Analysis Overview
SHA256
0bc55cad164426227dab3045049ddf91467d65c4a0bda79f1467e779e0217854
Threat Level: No (potentially) malicious behavior was detected
The file a2d5eaeb16adbd2835b7d6f46dbbf652_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:03
Reported
2024-06-12 23:05
Platform
win7-20240611-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000002e4c5d796f09d84c47ee14cfd9cd38d404856c1ac21e48125d5333592c8a8a98000000000e800000000200002000000078342a10c185113cb9fdd7b7c232cf55fae2785bde9f7128f5b9693e5293dfd420000000b676d08600f0fb2b196b1cfd50f499252bb467b137908d0b0eb1843dac81991f40000000973d9de7513b28c608b1fe58615e6e10f76738c5bf388b6dd42932fb7ffd4f78d4b0ae421343ecbb88bc5ed64604378d8899dd678ccdb395d05c63a4ec8b4b6f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70fea4cc1cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006039577e61b4a26734eeee77f3389aee7223599bfbca55f51ef0f5654f1bc859000000000e8000000002000020000000117ab017c3020b037012ea809e6729a55122cec5a6f75400127ef77b2755c78d90000000f819edd8891e64444a43803fe33884f51925f608c8f9cc38686ccc4eb8d7c2b1b96af9e2cc4932f55c947c3d869c13e90a699581e4f2d7a584ed0f7971471cdbc4dea4712a90548ddde01445134f3ebe3fbdde5b2343828b55089f043cbc1b87e05e8c80d734e6c41c962c6deeb74a2885e450b58ea6c0ced0ba30cba03f23d924cc97737786d5b2d4d51be17a88090340000000e8af43d27bf5b7745d1b949983e24e66b813278c25e95d16676b67744ec40ab11d3bf2ef43ee850128ca94ba32ade755fc860b8d34ec25ae9672e7e83885ccc4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395264" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3DB52A1-290F-11EF-9586-DE271FC37611} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2948 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2948 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2948 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2948 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d5eaeb16adbd2835b7d6f46dbbf652_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cookies.ambercrow.com | udp |
| US | 8.8.8.8:53 | static.general-community.com | udp |
| US | 8.8.8.8:53 | static.generalfil.es | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | informpromo.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | static.general-community.com | udp |
| US | 8.8.8.8:53 | static.general-community.com | udp |
| US | 8.8.8.8:53 | www.bnserving.com | udp |
| US | 192.243.59.20:80 | www.bnserving.com | tcp |
| US | 192.243.59.20:80 | www.bnserving.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | external.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | external.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1DB0.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar1F0E.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6124a1acc93a9be55a687b7ad428b7e |
| SHA1 | 312512081abe73c9bb165119825efcc4f0588d56 |
| SHA256 | d2990853f0e66f8b0df068883ba919a6cfa1745f5aa113c3bde49a262b68bc5d |
| SHA512 | 06e371573e379ad5e497953825a144c96bf074fae2c737223c81346639f017575bc5a88a7db164995db500c903c6f235359ae470d27f270aa9d7bd6dc7bb10a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8edcd3a7cb0fddf7ad8f0020e0f6abf5 |
| SHA1 | 031752362c6b4bcc510acb376dfbcd80c063f28f |
| SHA256 | b1f7931c046526ed9b6e2024f31adf49d7c94c1ae8c6c184df488e77c50cd0aa |
| SHA512 | 7cd6ce9e92b4294d2ec33ea1338a3b799d6a47c597c38b43ec75473ad1647d8921eae4419d777265de83df79c2d20413ebb0bffb4118cf82efa88ca5c3ee6eff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69af35929ff4fcc55693953433cc4a88 |
| SHA1 | ba5d9cf31a218d6be4d3a14ff23dcfba5192c5d6 |
| SHA256 | b08c47f8719ea18abc020ef453d19f6e90b7cb52b6c3bc6ca437cc2e7794fa6a |
| SHA512 | 8aa71567de9ab49393b6335682171c9ce2da2886a790d5e0621b33c60f832587d52906ef9fd39912cc264bfd374560ca0d0a35d57f2871f71a1ac7271f9761f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6266d480ab315c6a9450fc5022c14597 |
| SHA1 | 1435d92d98f41337d60625b031011c8334095ee0 |
| SHA256 | b8c55c0beaf3d694b8d2517d0064ec1df59290152972d20f58c6e078eebac1d2 |
| SHA512 | 76e1612881205ba49f7c9cfda369ec340746d75ef80b8396c4e4f6c5e7d519d81f21b990223efb648159295b591ff27b671fb15e18ba893a724e411bdcd5b5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d703bf133211f69a4037649d8347bc91 |
| SHA1 | 6362b97f4ba343fcf0d4bb549618d93464136436 |
| SHA256 | 52f063d4fd851f0e483e1eb1f6765d1a53d545bb34f6fbfca5122e7a5509930f |
| SHA512 | 4e7823fc00e724d3613b55e034a73a91da0a5778ded02b999f20e70c31865296ac8cff84e79529729ce9909ea3ad2ccebb96d0a8f4af7c7ce2a921d7ab964d11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 552cbc821204837f39ba04072be898a3 |
| SHA1 | ce27e1d3975cea17eb77281e0df938b1b362bb66 |
| SHA256 | 49357d450c18f6f231494e74bbf19189d3650e0653fd71aec0e74dcb58c2c26e |
| SHA512 | f5ce07e8271da7cbcf05316707e97c9b017ba662cfc82ca2b4cea48a9be6b6e2eef2d982c55fdfa2e7a0b0a8cc26d9a2e3b9ba8df66d9b2f18922afaae9633f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86262d2a2d8074efb1ffeb0bd922af6b |
| SHA1 | 4088f9dfa393f60944f04258f03009f115941706 |
| SHA256 | 2081387aa545541f4ce88d87bb39e9086a71529b6c6edc498c25d52f7925e581 |
| SHA512 | 22b1eff9c233bf8ea21560dd42e3bb152a2fd3ab3f569e00d817d80e59bd5df0bb0720658f222a68435739beb13701da5c08602cb3098a5dd96b9dadc2a234ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65cc3d288590dc5d5e0563f0d1b09d61 |
| SHA1 | 320df43f89a04f94bb72d7f90cbc2f541392d9e5 |
| SHA256 | f6f306399b2edff196ff915cbb7e51f56f7aa1982cd67d63a4d114781386b633 |
| SHA512 | 83118cb26b653cde2e998f6b359d29bab440ed7e199f604804f9d9a888c7e868945b8ce8312b5b48db843370f5cc5ae7a5e436e43fb0b9381ae0cefa40c36864 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bbd39147ead0b8e31a645945c10f5ce |
| SHA1 | 138d05a0970f332bd1d66e773a33dc9f9fadce6e |
| SHA256 | 9edbdb924bf49777a3acaec2c9c0a7c3bdc261febe2093fe388b035b143f9c7d |
| SHA512 | 20e4ec0f41a0a382843b37c531f825df222bcdef4fbd51d37c70dc81adf4a5f1fa82a9929bf0df08529afb428ccd80aea4e69bf985994c4ecbc5e8369dd3f595 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aee345b1cf612eaf35f0c3da9400986d |
| SHA1 | 9bea10804ce357c26f0feae8c83c91b8dea02872 |
| SHA256 | 71c719aeb66b3ba8f7ba9dc501e53498d0e4df8cc21cabd972b79dbd8b664976 |
| SHA512 | 78013809a92d681e1f7167f1584e693f36f693eeb41e7fa1dd7c44e8ed30c6c09292b12beb1b0c3cbb135f0cf1501a95973aea98bb691d1caf195454d8aa7c6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67f10755b08c2030f2966d545be92462 |
| SHA1 | d0a61e4f532382e6d25903d36bf7793e0a5b3325 |
| SHA256 | fbef607e62130679bd95e02dc0ca49b260cabd5c1e0403a8268213c9854fea3d |
| SHA512 | 54a75c1c5404695b13d6eedfab71d22e091294a2e029a2d28ca0e79681bd3cd2760dc69faae8ee2cc3b39009d0bf0965a6e3d0245cd969ca88aecb11ab604c7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36700bb9b8d0058590cc200e2e72c12b |
| SHA1 | e48ef70e24272323397ec0ef78bc5c69d8f2fbaa |
| SHA256 | 0ba6773b82ce40f1d5738693b0869c8d1523a079c49972674410e517f6e9427a |
| SHA512 | ca7b3961d4b4414404675beae19f762c90b21a4ccf64274b3f0c038dd1bbff7361f6d2f6bd345474dca58f27437f768333bfb504fec3a0b731c18fcaab2e1b95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 104b7bf7a79afce148274c49e0236a0e |
| SHA1 | 6ecbb62e94164be87e45b75ed936185bde352c7a |
| SHA256 | f2f7d6d4597a3bde8053eb30f157e59a6b046f41011839ba74373eb60becc0e9 |
| SHA512 | 121499dd9e1cbdc884f4a0b4662326e0c32f8bf72d879293bc8715bdf023278f9de5d872deedb7e5787fb02b0965c3e2c2923f2e38c1c4b9599cf45aeeb5ae9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fd25665617272d477b061fbf5aada1a |
| SHA1 | 18be3705ad21679cfcca8b12227dbc15b3781264 |
| SHA256 | f7af52df31f801c82eaa9c7503c957a3c11923b6ea7a7812c51a66210b317e10 |
| SHA512 | f3d567a00f5b203f6452b42562ba4f38ee016e134a23613748784607f524c27df2361b5b543d3332b78da5a9be7cc2e101d976832ff9c33e6c762c89a156e976 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ae5cef0f7e6f64736108a4404cd2448 |
| SHA1 | b5166b0b23f904aa7596e7a77513ab6fed7dedba |
| SHA256 | a6f4455acbc7f95e78a64400b41e96ec123aa621acdf7b383bdf67e99dc715d1 |
| SHA512 | 6845ac9b32d5638d1f873703b8c58aceb87fcaf9adeaeb630e42a36f70845ec279a37801bdfd54f0f257e60e626836933dbdab0b5418e60eb6282495b4965cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95aa6be49e43a797189eceaaee3fa91d |
| SHA1 | f56b985f3aa6830f096402a642cd351846ee4bee |
| SHA256 | 3a0a717fc95bb04f988b2a81b5436f255e5fbd14c17899f7d4f09ba84b5fc0d3 |
| SHA512 | 9004b6a8693701a1023f9532993f054ff382301de9c3815474ed268f859dfda4ebcfd67f0933a5b203ddafb7ae02e238cc602762a80ac5018ae04fd8a2d492e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97ebe65310d4cfb977d4f6a6bb80f874 |
| SHA1 | e88073d3d29d8a1cf1eb1be11d99bf242adbaf19 |
| SHA256 | b53557b7484fc745d5b275ed2a477fcdb0c249b1858d9ff7baa944f4fd90aeb8 |
| SHA512 | 123dae2900eb123204dbbf0bff7c03993025a8f33f87193bf8a21bf1a6c4e489d45ddd9dcd40516fb64faca65b5da71c9d9955c62daaece59dff1d38bdda3725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46012ef5ea6981a3e06d3208073bfa59 |
| SHA1 | 919869b5e3a423f7cfe2c226937949f2590c7d7c |
| SHA256 | 11e5f4bd76af105a1d65a0ad815aba30ccd5991292bf3681afa818a6bb0b758d |
| SHA512 | f9204072f31a9c316cfffe190fb35e64a50acf301f278691b2caa0c948ade2a977b383bcf86d0c5e5d964d524bc244bcd923f0de3f72b34ae370a656956eb5a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa532823a7476918ccb93e17449545b9 |
| SHA1 | 5004ae37b6aa49e22de72986edde9ac9be097d1f |
| SHA256 | 9bfa866cd4d4f7522df04c59c49a404ad8057c0d8c7f9ba58c18535f0a7460bd |
| SHA512 | aebba99293ac75d34669eff404cd593a46bc51302f16f5871c85ef79a0f24ac54b7c1d9c772b5f4ee3c9afb7d879294624e3863671adad64ac529e846867c57b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:03
Reported
2024-06-12 23:05
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d5eaeb16adbd2835b7d6f46dbbf652_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa047246f8,0x7ffa04724708,0x7ffa04724718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14408578880865545936,16683204462332632228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2964 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | informpromo.com | udp |
| US | 8.8.8.8:53 | static.generalfil.es | udp |
| US | 8.8.8.8:53 | static.general-community.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.generalfil.es | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | cookies.ambercrow.com | udp |
| US | 8.8.8.8:53 | www.bnserving.com | udp |
| US | 8.8.8.8:53 | static.generalfil.es | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_4384_HVMTFVPAGMOMDFJE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69e8c74bb26ba350367ecfb86297607c |
| SHA1 | 0a3fe8441a7b602482ea18befd9e65aa71a552b4 |
| SHA256 | 83ae23ae260a34db29e8fa46ac463e9f54c2a8d56a4618b92dcfd8915adb7db6 |
| SHA512 | 79ca3f127c0962026396eeb37d090b9ccd42499cae440b3b72c7428605c717f1348dc74ce51a3682f18a60ff923f5839b31a3a093672e792323fdccb5b73840b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 987424d4ddfe0a413c83dc5bbd883ec1 |
| SHA1 | 75904f1c23927d51720836286394fe4a8cb56b1d |
| SHA256 | e7989ce9f9b82355435339d359eae8f39b70e03d9b768f8ca6f8e608971861c7 |
| SHA512 | b449aa913bb4c56cc8f63aa98fc2c91112f138885fae4390512d87def773e4917785fab2ffc71c84d56733190c01cc935d4e57d8613543789dfacc59065d88fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 042f24668195e41e3fd9170c098f9684 |
| SHA1 | 4721779c8206bd9c16ff829548831b842e0264bd |
| SHA256 | 7eaf44361d06784f485a6ba8deecad4e5b0af1331a80a8712b26c38e308f365e |
| SHA512 | 2efe08ccf8e14398be3cb3d9e86f58858dab66d85b23d3d857cf0c937bb5aec504e8ee6b043c66c092578c8321c36df59a8925557a1b73f1d925ef3d9db5bbd1 |