Analysis Overview
SHA256
7abbc2da02ec7be90d271299acd18ad29bf1e3e87fce62b675e950ca2aa87a1e
Threat Level: No (potentially) malicious behavior was detected
The file a29efb0979e124e332978bc5574514cd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:07
Reported
2024-06-12 22:10
Platform
win7-20240611-en
Max time kernel
122s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{305CAD81-2908-11EF-8B35-D2952450F783} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000045f680b01dd8c45b4d001355278084050619c1fdae3fa454c71765d900a07e40000000000e800000000200002000000022f7397107e22b9e7d7e3ea4617d9369980942053ed343e6735c7d552df2b3c0200000000e02d93562b710e20ecb6e92a02a513ee3ac82d2fcad9155548e78b985f10d92400000009d80079e128b16cbc8062451b71a4a0403bf874f7bffde06e0a5dc26da3542f4ab93505be2b95ac37aefd315559722df320d6bf93ccbddab7af00e44258aa6a8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e40de753e24bf72cd1a926afbb2dbd28cc897b1ae9599a5567fbd3c77016a5a6000000000e800000000200002000000044f5608c91e812ba42c1fd39159133d30be270bb009445fc37f4cc20d9d2f76090000000b39f4f8b8bf56aeb78965947db61047b8b4028fa5c0b847b16421b7311e91dfeae08d60cf384f4145d5b04af656e2928b4e5dab906d5f74aa7fa862f97d62182ddb0febbdf54bfff3c573effe915e69011769c06d3387154810a516072666fc252b031f15f5e93106b947b10a0e0fe20dbf0fa8c59a18c0c1fb20b10f77fdd48f0c5a3888c18bbf0fb453517d003948e40000000d029104562c5d4fe9698c5ed80234d053477ded12defa8c7ca4f05d0d276637b6f1000a663eaf4e38b511ef4d50d129b9be2a0baa50847835a5c56ac2afdcc9a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00c54a0515bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424391930" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a29efb0979e124e332978bc5574514cd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8FB5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9257.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9180e412d878b80c2e0e32f40e9bcf85 |
| SHA1 | 1c3c9aede49919ea607f9cd6c7f9238a1bfd0ad2 |
| SHA256 | c125ba6eb2325eb5a1559d78368600d53cd6fa9761c275408b23fb53fd4ea88b |
| SHA512 | 04ec0fb716a2d5a164941f0ea219d7714c31bf7153fe3d713a6328eb2eee8d883f423ba2f41d12aa78041e9f5e75fc6e6bba8c3cff711bce782cf727dac6abae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18a012c8ba954ecc7ad79af0807df740 |
| SHA1 | c1dec71477f84c2c3ef984b1675f8b21c21c3614 |
| SHA256 | c53f4468dda1529aaa43ed99f14438483f9916680ec5b2df693fb1a5fc4a3cc8 |
| SHA512 | b2c4873c099f27b82ddec83225803e7e32c63e2ecb6438a8507ef20802c3df946806df758614d126d66ea88f19cc82b466b4247634208f706d72075c3536afe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfd48a19004516acb5a0cea97edb5f2f |
| SHA1 | e39e07a3fc59a001ed7910b1871f1934db2f9aba |
| SHA256 | 10552deb3d3d5a54ff4a7ce76a667d3cc03c12a8f90dcd72b02da4f2381fcd54 |
| SHA512 | 279b0dff8c76a695aaff8ee10ea3a18093a03392960332d71822d7cdf5470c9263e9b2990bb3f39ea44010132bb3c022a3bbc364802479dffe14eb265e5769ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 280c9884568d225186b4ef6c850ee4fd |
| SHA1 | d8b0ef3a175caf2f0999a58c55e166c9ceb94fc1 |
| SHA256 | f8bcc5ce60d12d86243a5405abbcb2843676d67a2bc63df21fa06e69b5e05362 |
| SHA512 | 4a11c1a0770bab9fcf0f888ef840e404a44fcbb82566570d798e58ee6fe0ebe80a2d46248d4610d5b264c2b7459747dc70d02297a065d23b0fd0b92fad3f50cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f0a74e5e93ca9f654b0a5458e823aae |
| SHA1 | 875975f4e7daa08abfb5367856b49f9dc231c6c7 |
| SHA256 | 2b5c9a3688229dc41afaca62ea7141845e7fc28d68a4f1dc7fd5b19a0869d9b4 |
| SHA512 | da4250c41318f5d13b9a683f7ce09d594518ee43dd62cfab0db9b80f97a852167903f457aabe0e3025ec0fe473538a2dea9b571112eaa28339984cd257a5672a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c9caa37155eec709da620d198fc610c |
| SHA1 | 21b72465e6d83d5e58ce9bc5e911ac290c1565df |
| SHA256 | dc16e7fdb9e256d6ffa8d878a6b21fae893e973614cfb6dd2e934351ef9c05a8 |
| SHA512 | 890a82e939d515b2b37a1500c2040f4a08570edd17e905d145e899ba10b489088d42e35a5513bf96df15eadca43f9eac781c1cbd053181ae16502c25a37e7d55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdffc65506d51cfd3a008d0d390e8afd |
| SHA1 | c76792ac69ac9610e3548a47ff7ad77ae2f1a02a |
| SHA256 | d4f397b28cadf694fc327f45ea68d646278ba37a1725458777c01cb48aff2b53 |
| SHA512 | d970ef4d8e4fc95437bca17690b6abfafd20f7a168f9066d638e8dd28124cd30212e984740cfc44c1cb610a3e9ee2019e02f8a5c0923e2ef422dfe91bd411427 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 314a984da7c68ad49929891ea3f4c77b |
| SHA1 | ffe760b93154e5efa98ed78ea0c0fc7710d89cf7 |
| SHA256 | f5af5fae30ec91dffce57f9c084ad95d81fece751c660f7d5a1b5514348ef00e |
| SHA512 | 3799af4af46eb95a40f411690dbdfd8f865ba1523c82bb125d1c4cfd443e33b9ecaad8688b23e0f1a4e288084e309fb3fe24b45c68ccffb5476ebac02613be40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba1a863f0a99000a2218711977ed09e3 |
| SHA1 | 98b2ccc45257cdc83679d14ce9a3116b8731b4b9 |
| SHA256 | 6ccaa07ab1c2c90b4c4fe6c25eaaa3676b475c25bc87b170fc01a25664065785 |
| SHA512 | bbc06a09ce526720af4039d775bd9f992afb823cbd724d4524e61f49374cf577c868f71d0fa9ca5c9d89771e78d9b7e89daf20d45f65d14af09054fc074451d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7df541f08039333ca2fbd8afb24c15e2 |
| SHA1 | 4dfc61ce25b4e4fef7f6c07e428082f823b29844 |
| SHA256 | ead0750945f5246d812772153c7d12c5953650fb3c6086e6371a12e887d0ac2e |
| SHA512 | ca302390e8f36136676a9f19b8af5d054a34855c679426f2cf2d7d8e8d834f7b76e7affe286bdd56ef156b0b0f446c029a9216495dc5264d486c7580d09b646d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db4198769e76bf22ca3d661d22470cdc |
| SHA1 | f5c49c471d7d278ff91b8e9f5795925088fbe918 |
| SHA256 | 464642b1966cbf63035472c29c32b3858fc8943e69fd222dba1a11981466ba58 |
| SHA512 | f567b15cb830361b300e41ec9f70483737ca27aa784cc8ded9da751c1b8ba5fdb3cf8a33414b0d6fe5f8a22a5df20ec828a844b9c11766c33c02131b5a4cc546 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97253f66820833a1f6015d094daa7d53 |
| SHA1 | 33e94f4e4a8824c9381c6b44649e7a1d70c79555 |
| SHA256 | e180ce0e69d2ed30e6ea7bcc91ce19dda571d1bd68cb4a1af2092a908931f36c |
| SHA512 | c2563770a4beb75067751195bbb314ea7b59a86b4bfe438cba1c2ea0e79ad87157e21c4fd8d8bc8248e29d606ae70b97222f5133f7cc114c40ce1ae80ad65168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5670ded0106095fbea8ce204eb6863b6 |
| SHA1 | 869f71fd0a50e5dd7d74222d2fbe9b05ce062b69 |
| SHA256 | bb89514ee188c1c09d9272e6cbb093859a49f52d3866d6ec02b616b06109d30e |
| SHA512 | 05921e2a42b25bef7f9bc4f75d89b4c6ccfac05c2b21d418bb07750c76bdbf14318ec2bf2aec44c3e93bbb17daabc3efd8c94c4c1ede80946ec48954f5ae42ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78a846638212b74378b645dd626463c5 |
| SHA1 | 0c8ed49c9c36a0b7415e3ce00e344a4a29f6ab24 |
| SHA256 | 66716581275eb2d2c9cb9eda1c09a25c6cab2f1165934cf7348cb1c918a69687 |
| SHA512 | 84e5c089e8d3c0af0218573cac298f647ab3a0ad0aa363c4e9d2e06219f9b0602dccc5d792a268f3dd32becbf18f076c325ec2ed2cf6781265b2a5eb3b624ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb75f1b77e177a7947b827f2fc1b69a2 |
| SHA1 | f457c7ac7426a15c62e557256a3f908e0d5f7301 |
| SHA256 | 27050f3944e8e9a05cba84619377db74556e28648ac367e67d5c3d96836a65da |
| SHA512 | ba9bdb5c423985174cc8b579b8b6d7888b582c4776943691bf4089333ff3bd4427abd5228820283ae5e37b261f6a6248114baf2fdadbe88b81ee688082dd51a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d88ba0cc3bdd551992844ccf88a75c5 |
| SHA1 | 7d0662eb978e5060a97bb2a897718fbcce23ce33 |
| SHA256 | c63b418cd34ec786c1293669f1de8c3fa355657759c0d315eb3219d300500df9 |
| SHA512 | 1be8455128c3ffd66a7b77824b62427d2a94497593497738c389eb54c55482ccd54409803f15a44a8ac941d16649cf9cdd7ba815428ec79a9c5e7d37ad8ef71a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14fc356391457ec5ecce2a569ce24ede |
| SHA1 | 76caf320c0ee6e8635097afb0311c3e7ffb23c01 |
| SHA256 | 2c0056ceb18191569e44487b1e168bf0453d42ce72a36c4802eca13785aaebf9 |
| SHA512 | 170eff0c8ebef2cd1177d34da470f433aef685f198d7b680ae59d7fd80b52635bedafc588cf3986163a8ad1d44d3e8856de63c9f54a2331be3e1e161a84a3de1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e80655af1a6498a4d9db4002d646ed0f |
| SHA1 | 36fa7b60f5f9c345b0e9331d75d18a099ac75c3f |
| SHA256 | e4394c6a764d110e1019e31bbe336217e6c5b1fa47eefef32002d0d4dc9dc6e5 |
| SHA512 | eb4aa4d8dc69b1ab4b6fbb02f51944d32026e5f781202be2acdaa37f71950206c59f179b6c9ee97a2eac6f87697150ea58a60c66f582b0a97b6dc862f367b557 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 085501f1976381c8c5d35c733567b96e |
| SHA1 | 77bf3a1bd631ddce744842cca77cc13f645d1550 |
| SHA256 | 0736d1c1f2eda204386c2dc81e65df8756533b2a0dfbb1b9f80bc1f9bf70ad31 |
| SHA512 | 6abc04b85f18c85adddb81e2e8e546c6390e957e236909ff72e08b0d564cb9365682898dc54042deb1217e28367aaa16e6a0d2ed71d397dd2b48a03584bdd93e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dba737f5a3d2cf646389a001571f3298 |
| SHA1 | b7ff68d7356dc50f1d5117cd86ae484a6d65b296 |
| SHA256 | 3ca78243beed8b4fa8951a05eb5cae68c3a9e42e1818cb342e0dde446040d2cb |
| SHA512 | c6e8163e63104e8d4c55807e4cc04d5f2f30d458bd5b41477c4282e64606c426bd7f173ef60be36bd032eeefb11d3a3bb3c0a22790ce87dc6521b79733a73846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a525f408fea7204c2924bbd018b2488 |
| SHA1 | 6d32ed195183fe69bf8cc8dd1cc32e1c91df296a |
| SHA256 | 2c283618d9779b33b6eecd0958bc9199baba56a034bd923c7bb6156d91ad9ee0 |
| SHA512 | 16a7a17b77ddfe6366a0a43e843cd388beb5056fe9b80a05366cc27d5f1e8179861c0bc399e9fbb3b92db82d14b31c3f0df62387742a0da0370267cd6cc1b310 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:07
Reported
2024-06-12 22:10
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a29efb0979e124e332978bc5574514cd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9593046f8,0x7ff959304708,0x7ff959304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10711260834280418759,3415770529415975772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_2964_NZGUKTGSXAYTITQZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c1b7b8d-7535-4864-a16f-2c2a9c5c3b2a.tmp
| MD5 | 1972cad4d90490d33f77243b71f0fbc3 |
| SHA1 | e8a12f1ed8822bae793724014d24059b9b12cabd |
| SHA256 | 9937f5f0187d76ff1ecec6895272474b399eed1a10a05bb9ba597fcf66f34d51 |
| SHA512 | 153fc664fe13f388d805632c49627a0669566d3318c6d50681a8ac2f6396ff0caad4c76538c522a34df591bfbfa78311613bebec3e76d20efb15d5171863f4c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0706ce9bba9c8b7634dcd1402b022653 |
| SHA1 | 32e1bcf8abe0d295631dc69aebc07e828460cab3 |
| SHA256 | b0879a267662fd953f6645a8c42524413126f46f974981d8d14b8d6c0b637ebe |
| SHA512 | b4480c8b04c17d04ec40bbad2d154a04c50c55f02b2b5b7056a41b08cd83177227fed6d0eaf07484cd7307f583e49901a158906705dcacc3e4aac809a523ee4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42d6e48d87d02cd66c4088613f929fc1 |
| SHA1 | aac2d3cf3e07d9b4874f95dde4ed5cbe72cfd285 |
| SHA256 | a08ff0bd59b6055a74e02b3d174ee873088626779038fc9b5093a8da38b300b9 |
| SHA512 | d8140693949af58dddce76c4d3ae5ee9e64f8bd4518dfac1b92faeb6abd277693cb4c188d38cc5b5fc49926a8ad2432d7387f2a10e1c61745ee693276ac77ead |