Analysis Overview
SHA256
2e6524c53b1d0877baf2f954c3d5b23718a8e27ead5b48926e5f2d2f4700edd1
Threat Level: No (potentially) malicious behavior was detected
The file 91f34b0ae95bbec5e1773dba7c9c4aa9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:28
Reported
2024-06-03 13:30
Platform
win7-20240221-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3035b7f6b9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c70769d3df0c4f47a1a36d4c0dfff85c00000000020000000000106600000001000020000000b7c85d3d915d90c59785ab14466fb6d545bfa66eb7be49ac83f46ada0e347bd3000000000e800000000200002000000058634d97b31ebf044253c137fc954e00dd3d3f86f5fbf639372f56ad17ad95e72000000002923201d6b0d05e2b73f7244fcdef7ba5081a2275e3fe9782d805aa57f096324000000003215060d34b324b1783c87985f77ac7447608704b2bbf98d74bd7c551f8b1c0d7c1243d730e7fa9ff72a29698559dd4310e16f5a5f3afcc353ad7c694525cd8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c70769d3df0c4f47a1a36d4c0dfff85c000000000200000000001066000000010000200000006565c3e9ac6961b88fe22e047530153fb778584bee2c1022368426088af9975f000000000e8000000002000020000000593bf9fb615729f3da6f7cd3b2c8332101da87d8fe8577fd9cfb7cfa8fe26cdf90000000606f0e2a68fad2631677db210b0d5bf3b31579a7e359ac3a1e2f48a11f3c6a9b53a73697507785f608a93a576943a7a3caa3cfed88b184271df3e121b605eeb4e7d914c2d014f26dbfa66d9985a63647874247afb1ab498090736c07e041170edb38ff61beba11ed2aabdce48078a5871679b9c61f31191f72c3032845739af8581b6cab73494cb4588472bbc6ac322a40000000ccf16d76d747f739de0e246b11d2d436983ef0a2aaae62fc2a0d87d2eefad37af028560391b0ff093c81cf6d4d174cd2d76532cc73031ec5ee2abe88680a319c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2142F5F1-21AD-11EF-A692-6A83D32C515E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583163" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3036 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3036 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3036 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3036 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f34b0ae95bbec5e1773dba7c9c4aa9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab85C6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar86E6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71879542859a76fa2e588fbc599659d4 |
| SHA1 | 9ec5496aef7f9dd335725fc5b9069442b81910de |
| SHA256 | f6fd5dc3ed3276cefad91ac0cf1babee4fb5d85982d9382c8eafa5b58dab90e3 |
| SHA512 | 70548c4f917a1b740fd9971c144da83cc4eb636c756c9bb55a4cc5777f8f3da8150206580c6bcd0fb5a7092f6bf3558c361c2ab9dcc14ea73777487e346e62e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 966cc78edfb09ad34b8cfe14f7560ca2 |
| SHA1 | a784f52fb380e01e72aef0ae25de6b7ff19783d4 |
| SHA256 | 6f23f3b63c1c0c71ec56ee3eac44ad915bdebeb51de71a188155b27c06d973da |
| SHA512 | 2d1e38fa5995753196fcf0421249193d9f0772915185aa6b29311840f599b613fe93bc1ec3126afb33c6d1d726b955e0c78e4ec69e341f5c08243c975173b422 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 412f5daf2d122fe9ecfeb3c4ab4036be |
| SHA1 | 9b65b8b84d9adb13c1b3bda9fe4d272f5077fb1e |
| SHA256 | dc60046f19bd7c91118d0d73ad46d4f36078dd8ded9f585f719cd4ce9abddb0f |
| SHA512 | 18d36c3af7b0ab9f74a32aea017b264cba2ccda553f0f7d323c03e8703d7851bf4dfebd8bfe68f8878bbf5c9600cae158f021c8571a422f0a7e891b78e2b9416 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb3d7b572bf9340f304f3b7db8dce75a |
| SHA1 | c33f19080a15759915125d6bec124cd3cea4c57a |
| SHA256 | c3741888cdc70c9bf4850af4f185dbb9c8fe58fbb7daad9c81692968edf1a5ec |
| SHA512 | 377c0d04f4732bf80a24debb9c293390b8a6d1096285b0a17ad8df3d6fcc9fb2889cc956734990f0eb9a263390169465da1c5f216cf0cac29d5cef6dcd8acf26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8dfa3d35dc15d54b354e0f8dcfbd9e |
| SHA1 | 254e3fa608a0fd72d96eddd8391676a88f2f2cb5 |
| SHA256 | e6b52b09dcb8efab08f647f9ff675236a678a11274d765722d98bb2bd1e00e7c |
| SHA512 | 055effec53e1c7d803dd4f6de80e834e0068f7d0b7c5fe4ec77bceba3b046a48ebe2a2531872673c888e4873111e6a4f05ffa3fd9612f5e5a73f950bf42d5635 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3d4dcad4b85ac6ef06ce46540b60793 |
| SHA1 | 4a456913f2819c8a7534ec6ef9e1220d59bebb54 |
| SHA256 | 088cea769f31ce14e9ec618cd9017edb386985c9d1485fcce0baccd0fc9b3c7d |
| SHA512 | 038bf8efeaecea0210ad40715ca3f0f6e833fd284aa4dfd0c83919a68d1ba81863ccff02a29076db9c53eb18a4b1e340d48360b78d6ce3c9c4847574dbe67c0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c9e2b6d9295cd3f0e544ec0cae24f94 |
| SHA1 | 0eab7ad5b5f41a4788979229c91954e107855faf |
| SHA256 | ff6a0b5c9987944e9f781481924db5a08bbc3808c050e042ff78d7e04230c717 |
| SHA512 | 95b17b21d4daeee2a9abadd1334813d57a71596b5f95b945c77baa98df3b5e89fcd5df37426d684a011a2f3929302de00946fdd533e52648270613ebb78b647b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2caa0b20ae9710dcb2932196c5fcd721 |
| SHA1 | 080615202dba03aefa5d0b8946b4f61c0e286844 |
| SHA256 | 1cff234b2e8df10006261c7cbb492ae799cf7967858885958714b19d6d93dc43 |
| SHA512 | 605ae92c541a703e165ab92061972088c8ecf486b3922c5435b91c5905e4428fd3139675ca51269f962dd99f53b4440ff320366528127ef132c4c0eff27872fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72f11f674277dea8039b1e5bee68fc84 |
| SHA1 | eab6d9ca745d9a73f92c5afbd5c7994f9432a842 |
| SHA256 | 259ac7ece05a7a7fe1280d98991fb5177ca5e388aed3d0812e154c811232ce17 |
| SHA512 | cc79be9b89681bf93c73c5cc4764d7c7f52f7e2e23bcffe633be10b9bd98d5fcf95e518cd165cc05591e41d08ef47385c86d1a9077d328b0721d90d4a87f4f90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0330789e5b1e6e8a6a0cebfc0cb23925 |
| SHA1 | b77f657f6f1237856026e46acbb59f2a6013889a |
| SHA256 | fed736be6282a28d1ce9b1d34cf8425ef9a6b870345cf19430a1e9a95eb7229a |
| SHA512 | ba985ccb7a1ffe0d221d096cc6150137f85824a64957c0b3864036112c8739788d86b90655d7d7f2f3734f258e9911c13e01174ba35ed1fda703ed490804ec37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7d248c98819d31eb5e041fb48ec5c84 |
| SHA1 | afa6c6cdaaea9e48555c5b2ec9208a96021e3e8c |
| SHA256 | 3be8eba5db655912dda74fa865f81f00da10c45f9ae43c261f4738673af45b5e |
| SHA512 | a7af11aaaa2cb18c4144e6fd4cdef3fde0354d9f9a4d56fbb9577315c53295de6cc30f050a743b4226a7b27fe5b9b6ff790a62c4ce6014704fde2e6078e4e737 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 632cdc9c78ddfd4661a5471f97240681 |
| SHA1 | dae3162815f998aa1f05194c40e78029ea02e20b |
| SHA256 | 5321aa816f7d46dc12a3f2171839fea986615b8eaacdcbf5c42baedb569f409e |
| SHA512 | be5c7352dcbce0ba529eda625fa87c9d81133ed8ad4cb5dfeb57678e05d6b0457773032f0e9bd17b0b53c9d81cbb3c823a9df93678ff0669ac8c6b5a9b1dc212 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3de6fd04552dfb7f09adc3d3aea9ef5e |
| SHA1 | 7682a629f91aa3bac786e10323e25ca4a05fb270 |
| SHA256 | e0ee8b9e8016fdb2fa06c1b333f7d635e79e76cb25f06c3c8e2697158072c353 |
| SHA512 | db6817eddf103fd46fe2249a3eddfd1e98db8564a63c7a6a9294494f9ee42c98ffe90b2b05142eb6b8f9ad3bc63db46d37f92cd27e920c52a23df38bc44fd99a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4b1f2d9b8be17159c6fad6cfddfe08b |
| SHA1 | a0debbfa4f2da5020e4cd2b1446d42fafa25c1fa |
| SHA256 | 63afcc8b372f27d0c25b992d67b329c8c66134a344a6d27d1ba4d9bc5a2a04bb |
| SHA512 | fb34dc4387360e9bee83ba2e4dc60926687afe0666dc9e555073d6c91c3e1120a52c47b5b5d19334aa1fbb6d5897057daddd8bcad16cf851417ae6bedb229379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56aa567664ef3353ab16e7a7d69d28c2 |
| SHA1 | ea367bd2242c7c18c99b7d0eb75ffa3531f44ccb |
| SHA256 | fb454c3f105a8c2d0b68682a3939172ce2fd543fe888a01e8ce9c9289df0f6bf |
| SHA512 | c199f3a50e789137b2c9bbc47f00c9dfeefd5d25b3d579cb42eebbb42fef7aa8fa272459b8362b8fa4458532242f01b6234df531bceacd28af23148bbe9ed058 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3b54cebea8d2cce537624f8fe136bf4 |
| SHA1 | a04950e42690dcd64d32b4d2ba1720fe284b3c64 |
| SHA256 | 338e3cabdd142069a738da5a08dc2423dcf7512b1c0d867a6b9c00b5bd5da730 |
| SHA512 | a5b6f11665a08c6a74a3e6716dc8fc66098cfa3f4d5041bcb891ca37918ecdfb584494cc15e6cd13827bc17190a039d800cdb8696e349f105728de7401a94fd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2b0bc152fb31b7a077ba0bdde3a2d46 |
| SHA1 | 76e84dd95fec4c604d468eba870a4740b2fb0300 |
| SHA256 | 72997e205e66d4dba14321d9b1620999f5a9ba14bea07a6e1f179669dfa26e0d |
| SHA512 | ccf01a4e3f597416a2acef734570d2c11476cfe37694fb963c9b163a1a279b2f7371c79995720c4c00ee47c84357d50f84978e67da6b02a62c7411a366b5ea06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3450c3520e4e082dd5d439df4e5389d5 |
| SHA1 | 4592ef7d57523f56cdfe1df386b828bdf4e18081 |
| SHA256 | d49f126c22cf0d0825ab49bbd7cdeb9b3025a7f1b12f04f52223c8d681bc8d05 |
| SHA512 | 594e2d8a450aeb33e3c45a5f83e77ea139ed7ad156a143470765335484edde7e503da47d3396798bcf5527863003cfdbff42c56a51376bc75942cd4de3000838 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 900282fe3818f38eddf1989a0b266abf |
| SHA1 | eb7746a10d678de68f510a77ab47907189cf6871 |
| SHA256 | 522f6195a231b434fa15ccb5d158b28e3ff6a1c33164706b4d0f5d7db926bc3b |
| SHA512 | b6918bfec7b9daacbff2c354a528e09a268b59a79807cb956f3b1d7ffc1d2c560735694c5a435fd20c4dc2614375ec95d678344946e49244e4629473e09c2969 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22dad4c2af2044d6533f922d0df1dc3c |
| SHA1 | a2811fc17d1948bd5a0844ce07ad2856879e5f58 |
| SHA256 | 3f7345d8b4e1fddb774c7af2515c91454c1a9409468b391db0cdf73e7f8a863b |
| SHA512 | 3a5e8be6e877cb4e607e2639ba9d24e705441fc424ae942dfb5b782aa445319c2c902231f074d32982277732daaea3ee042132cdd4950658d0aa6da85ab3aeb8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:28
Reported
2024-06-03 13:30
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f34b0ae95bbec5e1773dba7c9c4aa9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf32f46f8,0x7ffbf32f4708,0x7ffbf32f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11068633292835017721,4454567842191569036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3780_NGDDFWDRLDVGVGNV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f394043803a9f9d7671e352088ed5d4d |
| SHA1 | 32c04373b040b0fa201142d0df4dee1925f8c2e5 |
| SHA256 | e686a8e3e8a2f3d2ce457faf406623d8fcd9c9c9761ddf1ccec616c09d5e74cc |
| SHA512 | 17ed90382508fe4b27076afa1d4ef137d78f7a38c8bf6bb888934dd9005b3c8d83e73f5e85b6725cf5cdc2d9ae416e1bca2a2da46332f8ace0043fd5637fc66e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ec606f8a1d891793ea0fd8a90c5331a |
| SHA1 | e28387e0eabd74375107247a2c6c4ce2d10e11ab |
| SHA256 | 0f650bd14984ed8a268036d701b489c194e46f6c45c8083907524107ff12ebc2 |
| SHA512 | a2fca3ebeb5a05c4a93f2a8d2468a7b7f231102ddba10710b9a0abb523caeb43d8b6c735b7d1ff5ad9d7d33378081ad8511f6f7d81114373333bc5e297b6bb52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ec17b6c152997e72b4ec5ea57af7437 |
| SHA1 | d2e77c58b52d46853418c25cf798f49b9bd58068 |
| SHA256 | 58894854ec6a661fb9f4fa01249010e9976f2ff90be389d8fe65136c897fe36a |
| SHA512 | bd810a92341d6c99f813c8b41c5233c03f3efee99d161d893a24573b0433c10b86f6ab836f0521cc5745baf9319b36f36e72f061c64190e48588e9f34321db98 |