106600000001000020000000bf06da0da08f6c342c8c43265f32b853a33d761b07a535be6fff4b4428c4f9a4000000000e8000000002000020000000c32dec6988a1170a30277ed119d8948dbddd33b43bbea8e5070e5cd782310d3d90000000c63245f3d0220c4ccc46e016909cbc0d025853bbc1750c65cc6ef63048a425d14d932dad9e042b9494e5b5d9da654b6f4fb61c2f7adb756f8d58b2f20afd687018e138fa7bc8efb0f89f0168ea0b10d50045dc0e612fea4778bafbd248036721e3700aeb709e009aa7f32fd1fbf4546c0a79b5ab858b2298c8cd343be11875217f194becb2ec0ec49a45d28f9d2c7a21400000007e68ae6468cafed1e05ebb80c57cc0b3746cfa61330ab76a4772d50884243d7687b4f23d798af5bbc47a84fda370a4abb7ceae2a0cabddeae1d5b6570f1b6963 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bd6f66b8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582386" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069d212cff8b63843a8d75ecbf69216ee00000000020000000000106600000001000020000000af3febd4405939102ae7aa8aac2964c1d49a25e9f0dd70e8a8921ecb51a8687b000000000e80000000020000200000009d95aad81a21e53b821820a8d21498f6d98ab4c72ca73a9e654613710fe355132000000059195356daa1ecaa92e1b50a8e727ec6d1af6474271a4c9d430f731dc419c47c4000000057c9ef4a400e3fde92ad2dab1a49bc0c2d5d944e2bdf85b7b2598cbb5d785f9650caf6e9458a661153d1d5d091206ed72763915ee49e5762e96ac937a38f3cbb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{522FFE81-21AB-11EF-8414-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3000 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ea1927443b3c0395e83f521955e2e8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edu.cn.qojtnl.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2168.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2297.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fae519a45ed81f9231c6e81e70d2ddfd |
| SHA1 | ba07f43a7089159c7aaa0c01a36a1d43a8fef245 |
| SHA256 | 33886e0f3141cbb0e69624593c74ab19f9b9a9bcd4221d23bb6e39276d298b26 |
| SHA512 | 8e0033faf0bed97e0379df96011b6203b4ecaa138296db5e55e83691d0c3194453be17ca67c20eea10ec1556a2f3664a4cb8bdf438e4fd94788a10b6cc2ba30c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40b9afa18b76447133a1e04bfa21361e |
| SHA1 | b80319546eab70f8ab3ce3add763640abd1ee6f1 |
| SHA256 | d30de85716894ef22a911a21039a9762b9fb53d119597d8f6307cc7afbce856a |
| SHA512 | fde813aaf6451548578ed67c0c4df2fb7113ea26c824bd5ecc2a7f1d9036f1ad1c877e7f30a34bd116b9e90d37cb81fb2dbbdfae8769b8273ae9b579505e3748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c5fb79dc3cfa570022981105f95b6b9 |
| SHA1 | 8e39b09fa875f004f880aa9ca1b4bcb62ae8d9ed |
| SHA256 | 3c4d3010018c8e33f5a5ab106593ac16031b043630cfb93637addcc42a49f53b |
| SHA512 | 68fb6ac8c196766070c35a2f747bb5d93ca70973c261b5f3e5c8189ac20c191420240687a5186112721b90702e5f224fd453ee9fcaddecd860a6390becc333af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7579b893f4c30132ebb8bf53b3b98a5 |
| SHA1 | dff9532634ad77732e65ba0c73433e20b2ec2f7e |
| SHA256 | 1d0234559bf9373f0f76032975402270ffc5b749693bdb118bd5c5efec0070ce |
| SHA512 | c25d905a391b62b29307699cf4fd88dbd889d3f54d979a286e5a40ee8a40cc00acdd084796f76da54cc61b0112514ce08ca64c3cf0557b0e7dc024552206ba2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14133064959036e001c2b8deb45f2b28 |
| SHA1 | 247eacc763373413d6ffde4efd5d654e7215e9de |
| SHA256 | 3070a389329932a137ca27c0e92b322566dfbbc9a4c0db4c2ce6ca3dd69b64a5 |
| SHA512 | 18e15c44c2363b1c3674c068e087b68e760f373d078dc41f264f875e549cc4f121c4b4e03e3a3a9d72872dda0b4ff30b28a123dd99dfbd94b647e8a3e2217942 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22424f62583d8db054f270824bf30568 |
| SHA1 | 6962f5d1b490d18919c2573e67e02738098ee988 |
| SHA256 | 74f961db0126f3cae6e1112f5d828d85cf8d4e520ac53b3ae99f5c7efbb45b39 |
| SHA512 | a319c67ae8382a60220ab1402aade081e5b99f04015a39b65698fddeb7575c5235ac37112017d9f6269542cde110ae0fa32e56fa8170dfee6048ba7ca948336c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa600cb04b00091adbe853e11476b686 |
| SHA1 | 7579923f89b743a597464305ff17e723c214a657 |
| SHA256 | 1f94c9bfa7b264a948b10b295708d5f214d7ec0f834a672cbd928254e24f6b85 |
| SHA512 | dec86ccda83c1e040c89f9eb7f7216add6da72a7dddbb05ba9cd7e39b3ecb14b68a404937af5d43a633c3fe08824079f88444d7dec20ab5912e155309bcc6e29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 984c35b84828b8d071d5fc6601328cd7 |
| SHA1 | 5aa6018cadd2abc530d771128b07949ea767c1b4 |
| SHA256 | 0ca9d6e3aecb244e5a7b5b3116ee0de1b05884742b79eff50780bddf1b85f071 |
| SHA512 | 4ccef394fbb8ac3668c6262a6599070aaa4e152d71e1ac568147841aa273d80c98740fe529aab55fce69d2a92f63a90a1ed7b89b44cb6a11189f6289b3e9f137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32599fca48821f2ed6b5fdd99a3d4684 |
| SHA1 | 41281b8789ccf9d687cffd7d5e5803d71db6a66e |
| SHA256 | fadba187236c73dd068bab97363e6a2be0501e81bedb92ffe6a08b7e4ffbf182 |
| SHA512 | 1cc41beb01ae58bc5df7ff8b483061204276a41aeffcbdc17cb2ac983bb273714dba0f90266a51f9a95e26cb99479f63a3e4e3212274ca383288d7f202f47711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 732aa0969bae5397391cc4fd726bdadd |
| SHA1 | 2f7a5637b6d1c09bb92c7f12e792afd490ea0e6a |
| SHA256 | 9115abd24369cd96b513a449a080b9672d4b127af60088f47a1e12481ad432d5 |
| SHA512 | 19d37a3c351f6bc33ca59ca1408789ac2dcb6fd5ece317206617383ffe39d12b1aaff6577688dbfd5ae9d03cd610603ae9205da2586c1771be4247de760ee62f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 526928d5982f4ba6fe180aafe827214c |
| SHA1 | 6ab58b581740530a334d900deacaef9f52042838 |
| SHA256 | f8d7e99de694bd1eef21779603dfb2035783a72fbbdda419777ec9a33cb5efa3 |
| SHA512 | f0011158e39ce1a2a20afa9665d3eed0ecc9bb4cc33f94102efb6b997c40c1df5725cab77fe0ccdc4cdfc3fcbbdba6655733234e82db7b354fcf4322f6904c90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebb74a3eac2705a71f39eee1e1735541 |
| SHA1 | 5f196ceba79b261968c41e23daff9e1d2a72e503 |
| SHA256 | 8fb70a202410d9e0d1cae2197a3752b8e182c7a4bf264cff64972c9397276ee1 |
| SHA512 | 440e74265f21f81dd84b53cd8b470a3d3ccaa6f32f37d52e05945779bd5d9b5a9113591f418303654fbabf2d2039110a36709943d2f430155cc3639830403777 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eba0a440d48152e0842b3e0c6d90ac3f |
| SHA1 | 44ddc67dd450cf74e6e7b3fc14748f6441bafd4f |
| SHA256 | ac4bd75c3a382a038b2d9102b3b636780f56fd1535e0b7330971b99dee114466 |
| SHA512 | b7409d2ab18005056fec196830b6b9879a7511ce30381f062f199e3e2198cbaa89d1063e8a870929b08112df61bcd5fc3674c0676e987fece5de379fcf7e4c06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9b5f7c92640e7189bba5b267fe4ef54 |
| SHA1 | 191c3d5746696406c1d9da08282dc18ccaa49b59 |
| SHA256 | 2325ccc66c4f339b681a8aeb166413e6f85e8f2144aa363e9223010d7c2d116e |
| SHA512 | 6241d5ede30cb81213c87692326b79266affea047dde0275f3c8155158154d8fe4a50f96b95cfbf4b1cf4625135d20a76294188fa76d826e8e2e3c58e6be0c52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d0c85dec6a5d7fd830f4dc5aa1dd68d |
| SHA1 | e0b84b48c84f5eb41851080e5800b1749b692df9 |
| SHA256 | 7b4a2e78f81b066bcd663bafd59693faefc3c9d1bd44b00a0cf288125abdab94 |
| SHA512 | 207db0309ad791b7e2d6043ace09287b1d1c915bcd91f456e48e0a123ae1f1564b9a26af7d7e803744900d6f585e88ffbb1b5695064b7dc1f93f1ccec6b77413 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cde752a47c195f0272d928decc85b3d5 |
| SHA1 | 9d6f55f36f26d39b220e714de917d676eb170ea8 |
| SHA256 | 03d32d1f7917c68fa22d3e020e030946293552532cb45bbe473eac974095c4af |
| SHA512 | 1e138cc350dd3da0a9e52ea7a4d5074f45fe6afdda650fa8885e95737b66aad51d293e9fccdcec9b6f605c163461866e406279d0f500fc3f5e5644e3b5e80347 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b16f304f74346500b464196000aacc8 |
| SHA1 | c6e2bbf901972f4ba0d5121885063f9cb57bf98b |
| SHA256 | ada3196a11c36cd00da320030adc0b9a59912669c18742c253dabcec91e7d1a0 |
| SHA512 | b77579ea0b495584d4be424126d33c9fb8cf93d7673d495ac114ca235be11042cefde9cfd2e01ab714cd9038006652af93b8dfb558f68fb9901777dccf6f96d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc69a477969e7fb04343d9fd43d03ebf |
| SHA1 | 101a0e931092ee7e5c68c0d7d98bc8c2e624a6db |
| SHA256 | 43970461edd905ec48a475fa393975685735cfb0bc01d5835bf4d3bb44b0c1c6 |
| SHA512 | fcbbfea7482f5ae346f2702c65649a96d8c06a4378af4946f8e983c70d4a502a878a5a5b702c20cbb95189c895f1e5917b180961d58e2a20cb485bec99fd6d1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a07ddd4c93c73b2b3b994a17a0ba1c7 |
| SHA1 | 2156ccafcd6f40ae6c5951e97ef3a0693d4544ef |
| SHA256 | d2867647ca5f3730c207cb2a80e3997f9ff6dd40dd779d708e6d92d1bd53801a |
| SHA512 | 9dd4313dfccc735917f3cbf3c78460db0835bb7895dea1f9add5726008d9bfd415206ffeac314c74293464d74ca77a1ad84cd5bc85d50c5ea85f68d294248985 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:15
Reported
2024-06-03 13:17
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ea1927443b3c0395e83f521955e2e8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11500934091754892527,3631674394927424066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11500934091754892527,3631674394927424066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11500934091754892527,3631674394927424066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11500934091754892527,3631674394927424066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11500934091754892527,3631674394927424066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11500934091754892527,3631674394927424066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edu.cn.qojtnl.cn | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| N/A | 112.34.113.148:80 | tcp | |
| N/A | 112.34.113.148:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88b600825d02f77d141db1c9842dd714 |
| SHA1 | 37ce21b664f43da00a70d4fd6da0c436f0a99913 |
| SHA256 | 9b6698e4b501b5a29c4337d457de2d2ad4a603df9cb9af83246563235c90302f |
| SHA512 | 49858e42a79cf2a78d67fb7c1545f5d54a6bc7dae64ea9ec924332f74c6f5436b62ae5700da71976cf9abe4c3400ffd9972bd481309a97031a77e3d802c17172 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7260ec260b26de24aa7445f0bec12733 |
| SHA1 | 894fab9a8fa57854ee36bb57d8484398526298fc |
| SHA256 | 8ba81022f9c03a8c04a77615021ca9c524263fcf2b2d3dbfd0a344587dc70549 |
| SHA512 | 2051c955c9005d5c66827cb3b20a762ede8ddc5b717408e00723da8f6fcea2c9529a7c29bdfe6ee735abf6602cdcde9ac302a9df49bca8609b295033044a630c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13be8456543d9e6aad6356701c8b0bd8 |
| SHA1 | bbb2efa68a77dbfba3fa97dfd23df4c7a723f658 |
| SHA256 | 14c7f8569268154321f71f66b5d5a03a69f055bd5b49825e3171379b5775af23 |
| SHA512 | 9dfa855ef6ca8f9c071d50bdef9d24f9fdcb441ec2ab8c7698d46a1f63950cb901f166e6101e65651f3026d50c7ce19e298fa3225fb84a20582528b7797b8448 |