Analysis Overview
SHA256
9526f6c132297cb983ea2d201d6df008b95fd8381553695e2916b55ddbde3453
Threat Level: No (potentially) malicious behavior was detected
The file a2cece7715174097d941ea8009ad0cf3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:56
Reported
2024-06-12 22:58
Platform
win7-20240611-en
Max time kernel
136s
Max time network
119s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000000800a53568096436cd5106bb9bd71c410714a01113472152ab7a46ca020e7d27000000000e80000000020000200000007d2269eda7f082664c633b220a2a7294662dcf29cf2776f05b7177022e4e57cf200000002202c0b3b4ebba26b0ce3c8735afc93b4e257ed90246f8983c5dc509009d143740000000ace4d733206b253e8a9db938a35f139bc63c963a956dbaca89d96b7c19fa9ca8c66cac042ee3c29d269e24af9b28acc825b3dee4f982c0bab8a44e9171879fd2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a126061cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424394832" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F25720E1-290E-11EF-AFF9-DA79F2D4D836} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f5497d6592bce3a0f0c652703d1ff648298fbe26889eff99fe89ceea6892cf5e000000000e8000000002000020000000ba6fe051e8efd788a993f7c32c33862897f88c1fecad448415587cf9596b038c90000000c35fb275fa7b0bece099ab298f410b960e876d6aad842a6188774121372d59ad54fa46a3be9f50d18bae906feaac04e8f35cc70d664db1869c6b8464bbfe23088be6028492c391a088cb35d78541cf69c82da771b99448c117d214654fde03f4d81a550218b139afe8ab01fa7093b45da2828da2b69bba3a222fe22927522f848985cf2744f7dd68fec851f9551c183940000000a325fa379edd29f501a36e9b74d1f2a42b7fee5eecb2a93ce0015d0f2e4c81329cb40ee78da9a5944b27aa02b446779be35629352a5fc0ab56f21507ef9b29a2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2300 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2300 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2300 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2300 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2cece7715174097d941ea8009ad0cf3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab141F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar14AE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23db55eeab16425ec62e0d6ea2ed55a6 |
| SHA1 | d222b3d0d77e3853babf3fb22adc6909b42b2e4d |
| SHA256 | c2be8a567ff4570b75e417a04636200c8c63916a0cdadebf61ea3d83bb91a152 |
| SHA512 | 6f09f0be2e494c439c2320e082230c7fb01b60127ed0bddb0a9adce2365b5370f282eb5bd2d93c5982032c5e54314738a3ef25f331cf534fa56cab1869aa9ea0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c08ff52a0b530843f14a208d6c2488e |
| SHA1 | e0978f2ff98a87c1a8686f23ced2eee6ef5f7295 |
| SHA256 | 9ddaa2851c8af613bb719d4a4056eecef4faf25bd51e0c83b97ff62e7af835be |
| SHA512 | b5697562cc2711f8cf814b422ce0b2608be565d20da3e80b0801566ce6db8c56c97e72455b1b7b154dcde6cf50a17ac9752041ec4a2c4325461f80754bb929be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc5aa2c98e2cb80eecbfb337747bfb52 |
| SHA1 | 65082b8c46bd6b17b65e05e05e3073fbf2846318 |
| SHA256 | 62074f57843eeede260163b6a20449eb1c0d7f80a46b57be05d66994ecf3a41c |
| SHA512 | 23e6f0d8b0310803cb821d2aa1444d5762d59cdd70d45a929bec360f1da3ca932090975c6db28ee0a9eee832b28ffb48073e09ca2d38f3ed5bfdd134334e67c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf20bddfd5a5e863073c2c82fa3f73f7 |
| SHA1 | c452dea7d4b0ce0dd344ff5b5b1bc5912ae7b4c3 |
| SHA256 | 41b971d56ae5202e4198fd178e8eecb6e514ad1f9817aff998bbf243ff94b8cc |
| SHA512 | e7a4c25bc9b3432da5f60efc5dc3af4da8d5bb83c0e1ee72101803db7217f329e3223cf8954f61f527d6e1ef7b82188aeb7a94c486ab447488541aae26be95db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de5ad55fd19d0090a50de8588e16bc34 |
| SHA1 | 3c76917fba65e518b2e1a352b9d57117afe5872d |
| SHA256 | 285b5d6a86ecf6fabe3260c81446cc4ef4bbe874673b5d685b838f26855ce86f |
| SHA512 | 9a9ca5f969c98ea1060e780fc0cff089b822eb1fb4679709da1dea007d5ce5243ea1b420f3374612fe18a5150b0e45eb90ec3a7b38c16e8cb41ed96faa091d2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f665da2fd8aca10545247723c4a6784 |
| SHA1 | da984cf3e13e0c3b2732defb73703d61e5788412 |
| SHA256 | 2ae02ae97587b9b489c37a8387af7d78614aedc63bbc04507b7b814569180536 |
| SHA512 | d5dd8f5c6bd48f1388fef59781e1081b3007052de334a45fab85092de283c75d0084671657f299ff277fd0ad918e3762811136b67757f37813ad6ca0891b709a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e63a1fdd6a42eabfe7c12961e8f8bc2 |
| SHA1 | d4aa443ef840b4f8ccad6c8c574f78a66e2645b5 |
| SHA256 | 66783ff091c307263c4753ed8d054c0ec98c7228e33e6f07044d51e3503ef9d2 |
| SHA512 | db05b4b306312e127453f4d10c3dee443f1c4abb7ed0ae38ff07ccdb644465c733c9a951b144397552108a8f45866cde68cced13530435275278953a753d6645 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 893cf5d43ceeaadb7b8388a2ee7a2c15 |
| SHA1 | 2c82bf418e53973e88918ca0a6cf32af443dc122 |
| SHA256 | 6c4e14847a5f7a505f0eb2ffb29b584d04e54fb526218bf7f44ae6a2815b7359 |
| SHA512 | 3c8e6f1d3e129cbd6737ca98d500758986f9111d977eb9af4125753ebe937117eeac239a14c9cd489cab3f9c117070522d31eafee055d8400b81c7bd1dd668e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1dd4271c1205bb9109c28640971a0b6 |
| SHA1 | 115dd661a7069cc45ef10caabc8eac72465d9232 |
| SHA256 | d884dbe902b537f3e5135c859a8111df554885d6a8fe47b2a9dde532e50c2181 |
| SHA512 | fd49855ec17e0c9f3d6a9c44f2e43f9bb1aa22050fd6a79371374ebc533579784dc2947201ee972ffacb015c6fd038defd26f5fac63717fdb46245b00fca4007 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 516d605e6b2f98b1b95859112ddad04b |
| SHA1 | 1e6b7cf3de0fcdd264b365087d9d040cde47dca6 |
| SHA256 | 1e070b249ddccebb1739d632282596fdbb220300b0e8fc81bb7416fad6958d6c |
| SHA512 | 437fcb91873de34d2f1c5a47cc3d32a2ab2e32ba45c153f5fb71daf2fbf370bf2f96a83fa67da1981b51d5f52af0d9fe3a581a450146bb16bfc5aac85acfba5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f711716b362a194e0e1dc1766b748cd |
| SHA1 | e9baa925016199d0c2798bd56cb82f77ee03f5e7 |
| SHA256 | 1e51b425acf95304c11f84f4ae0213dd16bc8bf87836008f9349821dfeb70782 |
| SHA512 | ffdf6da2878f91b57b733ab5dd0375704bbf81f9b05e4adedeb90e5a87873054e6648868b816c23a9d80bb321650485e2982ae51d1fe0d37035125a57ef73440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac2561a8f1f727440fb252c3a6d9cfbd |
| SHA1 | 19bd6de5e3cd26e18fb1880adaabec69976b68c6 |
| SHA256 | 68c559c76cd0802312d04b532337c4839509e5fda4ef8748d234cf9852255ec3 |
| SHA512 | b8242597bf7ea65e9f4012a2ac0f5f81d0b26447855ce84068579054201a92ead3019d6ef56ccaf673aa639bcb491b9623f7f5d0737363a192c0981f5a67408f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6640c996320f53282dd97ce8e1b8aecc |
| SHA1 | 9597310078b0662224fab8a33868a916b740249b |
| SHA256 | 4febdaa5fdcd39864241b57b06e15bf469bf4014f0043d0ab17ea5c9c17e6996 |
| SHA512 | a9e064d37ddf8392c8d98ba33b94f3bde1f26210488782da394f72af39c670f9d326f251d0320984daffda40e1ab55e717e3d33ef45a9657fef9f1f2aa2c3b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c7bf057764176f2afd844fc1c2f31d5 |
| SHA1 | 3073fc872dc7f972fe487c0e8b42f80dc8bc2fa8 |
| SHA256 | 9812d887ef7b30630ba72bfbcf08fa0ea29d22911fe35369c911e468c96bbd5b |
| SHA512 | 0cae0a708569f9f9f2d5a873cb8885f8b16ada06daf9a399f846ac91e0681c94c3ea1344b729f4ee2ef163dd5a8ea2d81d82f139334f0671ae30245236dfd3b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07fdd69b90c2745c00d31255212fad57 |
| SHA1 | 0d382c38ba619b800fd76d39dc44b0fc9260ff12 |
| SHA256 | ead8632ac6fd4cf2f1aa7de06b47c62f455d1cc87916c1cd797fe1252e068006 |
| SHA512 | 9a66b54130b394eed0505525431c56f12e459f46b862f4b277443d84a2f0d4802470e36b3448557eb7ba46a0f723f33bc71d22f35eaaaad74169e24e007a4e56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee75995fabf81b8ff1fb3cb66ab24b86 |
| SHA1 | 9422b7aa1e11d055e0880d74ccaf4f2b296f4bc5 |
| SHA256 | 681427d62244ac592247b634b5760ed8387248e3c08ada087efc2aed02046fc6 |
| SHA512 | 7c4bbcfd498c2b2a8853819180ea0b99ac7dec990e47e3f36706573a9b7aaeea0665f6fd7372556e2c5ab20f378832668dea590fa4f8f1780c75f67ac811dd56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a266c6d4d3da6ab41023b6c74b972b13 |
| SHA1 | 23b7350412a8741292848bf8376399345b70c2bb |
| SHA256 | 11994f94c68e26fccc4e93de1c5b1936182042fe7d9fbfdfed3133de93e0ef04 |
| SHA512 | e92984f3f6e34d98888bf7b022d8358d1a755c15187b67299ac2416247e0fca2cef29ca957f46c1fd89007d1347a41fe4a7f54ab2e47a85f8b7f730690943bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c864d6ce2a27cbb525697d1c5ccc0543 |
| SHA1 | d497bc50fa0e32382e4dc309b335452a292c976a |
| SHA256 | fe2bc6c296d2dee44b1482c8050b444223535a384bdbfce17b6f3757ab7031fd |
| SHA512 | 42f981a77cbab67567a07324c217e1a583dabd3996636c5d259d7be614df7c5e63f8e2866e3a1cf6dd75d26447fc939a80675c861bc45bb3c023bc4c7fa56c4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1a5f448d67b5b81dd5a9e31bff18c6f |
| SHA1 | bf23a356d10d5f9995329c8ab6f87bac4b68d61f |
| SHA256 | e8f850e0ca394612b80beff4b7c60bf5064bb5ea20aabb89c3b79ef1e779fc51 |
| SHA512 | 3780c0bf08477e0880e0c8b2a87b2ac9a0ee8f8a3258d9f867df6c6eafc05e17b6993b43542d90e1f34b8229014c2cf4a4704befbb42533b1df73474ea215909 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:56
Reported
2024-06-12 22:58
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2cece7715174097d941ea8009ad0cf3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccea246f8,0x7ffccea24708,0x7ffccea24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| BE | 88.221.83.201:443 | www.bing.com | tcp |
| BE | 88.221.83.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 201.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_2716_HYIYNCDUKMIHXFDY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 659ccdc4928d4f330f617fb04d950baf |
| SHA1 | b79b3ed0bb9f3a40a089fda5bf054eb02cdb70af |
| SHA256 | 56d10163bd55a62659e9704ab2adb08be4ccd8a781033e6d4d44bf99d77ece09 |
| SHA512 | 7f3d6fd393295afa4ca194eb5295e3d520f3ad83d3e79353a46622da5905f1486645c5832f42299cc07e07b11dc9fffc5a1ebf33869154c6a9ddedf7d19c42d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fce188247a0812460cfb380dc523ee3e |
| SHA1 | a438776632b8a285972d46a6c2ba4c91dbdfd13e |
| SHA256 | dc901b4a6df4e1e07fc7fb10f0c7dac95fd666a242f99fb29a9a96a730199416 |
| SHA512 | 1b5b29c619f38b01413658d1a1c63f47074710cd2df160cd9257c4246fd0a4e1040ca9d66c595f9734c957c8c1d217fbc1cf18767ffda4f4cdc94fac5a96d5e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53ee825b5a9627f5b7d5667341983d52 |
| SHA1 | f0e2e1b248791db71ca3343c50424177fc20bfc1 |
| SHA256 | ce007ea2d0f458022d76ad51dc7304fa5356c499e30120d8675ed1218ff81e12 |
| SHA512 | ebca4ac7f37abcfc5ab386da93b24367603b747a457350db4ce3a6859a5ae066ac304d838f8f27d6f23b2fd0eb0aca0351397471ad3f6f467360095b41d5666f |