Analysis Overview
SHA256
49c1bcd3f1ee6ade0fed22ad6faf3d9d084605f9161a1fb98077ea29cbbfcbdb
Threat Level: No (potentially) malicious behavior was detected
The file 91faae36883efa90fb0868e9a015dade_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:37
Reported
2024-06-03 13:40
Platform
win7-20240221-en
Max time kernel
121s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab85975144ccd844afd62e0f2b75d35a00000000020000000000106600000001000020000000f1a56dd90d397b8420e6489937b87c2ef037c65c9a00f7cd919a3cc51124c149000000000e8000000002000020000000dae12df712317f95384f2b21cca215891d145d7f0519538808168f8624cc6c2820000000c24140f1919a4e6af65f3f0efeb0987156061a0530c24f95bf091bbc3e3810c140000000688b5ed951e1d82d89368348b4484a4724f84cf39b10bd00716eed1bc720db5b9e974a206082b269efe3dcf56f49cfa34bb21c1919f672f5dd4a2a2bec605079 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c005164abbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab85975144ccd844afd62e0f2b75d35a00000000020000000000106600000001000020000000321c736dfaee18f873537b8e4c69fe72e92326fdcc85c538e109318c3b255f6c000000000e8000000002000020000000122a47c2f35ccce44dff2abdef1b3e4edf06421624f5589753efb4bc12bb9a97900000008e608100fa99614454e8323c071413e7148ffe25e9d370f5f46e0f64c87255f9cdf7b74a2f86bff5f9632735e1ca57945cbfd375a3ea00a5bcf8167dcbec127d7cafed2fa8961aca8fd1115bf11048aea16b07050ea39250680e97f501144712ca4299b401eda4e2af6d2e5065270a01576fd5e2c80d67a8ad47b26f78d89110d8f4d5fb322672de38f6bf499d2e8b3840000000402e60b557ceaa04a1c153f56473da0f69c7e0c765564ef3e12983cb0e33d523d8b77550ff4dbddc4f660dfef6e4696119d9963ec6503c6b42d3beac7b31116e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7508C5B1-21AE-11EF-9F01-52C7B7C5B073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583733" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2764 wrote to memory of 2892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91faae36883efa90fb0868e9a015dade_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB56B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB68D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bf6acde34ebdf9e926d83237b232c29 |
| SHA1 | 268565ae299d7352726ddf937415784888591cb5 |
| SHA256 | f9284838d19de8fac02474fb1907eb8a1c432a735f58b024e87a6c546a3eb0df |
| SHA512 | d285d5b6df460cf6092a712923e2ed71a4a5077f7845aadcb52cf8c779fc7862978e8a35c975b6f82bd006f704acb82597afeb9ac2363cc054a0e00e382cd508 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 909510f4118cda8dae62492beb05fd69 |
| SHA1 | e18df399a495307cf99c434248f27cf4c343dec4 |
| SHA256 | 7ad766df8d70725d1fe042ae13109b47d492e458b59f9179488629a37cceb708 |
| SHA512 | 1e614c4a06deed4f0b3b9a90ab32a207393c257ba32151e6d39274f226202568ca2739cb76546d95c5c0b17f8216016df8118e3ddbd629fe7c1e440fcd2c170c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f14d66b3fa86a402f8deb2f470d35567 |
| SHA1 | ca930bc5ec1464d727f547d1ce0fe9d80ea47e1b |
| SHA256 | 6de867aa21647ebfcfbefa582aeb8f3cd5c69a1cfeeb2902bf4af6557073f74c |
| SHA512 | 9583098f95c4c7d4567f9d62c3a8d96a85086263a9e2936d125cb072acb4860e644485b900b68e39036de12560c05472a340caae68d7c6ef4d635a471c7f354a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc9c6bd3ec0aaff578e01bc067190870 |
| SHA1 | 502d2d0d532b2e768a0d4ce1d57c4c63f23db9ec |
| SHA256 | d7b37d1266a03dc8a01097afca7735d12031198edced6e23021ff27b3c2ac946 |
| SHA512 | 3eefca4e4e5ffa95f791e4a5fab10b70179560b0488f1a66a2537fd51b9509e08e90a714a63474375ade26691aeab459c8bf9dcc5cc4db5781a24547736699ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8ae78667317b3255d4ba6d5d8427664 |
| SHA1 | fc1e13d2fd7fc33413aabd6b6ca2d98da749e7a9 |
| SHA256 | b0dec860797d7584474b8e1d815a31f3fd74639344c86d49933f7d8a39555b44 |
| SHA512 | 8cc479d973fafa7ae581d24d1c6678321a4760983f94d98abe34564edb4f32ec18ec47c3dffbd49a52163372ab87066c8803dc37ecdec8fd74cb32e55380febb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a47141013792a50dfd6d5bdf4151a3f |
| SHA1 | 43d0ae9c7b960fba81defcd36276ca17e61c2e72 |
| SHA256 | cf3dfbcff0b6c24fe4c1b159f1a11e125b96fdc00842f112e814b290825f3d6a |
| SHA512 | 06f967c0815a55205332331eae92e880d63b9be8788dd1ee2ce44865558c43404bb13f5192b04623d351770a125983b20656faf89ec9a23586e94cdee908a3e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd21404d75284bc275c251da96ac7324 |
| SHA1 | e26bb2f408b9579e46c771cd0a792013171161c8 |
| SHA256 | 6626c4f56fc2553996db750dd1f4192fecc0160e4b3dd1f3b16240ae3b7c485a |
| SHA512 | db1607d2a86fdee2c6f4903a869b745a82b147188d62eea3ffab3bf7f32da974da7afcc6008e9af1f9e92414438d22a608ebabfe081f192afe1e17e48d2b2cb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97332e9f54fa237a12a8f8f72fd16627 |
| SHA1 | 38f99d036f2c4ac24634bf290e1b877fc45da1bc |
| SHA256 | 83158e1cb024593c8e6d181b681f9bf25c1e5f78ee3de9f86cc93ba8b846fdc3 |
| SHA512 | bcc0bca01daa0a17141b110d0d490949b42342b92672a7974a4818790d7de4bdee80dfd0531d6be6ae3ad9c5561175d9fce929aa419724c442803f505bf2df1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b125dbda95b4098812786a4e5c0bcefd |
| SHA1 | af9fdccc19e48560812c558efdd31f438ad6cbab |
| SHA256 | e19605994c22d0094481cd021d690b54665df609012f1e78d60eb3e90496e31e |
| SHA512 | 0431800473916bb330ff144be5dc911b732a8df36677d72eb8abe648a40dab87f1f566f24326d61ae90427c6c5bd2984b41c94060de28001e59216b03ee812ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3035d31eef0cb27de0c3c37477af0858 |
| SHA1 | a2a843a013719af7a4f48ff59ab717266e9312dc |
| SHA256 | 6e88689148b2cd7123ef4e50ccb04c414aca5a20998ce120909ad039b15a55ff |
| SHA512 | 10806c28502230b42abcdeae955373991980b764abc725fdb95075a975f0f98b622570d075065a2bf346735565ad045267d40e6a1fb586db77cdd11d0c49eabe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b991f945afd2cf6773a87a5a8b8f3fc |
| SHA1 | 7bd7f440f00af792f520ab97be09e456e8cc8b26 |
| SHA256 | ee8e04881ecd34303a69019940af0ada4a6f61c55a28d01a2b8d94f05be1d030 |
| SHA512 | 9486345d0be90dc39cb0e5777df43e4da0c85fe1ce718bf7f278e8b0f95c2da5cdd755834783b2d281193b97162fbe36f4d6c5a6050630785c2cf0477b2bae5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ada590e874a796ae52e74e96e137d629 |
| SHA1 | 56ae4f6c859de4ef0d7d2abe183aa07fd1a8b13a |
| SHA256 | ff7b4f36a26428f12e78006072dc2f92f434fd2056dc60e58c1f66b1b94cb177 |
| SHA512 | da4a0e189e873187cb709fb8ca28404a2addbcac002c798001828066799aeb12d1cecae077873730e0346ffebde92448610e7d55b29bd3924fcb4e5b9656be56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5081caafa1f083eaa0264884748d2d0 |
| SHA1 | 9a07b6889e8b95ae2c729c0e17b869e1bc2313cc |
| SHA256 | 5a8f06d1606f1a40e5c7398c8e681bf166ac2bd911c087dcd46a56ee0bee2e1d |
| SHA512 | cf3b64e6ef6159f51b644aafd0c7469178a993363c39f9e0b8a85e05b34e09797473a589d17e186282f2ded52a350f5db7ae6ec1f543169f72bedf2eceaecd2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5ed59c3530433a079c103f0538f8994 |
| SHA1 | a2e4b009b7060afa46d0f7e6d75231a5ed330436 |
| SHA256 | b6e803ff51c578b8705a98b6882fce0c8bf975675d3234b53e58b4eb74f5b083 |
| SHA512 | 380502f1e46bead1662baed275232488620a6062913f104d67407ec951de1cd5a0ab8c0d2702e98cc4da58364f3d926a3aacc7ef037cb0d47e71de2b9cd48462 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2392df90f90064ff7ba157b26160fff5 |
| SHA1 | 0468f43c0c927cb9c0521370dadc0d78f89fc27b |
| SHA256 | 87b131a119925170117898a6afdfa35bdc049c606de363e981eb362f6a994f2d |
| SHA512 | b8b2af982d52927faeae791dbfbe2ac18554ac338eb9df12f5a1a6b4eefc85e08145623728766c6766b134cb932a740c10bb942a2a1d5740de61c8e7dd2d18b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb9cc6161a0894fedfd4839e1f8eba11 |
| SHA1 | 6a1b1dbab3462de90761e0e094deff841fbacca9 |
| SHA256 | 71301a16a1220dee880cc04aa1283d8bd89da521d8943ee2f8871fc3ea3a2db1 |
| SHA512 | 5ab6a19e3a700ef68907994422abae6311391d8abc7122828708564079fd19b2d41850c59456527cef3c8f8e5ea59a06cea7ff392dc03660403919d811ebd397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0db45419d69819258180ab77d1c2c61e |
| SHA1 | 84b0ad8b48aae34788143566d2900e349c22f9b8 |
| SHA256 | b76134773aeec246a09eabe4c035d0a65922eb071749fbb638d31240a4074d69 |
| SHA512 | 2ae13ed319a1f4bf6a91b0f8ee9197cb153b330adf3370482647a964549b88a2b677cb3b852e64099b5b755a69d785a5db0987b47756691493742191f3588279 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:37
Reported
2024-06-03 13:40
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91faae36883efa90fb0868e9a015dade_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e2e46f8,0x7ffd5e2e4708,0x7ffd5e2e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8838296054138325173,3103593965479534877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 2.17.251.32:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_3808_JTVUJNZXNHECNHRT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c8a759f089ce25cab7f4723f24ce2bd |
| SHA1 | cbfa703556a52f7ddbb743233a7ed8e85133d90f |
| SHA256 | 6b6013ca8f6c55004cdb200a365bcdb69fc68d7c298808321a256341163a43f8 |
| SHA512 | b0f365cbd5db23f40675e1dfc194746274c4646380e710949f94ab715f33ddf3952d1c9b80d40e127906bcf1e6ce3cdd4c1e6df816d2dc4e7833f1943775796e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5e453f5213a7902ef8c9e0400e0390c6 |
| SHA1 | cad5d77159a34512f2b889defbf88eeaecd5790c |
| SHA256 | 4de1f1834ffeba04e2df4ea103cd61857f5be69b917babd97ced514008a832c5 |
| SHA512 | d0838c17d9efcab9873b6878291cc03e56e4337aee12aa7b11a2bc1247379783baf017334fb2cdd6bb2b1d8f5849e23c696ef52316111e6dfad7279df357f061 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bab2b73cf1aec83244c154eb7c486b11 |
| SHA1 | 397516f06e217fa362507c973bc6cdac8ce0c182 |
| SHA256 | 25581937011301f7f309defd3436c6a80dbe2555d91ca6234fb9c42218f84b28 |
| SHA512 | 238c853ed5b4c12193ac40ba9c1b538965ab9cda4002f78906abf66ed28083b6cd9bac7ce5c13a76ec083f8ba0c46fd9eca0ef683d2cbc3126c1d6a1a017ac56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 72e0dd9a48ab6cadb5a4991401edbe2c |
| SHA1 | 4a499d118b54abed30865a499eb27318b9b6df82 |
| SHA256 | 53926e0d06aaca25ac0b28f4177c0e72809325307ec690234fac351244ff1d92 |
| SHA512 | 57d5614a23036c9d4361234d797374bb8451c0a694731faf034ebab13295015ead4033c271946597a591ce9cc65f4b3d109797b60b137623c7047133614e451c |