Analysis Overview
SHA256
49ccaa9d4e11a929571dc1bda48ed05e3a8cfd021b6ccf5b7b2bca696119e6da
Threat Level: No (potentially) malicious behavior was detected
The file a2cf494be654633ae2da432f79b2ae82_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:56
Reported
2024-06-12 22:59
Platform
win7-20240221-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bdd3d10f6ecb594391953982abb4a61c00000000020000000000106600000001000020000000cb763e154d9eff8f66a0fc2511253519038ef82514cab6b1c9cc7f9864f5ca06000000000e8000000002000020000000cdee1fdbd23dc70db137715d2bfeb13ff27398d76793fc150a12f74f3ba4bf0620000000e80a4f21ba67b3fd6bb441c69ac4bc2b49011b1fb498f494ef61e070484d838f400000002f632101efd4bbf0cc2e2654c8bea5a1deacd0463c5eed9124c0e8886c7e4b353afa8f309468090ef0d1dcc5152be85adeec7321d55cf50d5b290ab318c37706 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e09706db1bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bdd3d10f6ecb594391953982abb4a61c00000000020000000000106600000001000020000000933bade9057b1c885513644dcf272675bceed82b6f1941e34297084e297d4989000000000e8000000002000020000000f5f5554ae8e1108f2a49db40809020a3cf5603840c6d84d012d12bd6460f007890000000337e003aed26f9128586e199442ee9bf694c933b9228cc88517261cd36b88354f9347c88cb22f21c47c791c97187cf03cf7d381ba9bcd1fcb97e27b907b8256b6c826131e908a300772983cf736d431d8e08332f1a7c7d693c2262e04b43f4a7a034048c8e6a1aa6aa245ca30cbb3813307e0c7ba553741cb7bd5efd61c4ccaccd9d1c3fada7ca68465858d02aead3bb40000000b4786709ff37c99e7d25fc5f0267bb9bbc8977835372812b5d22d7a9cef71962e853313ceb7721a93ff6772ab184bd94eed86dad02874a75267e51d562077868 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424394859" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{026841D1-290F-11EF-BECC-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2932 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2cf494be654633ae2da432f79b2ae82_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3FCF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar40B2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42484825cf917bff98eccb3dc1fbf001 |
| SHA1 | a4e623cd3325ca394854c9147f8b0194aa51f276 |
| SHA256 | 105e093863af688aa19d7f1b0dc2542d43ac1c356aa1fbed772c6dfb3a38fb7c |
| SHA512 | 491c0903903f0a3258c46a0c48a7a99bb864116cdf6e6239c9e8c785f37d75c4b9aa8198e3b42ba20a1235ebf3a5f4802bbaca12b089343b26f8f6c5ef49191e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c3f8b09cd5c100fd36143c7b19432a0 |
| SHA1 | fdb200c49726fbac3367b0c4b99eeb633b0b0b5e |
| SHA256 | 67d107b620d7ea0489ba480de867f18f8a16ca53767856428e9818acb7255021 |
| SHA512 | cf68e144556e28b5f6bfb6806bdfa1d8a0aa8c25b745e4087d04fa54309a820fcb9927d0fa535efa076de538d5dc6523497c8959fc892843c0fa2a064a36cbac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cdf95dc7752ad1362df3d26bebd6f7a |
| SHA1 | 4ad3c4ac2198d1fcc6f7a5430e864ede2b3b3c21 |
| SHA256 | bbcbc577d3a958efd8a6eb9eee044cb7ec2da68b209861c046900d6564f58443 |
| SHA512 | 49d3117eeb2c8e884a2ad0e25972e192502ff6839d7f87fa31f891c2665e0361ee01be8b514356e69e7a548a557c62856a70b5107b22bcd1ef154e14d5be6d85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12683918ba31f2ce8629215655ba04fc |
| SHA1 | d93080a3cdc00c1c0b133be15e92c0e6602aaf1a |
| SHA256 | 99e49e3bb1c457a5ce8e03852720dcd310392b8481e751474dace7b817bb5ee4 |
| SHA512 | e061f1c70896178e5236f054eaebe16bf3f5fdc31f1607d2f52b1710c8f63507ca2d181bd1cdcbbdc789695700062d1ece3b22f8da8f551a7f37d03905bd5210 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4abadd7e864d88d77bf35e3acb202c9e |
| SHA1 | fa8c43a2c63f9bb9876791a9fdea8938cd46b667 |
| SHA256 | 092542b498cea116a650c6298be6a3af7b2f6525c72ead5850a5b70d3fdce84d |
| SHA512 | c45e6dd2330457b4b6a86b87bf97f3db0e1e76a533152281c881cae68584e4db2ad67582b9467dc6a798e45f432314fef84d108a46dbb8e5fbf728879b93d9f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 231bbed6f3ae7ddd2b4ab7de935184ce |
| SHA1 | acabf508478784998c67c36f2d7d57a812ac2ccb |
| SHA256 | 07cb8fdfd83cd0111562cca68176cdd217fae85bf3599d1a91798b90f8ab9166 |
| SHA512 | 8208d74458b2e3e446245e0fa3335ecac5eb7ac3f0509309e15ff62598adbae82d07896d6c0685e41ac1f5b1a299c76a34561eced2e628d9b8e4249c2a2b15e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | add13b3baca388d0b967c985c46161a2 |
| SHA1 | f82f1791f725d221d878b412bd7485e2da6d957f |
| SHA256 | d81eba9b658914e9b6c7d0ae78b6dea1bf66ccd94098363254445134b3fbc4dd |
| SHA512 | fafc38e18eaf6084813bbd635c9b48de5fa89d839a41c44846bd5ebae9ebe66a1722db9b549d559fdeb7c9b7ae1cd828a452b59b07c788e5ab39c030757c7eac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bd4a4d854b45711891389dfee21b001 |
| SHA1 | da641be17440a4c9beb3e2f9e2849aec4677a43b |
| SHA256 | 808fa9218c4085353c18167a0f83d2d8b6f8348220cc071e3ab3f7c0c5642cec |
| SHA512 | fc0c425095ad18430af66986afb284868a766c6aa6f7843db889046a7727b1d3c499d3f39d74057f45f2fd68d7c46c8221d518f04819c472797cc6249587c7b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f66bdab8116efbc948e2a3ef2a14cf3b |
| SHA1 | f1c2fbb046772b9ce3b3a373dfbafa44cf8dac61 |
| SHA256 | fa7a99d9693021660689b41e204c5335dc5334abeef5c37eec8dcacdc9efd5d8 |
| SHA512 | 6dc3c0434d9f819287c1a2867705a1ec39527cd3bc11349b2274811cc0e52dade0d88163b63b2d3079f4adf46a56be547fe112d8cd1faa30230a4f12bcab92c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11f172d5e5eae65f0981acf55d69410d |
| SHA1 | bcff627d51667885bcbd84147d4424f6cf5a6a2a |
| SHA256 | f72e9fef6d76ece305f50229c65ea5160f6ff828a6584cf397e31166f780d97c |
| SHA512 | 3acdb53da7129065cb0a558574e9295b863fabdd5fa629129a16d6ae9d27f4880bfb65a2e3497004e242645b21deb0291b240c29f5a2bc4eecf009b8311b38b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee2e349df51e343dae8bcaf62000874d |
| SHA1 | 15a8ec8452da43c55f6947b1cc3cb019915739c3 |
| SHA256 | 99a23262449395c8e2ae767e1d0c989f423129c80d9255507a01dba26d3935f3 |
| SHA512 | 30a00afa214162ac00ba6ed16c49429fbafb7205d57a64794a5c0c83cd53c0b4aa7c202896b212b5eb519e632858ef60d3a3509358ca67f7e1a028d761d821b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07c12fe25a6955e30d9e4fa0831854f2 |
| SHA1 | b63d632febb28c1144111a77f3e3b9d7f257ed39 |
| SHA256 | 9f7a90180a3e8c5e220ee6025e73ed50edb1c57761b73e1deea7c00e271e0bd8 |
| SHA512 | d6c2875b4ec9b6b7c9894ca212031e10144515667061bfc1c663d065c633823cd750265fddd52e497e0d04a8b00a81d864d5c5173ff5549a5ebdfb6dbe05b702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea7dcb212429dd338d7e79e797e6ef08 |
| SHA1 | ba726ae77b399d634314091ee63e4e178fd3bcb6 |
| SHA256 | 8de3eb520d0d8faefd1d7f4f518aa3a3353a9643ec63e9f7899701d8857e04c1 |
| SHA512 | aac84a6c8114bdb70753870caa64bc19b7b4a7ae9ff2ee9989722e9575ba440da1177772750458332cdab8fba2469dd00bec69c19b509a562df8cc413ab26adf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8b51359b986dc2f5a0b1cd14b5f7c83 |
| SHA1 | 84404705786ddb5cff98c94cea19c0f6922f2d3c |
| SHA256 | e70ed345a38a6d45201d2ff99e1ff35d5120e0ae071b0809c92f000eec626a27 |
| SHA512 | 7db6bf7dcdc39b938679365fe3504d6bde9e82482cf6b323c768595778afab260a05dd3b09bf8a5e89ee438c9caaabd53b96c5dcd7245f81d3a42edcc1de41f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5a4bb661e0977fe488928f771f897de |
| SHA1 | 5dde7f6bf146684ef732136674ba48def6b9fa58 |
| SHA256 | 6bd40b06adc5a50820d62dfa4c106d516396a301fbf4a2449dab4986c7d2b0bc |
| SHA512 | 1dec42e874fec3539ba6e94ae9cef044a90f2fa9d2d02906c4d7376e54b8997ff7d4c0d893ac8dda8e7c94c9e45b7471d31e3d0fc96b4288bf65108a96fa4f96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3991a4e51409d54ccc7d62ca6d4bc8a2 |
| SHA1 | 560e32913f16338be15f1cb55922b90bff14af50 |
| SHA256 | e4c23fa93d30f2a23a22a32ab4a7ae4fdd5ba048ada0319d69fb663a6ab42b5b |
| SHA512 | 92cf56453b82146485a95cfa6717b42204f8148bf845b4961b22d0a84348235909553e47191dd235e2e62adadc1f4ee10c5a68cb653ace219e0a9e2636ad5022 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e10b0955f5f7042997b3aff9683ec3e |
| SHA1 | 9fcba1ba2971267145edc229424e9d06c1b87bab |
| SHA256 | ee50fcf058cfb2f1d7a2cea64f01cef6a4a7071a2b2561a2dba63cbe57781b35 |
| SHA512 | 6430a2331b47f5add4c3ae3797f49eb2d3b6ec2a16a57084cd4bacba1f502e83ff7c496820ea19cf7aa226280e72f2f03e7755c1aae861caaaa9f04308203d4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ecfe0663ec9ec6500f1bf7faf97aa6 |
| SHA1 | 21d600382d8e1eeff9fd1e4f9f6e35e76a64e477 |
| SHA256 | c91d0a6a5f6fa0a8b5edc0ea7f27a062d736bdd54a78a845ab4c3fc4a621529f |
| SHA512 | dff2d48fb92933a684a5109f2a54a6bdffb008df9f9d1cc3c3740aae8ce339abd3dbf85bb199dda7f79603135175107fce909772fae4d093a646c1b4098e69a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05b2ac9255eca0301b9ce9b9069fbba7 |
| SHA1 | a1b9d89d15fd20cc6ecb32fcceb760aacd9c7a8d |
| SHA256 | 1577bc3ed909c362a3895cba59552342339be685efb8e95a89f30170cd45ab24 |
| SHA512 | 7328b194b3a9c0745cd3c63bd53a7d667dd31991af8903e7f564ec2eff7e256e1af99f14adad4613ec24eb67fb602dfc2e3fede895d675ceacae1b016a5396b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63e0007858711f2fb362d43385dafdcd |
| SHA1 | 163b4b37e3d7f9d892377e7371f44a70ae323a5b |
| SHA256 | 084d15314714a1c541ccb92aecfc28305d0263f703f3730f48241c7a005637a8 |
| SHA512 | a0d5a9618237a80f11d9b92addd5936af9b294b17a76d5cd74dcc29f7c0f7dc0692dcd0872b2841e975b3c30f235f935b856078fb3b86ad839bdb699307af556 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:56
Reported
2024-06-12 22:59
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2cf494be654633ae2da432f79b2ae82_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10493241858930681184,18404830723962630206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3152_EIYYSYXKROLVQDRR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 243f3bfc99f356b9055db02ca9895455 |
| SHA1 | 1bacc458da73676a29b6b20353a8538cbfc72272 |
| SHA256 | 0fbb0443bbd0f88f9600717f9b9f5abbed95876ff1102ab34d0637ac9a6bdc02 |
| SHA512 | 150f5b5c2432c6c74fe1d97b8c2e36608655f68baf314702c1ec273fabe0ea9e1b1d6495808fa8169b7e2544743d718fe4a7b23d38151655463c17949cdfb71e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 401420c1a1aefccd65433d565896a94d |
| SHA1 | cea8fb76632fb28162d9535b593482c9aa1d9300 |
| SHA256 | a3c63be8c8767d2b7ec1621a974e10bf84009d36620457ea839e96e80b35babd |
| SHA512 | a2180e1c72143c9249f14f3199f1254c747404e0a6b87ce71e51243523863ea9dcbf8db0e9f5365f40ee7717c73fc7d750d82b9c53937bb3059d1c7c96c285c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89d80c73d75da33d5295d4e32c79c40e |
| SHA1 | acc8102a14ae75a130cc61054f817ef348f76af8 |
| SHA256 | d99428a8673c1eff8374c3581846b900e4c322209e7459a2364861523f8f3301 |
| SHA512 | 1507e2d57e7194ed20be7ed65b4f9837dbcf946bf9d90416ad6d3c858bf442b04d917e178e229ba4efae283c9f0ee046e59ceef18b93b2ce3f48d0365326b243 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |