Analysis Overview
SHA256
39e3e0843fdcea8411e315fd0b783ed52b320092b5cc8d5ad5051585d2c849ce
Threat Level: No (potentially) malicious behavior was detected
The file 91ef1952a24e344e1b5e79b62c494911_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:21
Reported
2024-06-03 13:23
Platform
win7-20240221-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004dd34736b82a9840abed7b5693a97d7f00000000020000000000106600000001000020000000a65bd9a2ebbdbca8e996c9af75c1b7c24422ea08583f28cb90bd8daa1d162ea4000000000e8000000002000020000000d0990f306f70c3be629029c66f71b009b5b6e125d8846e68d124bdaa9d12f43590000000ef0d16171713804071e2bd54f4c1a4123249ddb7ef16734ad2f1a22bc1a265108bd4b43b02f52880d030d2f44856116eb16a9a0162b575b2053665534369dbe9f829c7c846eb6bd22fbea062b22a633a746f39e38eb2040d0a4e79dba1e0cb68467fb3733747767ceb1b9a52b14f3076924b1d456436368b309ec25dc2415cf09f2b6e3a350046c22e57000a65a1dccf400000006bef8f118203c37ca3e07f84552aacacd941fa47dbac0c885812057188de821615a9a06780a48de1cb90ee5be6de340dfa709bd0173601a4c05d0d01ac3a2a7f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309439fdb8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2493DB81-21AC-11EF-AB14-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004dd34736b82a9840abed7b5693a97d7f000000000200000000001066000000010000200000003a6d6185b1a5b41733eb1a871e6daec3a5b5357632cff5dc615d1c35e1eb08e4000000000e800000000200002000000082b64f1ff41268d64de335e99de911981b9706978ae46d70e0575e0741c34fd9200000007759c8c5c2660eb5b1fe5167ba126228c502fe347d10928ba8068e68fcdf7a53400000002c5005fae9805a292a14aba31bcad665e51013f682f8647ae06c8872fba402f9bf517e39d3623e2fa889ee636236233e13f1b92dfab1b895bc1e525c9eb1f6b2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582738" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1976 wrote to memory of 2344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ef1952a24e344e1b5e79b62c494911_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4260.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4332.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc8b131ac672931f6a0aa92dabd638c2 |
| SHA1 | 3bc7b1d056f0f569e4d004bbb582150f7f8672e4 |
| SHA256 | f432f7b89acd92905a1b87421f54cd05481683941da269e5a1333eab782e8e91 |
| SHA512 | af31a414eea833f049df3eac1a8d851b007cc1e7b02dc5218f127926ecad1c2632237e992eb9455a9074f413a34cfcc3c7c2134114a454caaf5a1a80a9e4a9f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4279060662caf8142fc1bd8e7f835ee8 |
| SHA1 | cd469b8a4c039d082122e1bc13a40204022dad1b |
| SHA256 | 49cca0038b77a7348c473a2b0221cd81f7ad665404921d2bf241efcd4dd65bd7 |
| SHA512 | 7d9f4cd01cdf572ca4b8724a2b743745346663562e627afb738df4efc891c53d5ae50c02dc6e4caec0a302ea317c3ed6c58257a2f095379e03ce205b677a849a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b95bc6c7ce9cc1246f59ec4bca6cc54 |
| SHA1 | 3abca02dd70bc64e713ab4ce7916c2b1d73f3fee |
| SHA256 | f0e3eac02ddfd44e7fd5acb972bf54e0c7d56c8711e1f2bb642eff5580293cff |
| SHA512 | 75cede179a8cd212c51d1bc2505e7eeb276791c93cdd7b58798ca3902348c4896b1dcc4e057538b23b3f48e27a3c2875d2c8c38cdd8029906dc579229c1338c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a5890dd7d1e806c0dce4e9b55e80177 |
| SHA1 | 573b5dca921c3873d773619c7c032b7efeea07d3 |
| SHA256 | 0443440886e5de4ee367572c1e406305ee99933f37d87321b0f614177d4dd8f3 |
| SHA512 | 272540dd999c824daf3a5938982ec88feb07efce96ee54e476bc51e0f79f9c1781b3c0835b437674aaecd5195602e0a17170c267ce0fe358b440fe19c866083c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 069aaacc3362384f3d490238ba14114b |
| SHA1 | 101ad4f615e3e727cba861da811844060531a14a |
| SHA256 | 4689367ce015665cc2b805633c6e3d0487877e015c0de7f49ba5230ca98aff13 |
| SHA512 | 09c06183740713180fa7923be26356f6aee23b74c44edb19299975c9de5b7039f2975826185d06a30b938b3dc6f0ff3cdab019853ffa8444276689d44f97ec72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47083e65bb49bfbe1f6144282eee8531 |
| SHA1 | 3ac72252d140cfc580b1088c219095c0dd9e3233 |
| SHA256 | f1fba0d60f5cc3f08a43738eda1c9be35ec12d1041403ffddd643fd4374542e8 |
| SHA512 | 305924ea741a3185242515ebc2b3e13270aaa7de09371560464f6848a39e92fdb04303dd06b20555b5a07019edf2ae380ffed95348ee3e0bd307816cc4ef1b8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef254c2cf50a56b25e3efa1041eba290 |
| SHA1 | da26cf0dc659649a5422180252ad57d0df3bb0c1 |
| SHA256 | 8ebcd14c0cc4685a41b7a38c022eca0ca3105ab695628b605412d776532f8939 |
| SHA512 | e8732feccf244b378ea4b16c716a47575c02ac3384e228fd1a1b213056c2405ab3daf9ef3b71ce75f3659544ccf6382611ea807f60042faf01b1e96b5e1d2d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf9adc32955771f09574c70cfaee2095 |
| SHA1 | 50888ec05d3c76e374369773582b5f1631fb1f67 |
| SHA256 | 9728c6181e6c656e5e77ae3e85ccb1c0c03bcc926727647010c2df6ce3f95017 |
| SHA512 | f2b18bafd63b600b795d23b6b8f45f5c875e95f0619a9fe68974f069f045eb60b54f2b7c73da126ffac1c9f097ceb932bcd08263e192bda019172d3be0864170 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e826add13aaeae014a3f4d4295293a6f |
| SHA1 | 08e4798ef9118ae7aa86459e2d8b5b9686401d4b |
| SHA256 | 9a55abd172fb93c281de861317829ecdced63f4dcb6273abb6f8be053611580b |
| SHA512 | 64005749e252b505b492d19436b96aa4786df20b6a4aba479d6a65e5fe860a28b4cae3989391c35d24b41d6feafba55b52b1e71a88929f5bab023ec87b420807 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95a05c7118365cca0a6bf8ddd959faf1 |
| SHA1 | 1c4d82c7b8c46418fc7f4ce38fe66c50e6d30f7d |
| SHA256 | 0c345c9e79b05ceb2f7f09fb13e226afc93f36fe7534c19d792c107364269102 |
| SHA512 | 933bbf4bcef7862b1a2621331dd14d9067dd49e60e10fc33e5e17571e9f00ca50916665f267e9658034bb004c8eebf64063eff3217e1812794ec6af12434a3ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 364537d419276c30882956f6c8ff89e1 |
| SHA1 | 4cc78521dff5dc0604331b6b8dcd7e10ee8fe98f |
| SHA256 | 4257d2251854f410e968e45b2e13ea539759e5c1e236bef2e87af820847264ac |
| SHA512 | 65db8fbd5914475d68aeed6c13a72e3fb0db28c1f72c59105511facf1c3a1ec79e90a02561f9cf6dd02d2c63483a4b8bf8f0298f53d6586ca9dc53d3770c4d17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea71e200b185c50d74b72fefe0984c73 |
| SHA1 | dc65f18eab8fa8d411779bfe4e8491c837bc769e |
| SHA256 | 84dfd7d1ebab68eb49d9edea9eec49ebb905b58db9784c82e86024d3f337344d |
| SHA512 | 4e6477c2063cc4f805781ff3a6bf6ed4497d404d98bd4620247c7f3724cc99c56192dcd7efe2b71077dd5dae2b35b2e4677ea8d0d12a6c6053a8c02d7c410d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e178b21aab2867d36d704ee9c51e4c |
| SHA1 | 70636f4e7c767ae9c1951bd77f0322948be04d8a |
| SHA256 | 07ad464f322478299870be34f4437221bbdb63541e929b4a808d104784f9ea37 |
| SHA512 | 57ec3611102ded8226ffa6198f9d6efd42fdb1644f927fc30e6ef077c047ba858f26bd81d080d7940187940cf8a5b6990a1ed6a46527e5a654889c5cafd2e0fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dc77761453eaffce1dc66af0ea3a019 |
| SHA1 | 0f9f9f4cf68afb004af6474ea1736ee4f30aeeec |
| SHA256 | d85164f44388718529146a3d80042ed6121b908dd9fc893492a90c27ee5672d2 |
| SHA512 | e621bffce49dddb47806694b5c33b808d22f022c70e401f925e4fa49dd89cd4d0a26535274b9783691ca2eb6c5e485be151b0a6557fdd5062be402032ee77ed9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da0a21a98a7df23cc8eac10f8228ef2f |
| SHA1 | 4f0f87c14f0a91ec366c88a68503381446c46fee |
| SHA256 | 57afb91975dabf8588f31fab5aeb4acc137bca786b38e4787eedb051774b6194 |
| SHA512 | 4cb2a8057738f7fae12ea5539aa8f443bd818ffa999543f2815bc914932078085393f2e303b71012f97aea0523971bd73be4384c1c190dba53f6124ce9b1f85d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecbef0609589a48e58d701f4bb16acc5 |
| SHA1 | a8ba712c4d785445d734e86ac2bf1ffb4590d0ac |
| SHA256 | 9bb9685c9f201a330a8cbfcdcf31b7ebe5346c2bd3aa02b0467d7ed86131086b |
| SHA512 | cbd923d419d33c548c413f35af6212aaafaf67e7147c93fc7ef62a968b9646b69eb1b5a3416bca27e515f4850922a30da5732cae176b1c52bb9bf0c9869bbd83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ded99dd9b5170d102a761b5b1ca00bd8 |
| SHA1 | 6b1b1f21898191a89d12abad9222af42936b5737 |
| SHA256 | 300f21282fb53ba6afa9b66eb89ade7ab50728dd7f6b4c496e811ad222317fd8 |
| SHA512 | 9e4d32bd4abc3b6971f2a42bdbcd4b455e0de6edd62ff6c13944fdadb696c9fcf5ff612ebe19acf11c64b6687aad3145d8c309698ae023aee9c05a2d9eeb8038 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97388084e525f1c6cdb9cee7fa2c5076 |
| SHA1 | e9e9cd2863153033802466832a43540d3448553c |
| SHA256 | ce40c41ec351d6a81c1a80ddf12d2b417d55d17336abc07fe7f21b7c6c7fedb9 |
| SHA512 | 28254e896e157389c42ff8f93943a22171deedf2ed8e7d5cc73e8f395892955ccb4757fcc61594b06365455e269bdc6605da80c286672aae307732c6a60124a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4903d9e374dc191df5f3b5daf153434f |
| SHA1 | 46751ec685f01fb93e0ae37d2dfcd7a0d4b5a598 |
| SHA256 | 339c818f8229e424461fd58533804a44dc57a1e57d21cd5d41b19fd9fd0ee412 |
| SHA512 | 8404eeab05d7ff5fc234e9d63fec5a2976f3c68706a382a96453cd0f3aaf4b0a3caeb83160cdf0bda5196eb4c19163ba9d766182abfe20a68e84c00c702c0086 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:21
Reported
2024-06-03 13:23
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ef1952a24e344e1b5e79b62c494911_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa088046f8,0x7ffa08804708,0x7ffa08804718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7020488959622518165,1171985941916509670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
\??\pipe\LOCAL\crashpad_908_UXXICYINRWBMRVLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c069e9d4-dd8e-443e-bbbd-2ac65e630212.tmp
| MD5 | 11c08b5172384bd81fe2fdededb697b5 |
| SHA1 | af74305380dfe35c7d2d193998a3e90e30d129ec |
| SHA256 | ff1c4318c117ee885710dfc1be3afa294c7e0c3244020901804a598d52f9d8d5 |
| SHA512 | 9b2738a1baf638ccd8acff2c49be98d2f954919d9eb892b441d099097df60a6b865babf8b72a5ded22af54faeb824ec11bbecd3b8477d1f98ec2ef4f7ef7e554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e134d2cb4d4076747d0ce7c38ec8381a |
| SHA1 | 21f09109bca435ed1024379d44d454c83ade3456 |
| SHA256 | ae74a08cdef264cb51fc469e860820799ca6c6a8396cf5e73e93ac99bcea2864 |
| SHA512 | c306ba6098044767e5d2ad137d6aa10f5dcc36fd80e6f6e0e12ef48eddfe7cdbd7b925d0af9adc86b200a937115b26ae389b9316815e42bd64793d017b03eb31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9261aae9a29cb0147032a96588d7f422 |
| SHA1 | e677ca0910bb4148f7cf8288192ba13ae4991dd0 |
| SHA256 | 9d295931870781e9481a8cd49bff131cfab4a4d91185585de2c4fc98199bb06d |
| SHA512 | 4dbdd4f4bdda256cf0e876f8e7395106f376aa37b468eb85683944133fd2cf836ceeebfaa8b80453a3fcb4599ae00af6b5cf4b028827966efd940274182b57d3 |