Analysis Overview
SHA256
3ab658509f1b098614b54b451d61cee0f4059363f33cca6ad6c652e31efe3a9b
Threat Level: No (potentially) malicious behavior was detected
The file 91ebf8db489978b7e79fa7e7f758d106_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:17
Reported
2024-06-03 13:20
Platform
win7-20240419-en
Max time kernel
135s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5054e675b8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000014d855db1a80fd146b2174ca29feed585f4b6daae11919c79197a7862ca657fb000000000e8000000002000020000000ef39e197be76059fe072ae7faf41da6ba884fd9c6a1469c95491f4b5ea9637332000000041ae9bdd1e2ef43ce9579e81f505a6ab53c5c870ec31a82252411c32d09cd5bb40000000a4479c1dbb199034a6b78d68ffc8f17c4d6bc4383af9620284947ccd13148eedc4019e67ef636b94f83e10550ba83d6e4f6b4832ce243e8c9b8d38bb00d56ea6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582518" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000063a20f09e9bdddf47819711206c2035538688f19a7b77d7f514746730f8c26c2000000000e8000000002000020000000a139fa500a929c458d1b7dd329b872582917d46bacad65b5d35e28333f928bfc900000005efb3b0d0fff209c02ede213b993c402405a550dc97d3f4d2fdeede9a37c853e8a93db4862948345554ad8893f2f2691f06f0df0bd844c2af7151f99461640958697a5e64794e86e1ab2f42bb3d1194a6845b7995554149f4096414939d64984c50453f517bf53962d50b603d0241aa2d913eedf616c06f69d0cdca12999d0f4fca21517f85f581234fceabcad68aafc400000008e2288504300d68b2c4afd13264ac195d9f6a692bf0822c4f567404aeffe607f8a5aa73013a4337d0d86080fb41f0b17c990f855a290826f77abc5c5d4dd66f7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A13A56B1-21AB-11EF-88D8-5E50367223A7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1516 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1516 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1516 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1516 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ebf8db489978b7e79fa7e7f758d106_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1516 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2B48.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2BFA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d5863047fc9503e285e69e23763e01 |
| SHA1 | c9423f61f799b4f432a6f39cb45c5a228ae04ced |
| SHA256 | 8a5be87df39403a66c0a9d305a9c877d0ee61c9512b1ab1c51f9a3fb2a5f00a4 |
| SHA512 | af1998af5999e7ed2d3c5cec9ef0e37e128d2410d85c609c123be1718da504bcad6078bdf73e93ce5a674d87909c37b845dad79b157ff1387ce601404cc221cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d16bbc2c74bd4fb3c6225d23ad58faf6 |
| SHA1 | 38917fb600dea24b15592b14524fc06a792bcf28 |
| SHA256 | 365d683f81eeb2cd7591a2ab5031acc57d3a2d1a9c4decd759e92afe6bedbbb5 |
| SHA512 | 0e98712ffd01c62a395754102f993bc6b2baf0be52242bbdf44940e8f2d49cb94ed13d80a456154fd79f6fb099d62d1eb469be1ab76cc169d446a351a264cd6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dcafad832a88aa8496a3639be0cb8e6 |
| SHA1 | dc8c4e4b484e7a42545c6f43a8343952460f086b |
| SHA256 | a3148a532382975549dc34360a7a1e6f38aae76735adcaec768eef88d09d8e12 |
| SHA512 | cf49d8c9e6fcb2dab4e02d63d8f1f22ca69c3a56087ec0513639285cc9a0a53567dfc777dc000a9a9d5c728f5c2439e686d80889ebfd0e0131765ea51860999e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63a93c169f8ce43fb21ab076bd2b18c6 |
| SHA1 | 730634296d8efa1997f10fa40779f0c4ee6a0553 |
| SHA256 | 680cd1c81a70ceb55868d2e500ec851310f3a4bed387754fbac8ac290fab357e |
| SHA512 | c1ae3f095041ca5311bcabc953954b6adef8c5a435de8c855487304bd1363c623ac02977306f0017d1005376a6186d4ee352c051db85e76cdb1eef6cc31ac30c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f69b53021afe0a5b0bc388374088f0c |
| SHA1 | 371100fc0ae40d6cd76a6f4dc657885923f959b1 |
| SHA256 | 22fd44bca3e1e01dd42c85d1c41013e86d15acbdb23f7a5864d4366518865edd |
| SHA512 | c5bb7bdae0195fd17be4858d7baae22e027bdfa4aa1ce6410151fc8ed2e708787cbd21a60716803fd3645bd69e0e27181b6c22cd84ff733e85467db0c1f11fe2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bfbbc395e5a35d783e2f0f44ee5eae9 |
| SHA1 | ec3436e1ed7a24a5fbff8df0b9b27fb2337b8861 |
| SHA256 | 0949996308d2be0912d10312466eeeae3f95c8f9cd3773555d031fc1db7f7e4d |
| SHA512 | 9817ac98590a9ca0e0c3b830cb67c88e26823dfcd19ae12a717887bb60809109b010a3846ebe0e523a07913a8e4b9a9b296509ec6d181f962df09f8d7bac0e6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8e55a744dc7387ffc2383c392c7ebf8 |
| SHA1 | 10d2bb204c7c57480d22d3f3ead61b11e1522741 |
| SHA256 | 100fc2d5572fcd77082270061ec6379bd681126c2477d0da3f8546370d54827f |
| SHA512 | c2f63cb4d5e2e8ec3dda0dd4ab15ef61b03e83c16122047617af184eed721edee1e3448ac18b06752b64230a89c1a5ad33db6e025f327cf75e4cead8d9bed5d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8b4ac0384b14e9a859067269efc07a |
| SHA1 | b4a4538851adb919560b53665310ecf092053f91 |
| SHA256 | b38b13efb9f0c62c5e2e1c62567e5d5132f1c308e58f83aaaa0cb59be6b843da |
| SHA512 | 9ec9190b17b265c3bc7c6c68043b360611cdf250f6a237677e1f7fcccd957409b2b43c017535c2011e3febaf87ca205cbc8e6ca73f3d9df95f9d6d1af431af3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 228270f91d3c7754327d02ce39642a49 |
| SHA1 | f69ea0dbd3bb5ee997775af270050ea34e00524b |
| SHA256 | 222fbe2f57e07e099605116f8fae56280e92f7ec15ee557a514721ed8975ce35 |
| SHA512 | f8c32e1fd0a4a49ffbafbc150ba48e0ac0788165c9d948e6229793b0659e2311015b0689a34e2c2b461d1c103f334785ab8321875905af1ee9bece62e8e48e66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1de7027f9b564167718383e58b0d7dca |
| SHA1 | 9cefee5c05d3c73d6cea6347c170b3b607dfed27 |
| SHA256 | 1aa41d217395e2d483d4783084b465e0d44b176c0b1b3616c33f8b7bd4044485 |
| SHA512 | bf704db57f8daa96d14b343ed2f7e288d34342e5f767e67b37a6d1f5853e55eeb072d486a1b43c11c8840dcacdd09b4bdf93b609090852cae1d111418cb78114 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc816d42cedd410883f17539d40e7ef |
| SHA1 | 235363211c6375561d540ca112980d2e5e00c923 |
| SHA256 | 4255e6a460474e430eaec9c91aaa493a076365f841d54be47f51df0a79b8557d |
| SHA512 | 6cb57d9f5b0233399da87d9430c9a2ab7df91934458d96cf94d23cc5e2d9f333c64b710880eaa305f2d818349fd36b485986a9bb041f19f39fd1cf08d3513116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bca7e9279024b1c18b42eb8a32500c43 |
| SHA1 | dda100809ee233cb9cb38bd0ac05b88975e70c82 |
| SHA256 | 505c58b2d8e9fabbca5e61d6c9af4fd624bcbff65daabf8a2ff84ddc7b3e865b |
| SHA512 | 79a1cf038812f881834e3c8af524895b7e0487602ff46f360c9a9b1b507024f24b79859ba24918ded950a36a084115173a6d1d67b47fd5c7490e830c931ec379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8fdddb0952de55924ec29800e3a968d |
| SHA1 | a88ab2836a99998519efc3e2b838936b30520363 |
| SHA256 | 7dc532530c2886f8d297473deaf4bff32801b8b468d1fdc316af4a50ff2dbfe6 |
| SHA512 | 6df5c4cebca7d7d2023db455950e29b5e616d795de348a9ee68f708e317faf168a372ad5d4677b25be4e651afe75a3579b8f4dcac7f5693fbb4d5658a5c80eb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50451ed70e3237b47dd98552cb0d9bf5 |
| SHA1 | c8ac4cd30766c55e015f9e34f995bc488dfb8af5 |
| SHA256 | 1300c3acc1d777149208ba552f57fd8df3a4d15716c453d441a7cd780aeaac07 |
| SHA512 | 227d46bdf4b0fbdca4531287d588ab36d4c05ef5484015449f8066540b784a1701b84076c08fde253a5c2461989cea37654275bb8531d7a4a2650f223256fc12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5042689ac7b67432763f7f5904b81f57 |
| SHA1 | 689b0bda06d49d2a4bd3002077eb5a768c528fc1 |
| SHA256 | acffce110c0279804df2159e474303e87438c4874e867850dcdc068636db56e3 |
| SHA512 | 6ca25c285863bd000967c18892fdc2f657b9dd7627360a8f484b3fb5ba7dc144da8edc9c1368fc3a29a16a976c99ec463dd68b59a2b3c11bc87d3246fb8b64bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43b00c9741736392e13f2d4430d7aa6f |
| SHA1 | 37b6380c3e4b3c0641bf7f4516be7a3f7c13bb43 |
| SHA256 | cd78c43106e91fa371798197d5df0b25dbc4075493572f87906a7489133368cd |
| SHA512 | 28874947f4d325de302aca978e81cd354a4831507909f5a9e6ffa0cffa855a99747290404f40f0641042c5b246ea447de2ce062ffda7b64f3e96b5980bdbf02d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9863b025b7a629ad4187b5f7c6928398 |
| SHA1 | 8030f2d6616a0a07ada69a48e2ad6db48291c5b6 |
| SHA256 | 40b5c95eca567b17144c93fac32bbd0026934ca69a401a435c285f02aa2fb708 |
| SHA512 | 88f70080dc1fa8b3fce060240d66f65e6564969f585f5ab3e020ae1164e761b3d4c6537a7ef6dff2504040e080ffb1248425c2fa660608722f3c2f93e40f8bd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bffd8c643a36e392420aeef935c8294 |
| SHA1 | 4b8483544966134dc0fe401535c6cb4bab100e3f |
| SHA256 | 07ca842e6d10403e99e216f074e9b964994d4c903f3488ee82b8438dbe9e9a52 |
| SHA512 | f931bbaea5531af22e995e077945f7c2e2223f73e65fc3e4854b742335c4e0cd0e274dbdf465ecabb877baf72fcc68e2de969d1e5e1b9e5f11c1cc8ebc4714c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 514f7209384553789b75860e065426d1 |
| SHA1 | b557d2b6a84134386d891d0ff493f1a7bc982b10 |
| SHA256 | a941a65837fa4e4bb96dbcfe156ea9ba2b7d3ee97619be0fd404a863263e1967 |
| SHA512 | 88087e7f488c2668725eea8e9a795a1689f8a72cf12916182d96401ca83b0c75cff338c0d1953476a2fa5099dccfb6233bde350d9d5c2ca59ceeb069999ab107 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a10cc2f6a45aa0e54c2bc015e0a81129 |
| SHA1 | 662493a911769932d52d2d6524a4b12702536912 |
| SHA256 | 09c90dc85a1764f0423c5935572aa6bdf03587e6c18d207c9701261296531fbd |
| SHA512 | 5aee6410b946bd0cdf5057474fb2f1187f3003cbcd011d6736b9bdcbf63aba508cff15e7cd60ce311d4dbaebfb4e916724dbd0fc8c606248e6ac9139d83c0e44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2167dd3b738ca05c234590a94b658721 |
| SHA1 | c2fb2d28dd34b8dd80cf460420056e94be1aafd9 |
| SHA256 | 78d94ec31b43b9732e9831adf209f4f433d31bcd9ba74219e760c6cbf4c64845 |
| SHA512 | 353f00da77c310eb5d5175e027692ec31098137d0193ea20fd9bf49fe6bdf97805d1a9f4305aa0c76c16fc027219b54893ceae61215c27ff7caaae98bec8a853 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:17
Reported
2024-06-03 13:19
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
129s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ebf8db489978b7e79fa7e7f758d106_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9950598724607234002,8772256066004481706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1092_IFUGOWYLAAMYCMFT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4719b8d62e64428247455c04b300b2a5 |
| SHA1 | 81b9ed17c8fa48a2caaa4d2a85f488f29370a48a |
| SHA256 | a8bc6d1c53696b1fbb4a3aff803ed780b2b5e018a3745b56aafafa6a9c45801f |
| SHA512 | 81e2599d669019f3c2505d556df8e881b15e1be40bf822c25c71c1a814babcf7b139dee8ceebb554143d375baabc3f30433f3995b5afbc6f1f68803b396fafb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f041708cb38b6435fc83227810b93ff5 |
| SHA1 | a48376cfc4910223d0d39adc389cd96cd845b0b3 |
| SHA256 | 4b900410cc59cca8bed3095dc7f88e13e1da2d69ee525484719a60de115bdc98 |
| SHA512 | b3919469f1827093c8f2b4c82354e5ab0144b645a7189f1fe38cb9aa15f3a816ed47e176a534d5292621c9f977826addc799b486f0e2f038f31286fe3b8e8a0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe4516db84892a061246cf5badd9ebe6 |
| SHA1 | c8dabbed0270d3ec04015fb0d382913534372517 |
| SHA256 | 09efa320245b16372742b79e3f1d767e11ec4f6c3b4aaf51787f714015035f57 |
| SHA512 | bc19bae931f004dc8aba9c8545d29d998f03098f8ff67a983de3f6f2addf60017e43db20aeeb5a89d8d8eb460f18d699e41933f6c85907d830fc7ecb32c9be91 |