Analysis Overview
SHA256
04aa2be7b76ea144c61daf40dee8417d24c535a5a0a19e578c77195fbb54ed8d
Threat Level: No (potentially) malicious behavior was detected
The file 91fac518ea3acd0381924e0b8908ff3a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:37
Reported
2024-06-03 13:40
Platform
win7-20240221-en
Max time kernel
136s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B070B21-21AE-11EF-AFF6-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583743" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c5a1adea27348b47a7deb0df96280494000000000200000000001066000000010000200000004b9faa69075987fbbb0617a6939a6a6bc06e4282804530ad7796d7ca69f0222f000000000e80000000020000200000004e72a2208947d4f291d58ebdf8bff35a2ed49a31f3814107d7569e24c287ae409000000084ff41e7eed2161fe96e31a8f34bcb93d5bd70ee9c31e80684abb4f251e9fa96afb02aae33f2934e9c31551a2181ba1c39b5d02adaec1709bd7ac56fe1a9d783363f4980a5900b3b773ba29a6291a1a277409fd10ddc1faaea6c3490b7873ed0615de6d9e035d09dcba0edee33352695b4d35fa0b1c400b6f4844541e4a8365d5727f566a9724ab85bee7e315c1d5c9a40000000d6587c907a4a1f64648bbdef4809922b2a931b25c67bfabefc10f1035878bbd187af4d862d364803cf91989b5e397b346221921fc858ad4d9a3930392604221f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c5a1adea27348b47a7deb0df962804940000000002000000000010660000000100002000000081b7dfe3d4e232f2e3eed1301fa08de9bdf93d2dd2ccd7eb6c43f2e61cda5f2a000000000e8000000002000020000000a97d5c654307250a25471fc9e9348308a24e1de805796862f0b68e1f5c8d32162000000078bbe60ebaace2f3e7d9a1135cbf46861a90cc7c418cdc595a375756078bcb4540000000c9d783d29d34772eecc3ff176df9497702284c6f2b0f8110a2d29925cdbb323f34a59bca7a036359e0efa098f59681d78db8fe90df0b9ed535a78a1e1ca3bd33 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 506b6352bbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2312 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2312 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2312 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2312 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91fac518ea3acd0381924e0b8908ff3a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lkphuonglinh.com | udp |
| US | 8.8.8.8:53 | fidelio.home.pl | udp |
| PL | 188.128.132.14:80 | fidelio.home.pl | tcp |
| PL | 188.128.132.14:80 | fidelio.home.pl | tcp |
| US | 8.8.8.8:53 | cdn.ywxi.net | udp |
| US | 8.8.8.8:53 | hoangluyen.com | udp |
| FR | 18.155.129.28:80 | cdn.ywxi.net | tcp |
| FR | 18.155.129.28:80 | cdn.ywxi.net | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabAE7A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAF7B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eda64b23e8f0c72b0f239ba184e445cc |
| SHA1 | 5d7acfb36dee355a1be014a9280d24d29330227f |
| SHA256 | 2dd8f2acb436d26221c34c9971d8e1ba744abbb0f1ded15f1ac16adde994d48f |
| SHA512 | 80ad59ed29411f852d22a2684819ffb10ce3e822edfa48d8493d6a0e3cead320c05c1db2af0aad79bf87d84b44f9323ee1fa5f9fff317498eb092d67d5db888d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c9e9d20e50b323c96384d905a61600 |
| SHA1 | 2dfea3e65c5429962f06a91164c2a44efab0c9d3 |
| SHA256 | 1196e385da2b124326da8379c94eca641a89813e6f691bb2459717605ab6f4fd |
| SHA512 | b12ecc8eec7ca790459a7bd8dead2c4998e7f7b9535f241f9995bdc7152dcc292251913b1215749a37fc2a0614f725ecc612e2ddab5203e16dfc07ac7de264fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c14e8bf5ea19da1b3ebc9b88f0c0aa1 |
| SHA1 | 2118be110277690f63922ddebcb82435bc1f61ee |
| SHA256 | ff8de1677a2a914e034e928870973162b4344d423b15acc00728ea55d57b5392 |
| SHA512 | 676bbe6d00c04876662454faf0e129b61e540258bb4e99b6668a18820667c35026613061b8367401acdc0a0faf5436250bef26aec14ece575a0293238a3612c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa4de500f009b96974217ea0c33b6e1c |
| SHA1 | e9d79558f0213a08b6bee62023effdd59f57038c |
| SHA256 | 86c6dd1ca4a1242cc696d6ea3916dc888996bb9b4538b0c0bf7fca4e54bd9458 |
| SHA512 | b29d63a6aec5eb9cc05dbb46c009b4f657ccf290c686a6f9fd71daaf827d9ddf3eb3781dbc02109210ce5d03bfe81599aeee80b49d2a6e2f6f20c194c487c5bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 326d36badd5076515dc5bf3116162939 |
| SHA1 | 7db200e1aaad6a3b4774266edc85e28f0a17729f |
| SHA256 | 1cfd67560286a0f64f7658c14c62af26a6d3996a6141c495a050c5d26e404d66 |
| SHA512 | 52740432cfa47cd96810f3091874e99e0f7cdf29d3cef28d5ae9f79c6e1315fed567c4df249b134fcfad32eab5164e3f982181055c1dde5ae556884a1910ed78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef2261a578c8cf2c993f3c2aa6589bfc |
| SHA1 | 81c4befc5b1bb5d62d161b206b00229ea5ef371e |
| SHA256 | 7761c8da04fe47a866b13c0871edf1c2434a3720acf1e9adb2b1ff8a38f8b9dd |
| SHA512 | f1840b7d8d97b8e4d6c6f75eefe1c4c399fc41a1518500f68132200be772a0f135ca7457ecd0ac007c36c48592214abc34923fa2c7c7d4f71d80304f7af29ad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 187299916ac0b1a99bd959d59bec1b1a |
| SHA1 | 6ee71860dbdc866a090a772f55e8f4bea884867e |
| SHA256 | 4aea25161c8918bdc6600b597d3c4a2f0e8e222dae3109ef7dd379278be487e6 |
| SHA512 | 43a6341b5f198969717782f12d10ed3ab5b6c323dc6c4659a251f5945d32c93af6e5c2f1cb66f9381ccaa8b8625901196336dcdb87b3923daf93f44afa36d307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2029dee6f27f45c08f5c99e5f9471824 |
| SHA1 | 1772a7930d885b44587af98904d9fc551a309766 |
| SHA256 | 0619314b1b6c7693ed7e2ffd6a9260d768dcc0965752637f9eb530438c058821 |
| SHA512 | 32edc2792ef5530f59b7b4d11faf2e62684898f4f5519bc795ffb1033dbc4068cac1ef9dc69c4ab20edc976581ea1db83854a0b4f8e6ae6c57cccaae6bc12dfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fea165a2ee3c81de83245c472efe844 |
| SHA1 | 62b53a9317b097b966ee8aad0d71a61041709bfb |
| SHA256 | 404f79e8f755f188bc29e521fe5047b33d699765bb7066fc52c0fcce5ef70ae5 |
| SHA512 | 41074883132a737f18356884381c1cabdea2a6ffe069e8ac2454eaef09884968e05167d7dee8fe84119a9ede0289983fac6a62d1b147b31f63993f50bf488e1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc8677662b752fab75acd2800212c8e5 |
| SHA1 | 63a0eee51c3009121408794be566ed88620a1b8f |
| SHA256 | d8c2eec83f1970bcfd048b839b5a85234040d4f2a0f9718a1c9d75e848347290 |
| SHA512 | 47ec771a4811cb93f0c32db23ebe1be88b2708d3038773f18a2f584ba5be6f98b597c8fc2cc5f3a63ef05403965070c114feba678cbe754d8015e8b1ea8ccd23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dec46b1b7237276089b715c5102b2be |
| SHA1 | 52d0874406c7f0790add1f480904d29e588fb353 |
| SHA256 | 75af7f7654a86663401ad223d50abc324c6e977ee5354d6407c90273d4b56d07 |
| SHA512 | f6b6db03670d0e698a15c9983d83255f978e5340474626a51ad21ac62aed1a8a4c232e65ece7c3f0443ab1642e320d93665ffc628dbf4328326129d4246114cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2d4c7dad67b0792ba2184b7e9cec2cf |
| SHA1 | d1295fafe1d1870f65c6696814b6ab44c9dfcab1 |
| SHA256 | 8aacd615237da94e51097fb752615e78130301b68fc468bfb7e1325fe3e8c214 |
| SHA512 | 859f014adeeea5ff57eade9a47bf4dd54cd1b8e6340e0717f5d5149acb4d3d637a433c936a61d212c6fa85aced810be4e41857d8910760f598f4efc1cdd4e7fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 402ef471fd8060939f1d84924aab9d79 |
| SHA1 | 4ce607f2f1291ddee7d8455b4a8e437e0e11ad78 |
| SHA256 | 7c6cc0ccebf8dddaf0ff7486c3bdde171e9b857c082138d5bd00688111867fd5 |
| SHA512 | b6fae51b5d1d15c76ff4579b08c048829ecfc12b218782fa16dd394f54460767e56eca50657e4596776934c15437096b2bf66ee08a448eda53c1a8a8f0177531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa0155eee5911b0f5e302c4b0a291bb6 |
| SHA1 | a55db6ab877c39a6287b65963fee4f4122cbee8f |
| SHA256 | 7a14d8c4c78641eb965adad77c610061bda7ec06a1dcc9da1a79a9fbf32affd1 |
| SHA512 | cbe74d3875d5f624031d5c1fc42698f60dcd4ce0c6f0504946392c41127a852f3ed2cf969a0e9929fb01ab6886324c22b33ad289881619611ae677481d66a8a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 625c4fbf3564e9668b90ddfaa753c4cb |
| SHA1 | 9de80be6dc756b5e9ad2b5c84a86798f9ebdcc3e |
| SHA256 | 32dfb6e6e146e9040f572f0885c3e3447e4b6fcd2682c7a122ddffbd795bb203 |
| SHA512 | 5b77dbffdd80b76f049aee7e8dc4d23e05f8ef7ef082f408cf1c2948d91ae6aef483268a3b0d30c6a86189e5a2bb529a55264fdf0da572963f0f79e02e976034 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5b35fa44034e323e7003fb0f2e5cb98 |
| SHA1 | df063aa1b668815d573f7cbb7e33380d52b88e51 |
| SHA256 | 6ef3e14933efb7da8cbb28e53810f73e61894ffd9d486455ff853c0ea20972d2 |
| SHA512 | 926c3405ab5578e1446b4620e52cedfbe31680b6dc033a7ebfa553daaba8fc1ca155eda7fdb64b2030a6c33a79e2b2ca025eb29df4cd185effc0028856e7653f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2126ba29067a9c3b6ded508c409dc1d |
| SHA1 | aa8cb0ac85f30c31a3e73a73505e21d2d24891e6 |
| SHA256 | 9d55cf6bc4abcb9b5e8ae94fa147e3cf75b62538e4019f1af26e09246026f4db |
| SHA512 | 1751ceb93399483444ece4211a11b95de9ceb417426973983895ebbb17e12bbf88d4d3ef363dd753a3573a35685659efc91442e7c307a588cff476bcd41a3340 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbe2fff2437d328a3bc522ccfa06e004 |
| SHA1 | 1ae4b83e4a43f584ef9d552ae39c3452869d4044 |
| SHA256 | 387f2b4f88bd1afc09457df6e135d03df75e0a5e4b8d2e023d95a1e478541496 |
| SHA512 | d9df0e89d037afe1501fa3e0c854ac7f0159740db8abae1ef17254b6391fc2d92d6a5d8f7582ac3bd7370543f7de30ec0623ceb4b4732ab061c47562614a6478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebbea2ee1c2126aed86084dd5fbda5c4 |
| SHA1 | d74ade6e28d5ab3ebdeef7fba0db439ebf581dd9 |
| SHA256 | 840d976891d72ed2a717e051da9ebe4caeec4ff8adac6a5b70755b2f6dc5b3f2 |
| SHA512 | 4118f63a616b1870897d33176e8b3a0e5295130036fd38d25506f06f299d6ade03154d6ffacdf88b68f4c4908c2f5622ac20299fafc7065f3f7e107cf3499e92 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:37
Reported
2024-06-03 13:40
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91fac518ea3acd0381924e0b8908ff3a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7629766629449943662,16466084707844460038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lkphuonglinh.com | udp |
| US | 8.8.8.8:53 | hoangluyen.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | cdn.ywxi.net | udp |
| GB | 13.224.81.75:80 | cdn.ywxi.net | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| VN | 103.1.238.148:443 | hoangluyen.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.238.1.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_5056_GQQTVJYEZNQHOGFP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cdcd89555278e2ec2f711056b0a3d03c |
| SHA1 | b08fe98cea45aa9696cfb3720c3d115d7cbc90a7 |
| SHA256 | 9ab61ecefab08519e8f0fd1de4757bebe113c39eb3c12716c3c2529978235982 |
| SHA512 | 41d4f47354e4b74d6b60771640e6867087681c05cfff91412b744fca63f344e43e96abe946d8d2830e788e5ba1fdddaa42ca646e1911ead3082a740b130ce322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5158e7bac8b8cad90ade6da3f1a3f3ce |
| SHA1 | c4c71714cb720a56aa6495f85701bc4367c1a9de |
| SHA256 | bf2542bb02b94c992c479e8281a7ea12603da7c96a1b5309bf76a5acb187629b |
| SHA512 | ae665e75ca4dc676971f9f81c2d78f819d775bebc41cad5168d075c4d13f9591da379e67a77213103239f90157a4ac022b98f6d3d3593f3ae04b76a2a8da4ca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24e82f4845317d2165acc8226ddbf991 |
| SHA1 | 79fea4664f0ef54431a61f8dc59d8e44e8f63949 |
| SHA256 | c367e6e285896d679c6bbb37b0b9cbf627061e981e1f45cf2178d0a1a370bcad |
| SHA512 | 1482599342d00e30655f165a1a01eb0e4546db3ca8568fd340e595c65c79739af3c357f1d853bc110e8c6844f695eddb0124f2573f40b3eeefcb8a62a17fa27c |