Analysis Overview
SHA256
a97fe2096f69ae7320e5557d83660842129e403425f814951dbd20dfe3357f21
Threat Level: No (potentially) malicious behavior was detected
The file 91f1cbd299efd0f712bdff938b96d626_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:25
Reported
2024-06-03 13:28
Platform
win7-20240221-en
Max time kernel
136s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f52ca4bb0949c34f8c8d5b3c5820a2c9000000000200000000001066000000010000200000005d91486290cace6e283e910f25a2c452c72536e122e619c4e8709b77f86bce01000000000e800000000200002000000003199336eb01b9895407d442ad71e3536015627a8c2eb3d821366d11b1d8751120000000368c5d46d840205e2323a1bae6d5aa167a076327cf7d140c76975d1cd2d2401a40000000e967af9128e9a4717b8a7a9424141b913e9d7bbb6a0655cd98fd588c50b7a2ed294923b47cf4b6ca66bbdf93ca3d8c76aa0959e042ad9b9bc91f53a617e02229 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583016" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f015569eb9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f52ca4bb0949c34f8c8d5b3c5820a2c9000000000200000000001066000000010000200000004bce9559e9e0a5366febb2008bb18469001f7209553137e15ad18705e48f8dbf000000000e80000000020000200000000cd58b4f07c6e42f608a2e66ae157bf432cb84b714472ad3ace3970a21c6b488900000001a05489f7a11d87713ce3b5809ff173d03d439134580a5b28bb88cd2ffdad9ca17f01655d46a09a96f9061d7e669cf428e5004b263f53d1a0bd14fb58797ffc0d02743444b8740a8b3cd56bbd2e9f2bacda53f8f4849f19bb48c47249d0a42b27125deb486d59276a43fa76fd1a7ebb6276daa877866e08c6cd9e591b8f1016d57624e88dc8806b3494eb7f718d790ed4000000082bf0cdc57baab9496b2d5f6a8b97db0f5d36d91be7525a928c3712e03f997fbd4f71b99fb12b74edb99e3a82da07f5cf4174547f495fd0a6d27c3b4eb586e02 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C914FC71-21AC-11EF-A336-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1cbd299efd0f712bdff938b96d626_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9CAE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9DCF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92c73d1d05abc10efffcfe4d9d496d9d |
| SHA1 | 11e7f371059091d02452a54cab46a6aa168d574b |
| SHA256 | 864b9ee7be0995e36fc9ab4b9fcf1b10ad22f0bddacdfb812415ad1a1a9fae0c |
| SHA512 | 4476c2a69c16b253e037625c3b037c39e3cb90e2e795555c4463a6d5874eb516e2e83d936c6cf1bf19ec2648931268f6de9fe4c9a78e88d754a3f06446233d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cc46f6d816f2ac984166efd3d92ba6a |
| SHA1 | 79c969fff54e5b749ea8eb5f816ee370d7f44e80 |
| SHA256 | f6b6509f1720ddc5a8d278c2c5ee954ca5fd18f6d67037b3413e424209826d6b |
| SHA512 | d79c7c87f70d0b7b36347915b576c597e8aab2560c4fcede3ac660fb41a6ae97a1e9ffacc72683bb14520fe5ab1647de1761d7e35f85c6aa357b5199bd5884c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9885c905d3523be51ba4ce347d5eb2a6 |
| SHA1 | 1e05cd905f2ee85fdac8bfb02c041d0651fcb8f6 |
| SHA256 | dd177c820028b6533a6a2305b3919dc2cb020903abbdf3d2e9b027bf87b00287 |
| SHA512 | 0abf6234d0d5a142757aa123fea7dbed2101f917cfc177a897d3dd8de74ea37dab1b14e7c834963e539ac24917b022a9427194985961b7394da931aa9bef6774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aecaadd36ee1b5536a2e4e2be98821a5 |
| SHA1 | 4c6136927d3238c7e029ae4fe0743807f0701d78 |
| SHA256 | 5102808f7c74ecefc6d77c1812d04043cbd58b227b177d685ecfa1af140a7255 |
| SHA512 | 2cab46035259170b3fb587b8e04479762dd4fb28c05a837568c736fc0e06be1c884c6eafe9d0567395d7ad1b07c9d52fb47f6f87a09e0c5bb85f2e66dd69fb34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4883e16f311b92b1da254b5414627c7b |
| SHA1 | f389e0b489d08276e4f397174dbc148bbaa176f1 |
| SHA256 | 288856dd6935e02ca214dbfe64116ada1ec3a6141ff5bbc5a337937a6fa4fef4 |
| SHA512 | 8bb638a7badedec3a2f38422af70f3bd436fe9cfc9415d1879086f81c8bcc368b512327e83b275a469f01e29a298c0ccdb519c044e21c05af6e87fb2867e5956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 963c4265fecac0c4e318acef4bf2a975 |
| SHA1 | 457cf11b20161e325593ff29e4a408b2064e64c5 |
| SHA256 | c9ae03097f0d44da28e4ea58bed082878303b0d75e82577cd1bd67ac59dd92b3 |
| SHA512 | e54c1c35517f1c600c551b07de513b3d62ac25b18c40427bb0e5dc77e0f53fa994f7c77928a1a35fe0bf787744165198de7179a0fa2f1df4037100d134591459 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77e9a8098b377f10aa4de430418248ac |
| SHA1 | c051e05620d4a8851d5d74169796cefa272741c4 |
| SHA256 | 190a6e835514b34e5dea3d251d3080fd411805c529b8d11d99f0ca8c40c525bd |
| SHA512 | 1520734ae3843670d865f81965b4da58a0d45fad928f55337fbe6cf08209a4c5eb9c463612ccfa8758a4444628c2d5bedc98c396ec50c43246a0a712a9616cc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3745cfba757753206de79f1df180c51 |
| SHA1 | 696e2001cae888bae05846a2db6f9a5c753a715f |
| SHA256 | a08389090305bbc78fae3f3c2217d5eea2ce4228200204cebd42f50c1506a0f5 |
| SHA512 | 83ad0993bb98266390783a979756304cad3e3d5101b8fef1dd65b54d3e2a62ea8f44c295e6131caf4f2f253885b5be1219ef40feb82805aff66517eeecadd889 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d131864700a7af855a7d044bbbc25d15 |
| SHA1 | 1d8a263c6a3976409fd553cc49399a62c8fb025d |
| SHA256 | 6a9d4992f3ea3f7e7def3f4576a3a1f11345abab63d730970b63a61a14418e25 |
| SHA512 | 04eaa23209eb48485f400081e4cde8cb7aaf67ec1531cef851620c8251306c7dbac7b2b45fe7b90cea0e0b643b47f9a4b1eea9ff3c99360557ac55cc0f21a76e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 081982fb765a09953d215e445cf534ad |
| SHA1 | cd2576d096ff7ce73fa2147529d78f7b9777fb2c |
| SHA256 | d5a30b9bd9b09c8d8a2a08159f6c3cba38d83e460d316392ca2bf1cddbca00df |
| SHA512 | 5c7609cf341d97e3630d82b6d1cb8f5acd3459fdc8a7e5baaf7b55a3950a53af418e25db7c6b7e94697e44b3244ee14e7e9d209c0131b9fdfd7d373abb7f59aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd07149bbda00980705a49f82ab41359 |
| SHA1 | 36569c4f02e45ff43d7c58c7c401067ba0e351ae |
| SHA256 | 469b82d63c247b76e565d5acbb03227486173a5c5e67e2c400ada8fcb3a303dc |
| SHA512 | 6bcd6e9267f53464f265626ea573e02ee84c34e3ab2d12fafb8f9a2979d2a7bbdeec912e81377741397d9a16b689736d2d135d1d4ea04c78e0b82fe1d80ce9e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93a411374adb4dd18ae12d55cd9f87e6 |
| SHA1 | 803b10895b23fbdae843c980a3ad3221f957cb75 |
| SHA256 | b2dfc0ec6380050c6fabf1aef7711d5f1be5d7a1aac5aafdd4bc827ee7b24102 |
| SHA512 | 7c7e1c9837aa93e749db38b217d3dfa1ad428253c06f935f0601ec06671bccddb82bf7511617f5228281b8bb3796f8944c06a8d4da05b102ec6dd1f57aedd7cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46cff25f7106cf9e72fc8ce684413958 |
| SHA1 | 63b4a57e74270cee2417c9115c0f0f5615191545 |
| SHA256 | 2937285cd1bbb71450e93cad3acb4807032ade00de3a54165ff77d70290a186e |
| SHA512 | 845c2d242636ba9e39d298d4e73d661ce06d2a531b3518332ab6d67d2aabf8c73d394a7e5d8bb770251f9b02c0055f2d1996ae263b0f7f995b229180fdd3dcb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58b3c09ec456a4b98d2ff47d912ff6d5 |
| SHA1 | ec26809cd538df36acb879a655ae34c572607f9d |
| SHA256 | 86c0daf69bf81c2596a4034959e0046ef6bd21e0b9f3ccafa7d9d1b45093b382 |
| SHA512 | dfa98ba05baa569174fe401e63590c87e8f8958ffd8052d06dbd1fd3fd3eb51f0491f44bac08b7fe6592568c4637b71062900f4ed2becd21efac5b2d7dfc59b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce9e4f81ca251fc6a70afd86397156a8 |
| SHA1 | f95b5ce89564247a568e0a539f5cfdec53666772 |
| SHA256 | a18bd71151776a587914f3ec8c193a91d0fe2ca7ccc87c4a30ca40e5c1f99870 |
| SHA512 | 55d140de9b528889adb859459dfe8c7cee77d329008a510d42113920bde36f0f03d659a6276307d571c943171c0cf9a747d23d11d19b77a1f02a182d34ede5ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71d6e9c97f548a0094df20f3c996e7c4 |
| SHA1 | 5efd07750715b4a855548ffa182e1461c0212bf7 |
| SHA256 | ac1951a2c0d81f2645ecb48c6041cb6fc438f53b4970064882597d81952aea3a |
| SHA512 | 76b4ec2600790337f44ffb4c750b9d961f9860aca4745ab88ae9d40e894aa6f2c0b50d9108ca71250c3ff5fe6634cdfba2cfe8e0ef493ce763d7fc1c20ef7f81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ced3c011af1d172e7dd52b154f2072d4 |
| SHA1 | 58147575da8737f19219c63ab325fe23e5ba667d |
| SHA256 | 5a1885a3895ad749faab85c87d5b0f56186cd87218355683b3828327d6d3a4af |
| SHA512 | a68e56c50e8b27def405f7df382b941e013741242a9d887d44fb92203709cc65f3fa34325a8dc9e33aa64716a84b3456a2b6b45f5dd1e2c9ecfc924d19bffdcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec22675bed1beb673dcce50676428520 |
| SHA1 | 842804218ab7f0779e6b20e902fd21e6484ce78a |
| SHA256 | 046f6327d4c1ba7eebdee4b4c98eca1c831927178617ac2a0d8f4c4e5d095ade |
| SHA512 | 8b35c520d4262245fecaa0ebad1fa3d8cb5166c1c404867fde794fb6ca58902109a3fe3d9ef31b286819f452a5540eaeac82fb97c6d09e606ee97e13e9e4f2ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a80b211c946d27672912fa5077623ea |
| SHA1 | ac909c5b67a0253277a6c63c803997add853c78e |
| SHA256 | 22b9fb937031748a484ff0e68c7aed76e7e3e014bd5a7875f93494cc78b6c896 |
| SHA512 | 3b7bcd2a0fd22af403e4a395db6d83a67bc1de3917b9c07ffed65a789f8217038bf228cccaee43ac51447400b26925135df8bff775d5873b4affe384d5c24b14 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:25
Reported
2024-06-03 13:28
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1cbd299efd0f712bdff938b96d626_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe730346f8,0x7ffe73034708,0x7ffe73034718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4457638308936868541,14597665411115561998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_3588_BCHHIABMJLOTTZEC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 090329dffa36ccf5867d0caa36e6ad18 |
| SHA1 | 1b4773eeb362fe9c06b4d56950983720ab28aab3 |
| SHA256 | 890d7a621442d1c5263a1e6af71d1fecc8e38404db9f8ff0301c01362a7afa50 |
| SHA512 | d217bd5fef2c0d55cf73cc6ff2b96929cba3823fc6e7c2fed955ce322ad438d1ced2f1071fc9b110f9fdda9b99c012392306ada6ff089076b2e035b394cb13db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cea3d6c2608e3de4286a972002dde6b0 |
| SHA1 | 142d9f1e4641ecbbad60a90cdc6e18a816fa069a |
| SHA256 | 2fa027ac558a39ddfd1ed899141523dea6c22d3f4b285146274947007f620bf1 |
| SHA512 | d9498cfc79e9ed7cfd76bfc021b46c3ee79b166d877bed75c9f825d52a1b134f6815b3dc30d33979925d05b78c38cee48be1f9e346562824f4ce8e2a88dd8036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7325f3633724dfda83322b82e6aa8a70 |
| SHA1 | 366b8597bd601a8d6a2a2fefd7c907b8db2e6fab |
| SHA256 | 3ca29ec458a70c01503e1c5bf5c6285cf5746027118d74b9abb49f50a8824eec |
| SHA512 | b2f8bb83256dc1a604c1103207aeab0bf506975da31924b9dfcb266e8c7a2b30aafda11a5b9f7bf5468b5cb22fbeccf18e9c30936d1a076a760cf0f7b23502e8 |