Analysis Overview
SHA256
aed64a90b879d5ae2b875aa8313d5f22d2715039999795d77682712d51e46e68
Threat Level: No (potentially) malicious behavior was detected
The file 9259c4bba662fa153d449d18d5baa472_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:56
Reported
2024-06-03 15:59
Platform
win7-20240215-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b1ac018baa508242873d35cfd3a575fb00000000020000000000106600000001000020000000380bd947ed6aa03bc28f5dcd52f050fa94eca3a00caddcbe028f584ba49fc179000000000e80000000020000200000008b39ca3af3d4334fd5f6cc0876049edd06167aad6ff5adc56c8846343529ea862000000044652c89f7b1c0f81e9c63aef507e4532bba717b60d2f8c0457373806ff0849440000000f224671ea7b045af4424f133095af487e9395a0aab772180f36b42b9390e554aacdd09e5a6d8942d21d97b58b270b6ad8fb023e06a368cb068269841904c5caa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b1ac018baa508242873d35cfd3a575fb00000000020000000000106600000001000020000000a5fd47629324be080111d133987105803a65f5e667e425dcc687c5ed115826f8000000000e800000000200002000000004796e9566efbafa8c604da5b32f42864c9cc954613cef81ee5a56b64de3e74a90000000cf465d77934139377ef7943d2e56d5c017e689d9d5a777c715151a238a2b23a8d97f59d8bb0cf9aa6cd35585229b1ddb81737fce76fca026ffb9e8cc8e495934da0fb7a5e63e4f58575ab07318032d611c7389821c32cbbfaef16830b046277309ab9ae1b3f79dc0437cd42370171911896ba38fda57d3e1439b042c135a4e270c92c77a82138e2129255ac8a11ba60e400000006978d1a1395aa7fdcbb0359e9f515cd95362b804f4d224ab831540cc16fcab4c67615fcc3834668315c32bfce277817ab895c7526bd8cb779cd76bd725150a22 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA11A181-21C1-11EF-B20D-42D1C15895C4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423592062" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0f3f1ccceb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2460 wrote to memory of 2488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 2488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 2488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 2488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9259c4bba662fa153d449d18d5baa472_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1960smovies.com | udp |
| US | 8.8.8.8:53 | locabilisim.com | udp |
| TR | 213.238.180.215:80 | locabilisim.com | tcp |
| TR | 213.238.180.215:80 | locabilisim.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE86E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE960.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e6aded1d57b7dd7c30405aa1d3bf774 |
| SHA1 | 4070a68b16802838e0556307c9cba9a9d3b629ee |
| SHA256 | c6842f3d581490beeccbeecbc9ff81e217d60a6713fed1868c3da890e3efa316 |
| SHA512 | 6bd4222f1fcaf46a9ce3bc95a7d2178f353af9ec3101a26c90dc65fd0ab74ebfbc7dabc9c7fec838cc35b314fb24a5986a19d4fa980dbd2ffe971aa93f2d6ccc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0290301a04d18bff9c9452dc531591 |
| SHA1 | d0c354fcc3b7752906baedd16bd0a7960297170e |
| SHA256 | 0e181b09c04d47a62c394842bc573a1b8d0618528785c0947d119735068d72e5 |
| SHA512 | e897d28f4e42e15ce931a566fb2ee576a6f4d6465f00880b557dc9819166cb347b0f26a67efdc10af0ec6497cad3d0f76665e62b44ab4411fcdf4ec2e736bbff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a66831cad404a6c1b287b882a1f3408 |
| SHA1 | 70fae4a12f4ae74a11c514021736a3fbd2a262d9 |
| SHA256 | 377e2e716f9ca07ca95062cc4abcbc0378b92c7cc7969c4d1f8674bc735df432 |
| SHA512 | a7e7dcad2fb7cda887ee6939dfac90f0ff3dc4acfd9e13fb899708744774d54b66419d70b040308134e10163c9638559b259ceca94ccf8c07a1e898afc3f3030 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 106611f0d823ff78e39492e0fbe33e2e |
| SHA1 | 0c39ec336fd254842896fda4840ffff7941ea108 |
| SHA256 | bb1fae4f1f25c19e52bb7f8a60e3f8689f99751a04b7fc2f1eb900250865be76 |
| SHA512 | de13e2825bcf37043ed9e2d3f17092c92b1278a1dc4f0afd341d5075b03667fadf2087192a45ac6709a512bf5002a40912683f46e236615b5986dcf8217dbc38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d7724168c454f7c077cb2ab1032ed99 |
| SHA1 | d31985f1e20d07aa85da464d8cf90bdf57131fdb |
| SHA256 | 2f50b52f748a882d9a9debe0eaef12b134933f8104e661d45c0e77809e5b1ed7 |
| SHA512 | d04e11299e1ef38d513fe698f42eee598afc5b381e815126c62003ac840373351c79633aedb9fd0b02b10055b3bd5132abae52c7302c1d0e2fd6e1062934010d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5524519fd1c9d173bd147057f65ee468 |
| SHA1 | 5b2a8c5f87bf29902b9f805ca830767bf1fd3409 |
| SHA256 | dc190572cdbc7a1705b83d7dbafb85347daccf02ebbd0bd5ebee289860df07ef |
| SHA512 | 04575e9f092844646101a6f087900f4a4f41c76691defe96527d0feeabb14ab4bf9a18a8e9da26ff180025e1c833b89abb7e385b0d0fb0c103185938652a5f74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f007d07301882dcb5bc2dfc3c4e72fa9 |
| SHA1 | 237e4b3568edd37ed6db247cb4f01f3035945c36 |
| SHA256 | b65241530d0ccff3ea0a6a99a2e039561a3403124f9425369569d74347181d42 |
| SHA512 | 37d57c860be275c1e2d542d27b9f58ce3c33bf479e78f687fd5ca11abd7b8062b524575d4883fc7dfa73b9d8248dc22e6624e891a1d88c153108d65cb1deb6fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6970cfcd8512f007eff1d6eb3f6b38af |
| SHA1 | 691428f3db5076b4c9de2844249b8532f3bd2c8f |
| SHA256 | 3d85d22ed0dcd3dfb048a47eaae19109f90650b5c91ab07ff961116d6e158644 |
| SHA512 | 7b1906c57acf3075e0a8cdab5867a01e11e675a53ff58ac9b6ab4e83bc2da0a36d42ec90f026cce99375073e28363abbc6b0c302ab271430191c22023e38bc2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b9670833d73a8a2b44f1733c975f397 |
| SHA1 | 87937af10bb2d56794878ad899e8972c6b642d5e |
| SHA256 | b5222d52c308fce85d19fadd4bfdccb2e56aa32160bca3f6132ac211d3b97678 |
| SHA512 | 227165aefe351a20243cc3b70fa403753153218c54ddc1e58302c08306c254a5176c504292e98bb4bdfe85f1bdbf4126b6800e8e1ef73d922adce7ea19088b80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b6479ba67220e113d7531db1b7de07a |
| SHA1 | 1ad13247c6f8688055082ebca8accb8e43b420d2 |
| SHA256 | 687fbeb950806b5d919184530cbe99dd3e0ddc0c16bc9cbadfe2169ea720ea16 |
| SHA512 | efc78bd978747259839a3407c850c78d3cc41f985b378e195eb8ff76a5dbb6bfc49f55089ea928609b22442a96e3858e353899fde13536bc2dee20616f805526 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c2fd67dfcc52f2827b7ef91a1688377 |
| SHA1 | 3ccb4aa3607909a4dda56e0be4da1a398c977c6b |
| SHA256 | fe14d0c43a77f0dae77ad5c6dd69d758948454d693d63eaade7e642fb6c7f613 |
| SHA512 | 0a81aa503fbf38b716068673ac940500b0552dc26352b6223e093fcae80b6aebaaab197be96e73f3a9e66a29424e199ca6962814d00d354c3de721f5a20f4ea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe0a8b76a5707e46bd72d19320aff262 |
| SHA1 | 81f15a13f2ea23ef4ad8d8ebf040ce24abe6687b |
| SHA256 | 90fcd9df0a2c7bd076f9c7c7766f267a6353f9ab241b2a115f8b07d5b4187a33 |
| SHA512 | 2cc2f9237b796ebaaa7d17cc1a2b3c9b36b72b0393fc267427e055ba00b4c20c53072024100adde5392fcd370cce8eb0268c147fe17d6eda0acd89a96a6c3bca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4479b5284e88fd2e91543e9a34cca65c |
| SHA1 | 6ef139a8772866036b9a6cccd6eb95a8f6238b10 |
| SHA256 | b370a3e53f2b2369d3489643712e694b3f19703aa9e9eda86799606bf0f0089c |
| SHA512 | 380e0e7e6cea3d8d8ec6e8e95863ce59047b7cda4cd5c6ff050372db76dfef6e3a304091095c8c06f7db8b8f257a9efc00c637450301751cb3f11c6038772aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8903fb7f76ec2e1ed63371d6d423cfb7 |
| SHA1 | c79a4655d4cafea83a160d3450f581d9544d6532 |
| SHA256 | 131497094c55ae2772a8c5c465d8cbfb0793d78c41e49a7e782ed3d21d2548a0 |
| SHA512 | bc07554aef661587f79ad94b63593007c642d613be5531429edc9e86e21eb6e94c5fe1147e8ea0c2b0396502bd553321b3d52def97cb1b99af17097aa8075858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb5679fd0c100f160d694b753e065ec6 |
| SHA1 | f9c2031527e8115c007f7845d0b38636d3641507 |
| SHA256 | a02eaab43fefa8d8e68e73a7b14afcff34a3d998a960073b2ebe11eea5892028 |
| SHA512 | ee3884058ebf5aabaf89351a98f8f9c945e787e21bc2ee830fdc2147391fff041d16166ae3eac072f775570e0378ecee449c04f8e128c82ef717368eda1ee406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be4cd433970f87386944c358d6053d2e |
| SHA1 | b49904aee3ce773da14c96fb7ae7c19953e7a3e8 |
| SHA256 | ccf5511aa2f0d2a03caa61f504616cb9506168940a0844d6c80059f6f828f57a |
| SHA512 | eef67cc4f3afbd87868b075627ab3df89a4ec519d68ce57ba5757f5485e13e578891df518e5457ba936e8e83be0f0c263719f7c3b37992814fffb2a91aed399a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1288782dd578aa6f40217c2542493706 |
| SHA1 | 2ecf677231e8ba99f460ec02bcbfae13414bdc1a |
| SHA256 | 55031427e6380e195601b04abba392f473c2088979341d9a9ef9096d5aa0fb45 |
| SHA512 | 8a1d16eb5891e77c929e7e49358de8066a35e8c85020e3dc7450a9d81ff721d64ec04fb3f1d793c938208f02ff338e477c7e8ec9678e595f7cf3583d83cd8a40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c53d8cc5acfa2580328f2335259c70c |
| SHA1 | 974b41c78faaa10e2010ec7fbb14ecf64a00b506 |
| SHA256 | ada0b33250ae4bc5322caa346f8ed85a27a1d1503e5508e761ce47ae11b35344 |
| SHA512 | e3ea0de8c09d1719cb7ce588a225c0b64ad511b5956537e777f20826c57aa67c064909a7c8973bb1e63a8d236abcd7be1f1c8d7a83ba76e3cc328b9f24a7b397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeee57e5dae03c3449b965f24563a639 |
| SHA1 | f3950a1676cf241f2f1bdebee1513b18c69476d3 |
| SHA256 | e203c615dfd60131d1fdd5a492a35303d5e65a0fbe9893d5bc16e9d2894534fd |
| SHA512 | 432a9e1b7d899b471f2d609b5ee4df5fa4371bb513ecbc1d1aac3a96da21a45582270e1415ffdfa4f43ff58070c61f90eb02bcd8f7c11e27514190ab641e2df1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:56
Reported
2024-06-03 15:59
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9259c4bba662fa153d449d18d5baa472_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xdc,0x108,0x7ffe986b46f8,0x7ffe986b4708,0x7ffe986b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,760890933628743610,11036275412767731920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 216.58.204.74:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 1960smovies.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 216.58.204.74:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
\??\pipe\LOCAL\crashpad_3512_NKNLKGTLCRXFRTEU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6e220e2b351b2411a0da3e004489447 |
| SHA1 | 54db4a3e6f33ac6462f61d057bd5840dd6e4c40e |
| SHA256 | b55eacafe542f3eba61d4386cb7dcb7e53019d836555fef302f9371f37beaf44 |
| SHA512 | b9db3b9fef71878cb971488493ab0f90b0d5cd50b2a72a76f9712066463d874e983312071095b1527fa0e01b270e89a9ef4586b52561a819b609b18e0df06cbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddf1c94811ab254a25199c825de01477 |
| SHA1 | c6753c3cd2cc85db8ab3aa99bfd483f6a56e2ea2 |
| SHA256 | 4a2d35b16f6bb551edeb11149c2392517ebe80a63df9b856e0eb8fa88db7ae24 |
| SHA512 | 2d39802bedadeaa22a6b9fcfee0c49c968a88c1cc4f4e815ba09df0a4de373c415504a997aafc1ea68cfc4323c0d49ae1f3bf55b24df27512b417088508843cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d747c33b8b6e4a27b0b290ac756b5211 |
| SHA1 | 88c5b7b269fabf58770e70d86c5e1042559ecd36 |
| SHA256 | c53cb8f42ca1c9878d676aa16d6fd88519637dc985898c57c419efe8cfe9d926 |
| SHA512 | 6eec673d828770e622b00b4607b7555953bf06df995a7fde61770a1ba8225e2d3efee6f0702dca9a9dd96b021a556578d1a2739345f9094c22640f58064a6e53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0177a886ddd2463f676453abffa6a5e5 |
| SHA1 | a58f147765eef9be30e84668e7435fdb1c3f901d |
| SHA256 | 85021bf99c92b74e30ea3fa51683648f1692cd52b8026633134dee7776bd0d33 |
| SHA512 | 074e8e6d7f9592c47107973304b5a2f8e0191a9afc4239b18a0c8a1c0127f6150060602be4d8a7299663738c29a6e9ae6c44b1a5c5b573478df5706727d5d185 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |