Analysis Overview
SHA256
38368093531c559281116a503d9793addf4578875348feb9cae26e7c7c0ff227
Threat Level: No (potentially) malicious behavior was detected
The file a2d2778be998998ed954f3ad8bfb811e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:59
Reported
2024-06-12 23:02
Platform
win7-20240221-en
Max time kernel
141s
Max time network
119s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002828dedf51ebba4c8f297cb7b431175400000000020000000000106600000001000020000000f675b9b7a6884306277f71a1aa512a4b02c647fc666ea573bfbe3a5726f1fa6f000000000e80000000020000200000001500089b14f7f743c8ab9928299ad742fcce35359acd8ee7858fb14ef2c44cf120000000f021088cca229c07f0435a7393877bf7e48bb4ff232c5b33f652831549579fda40000000c7ab5a1751ab9678db3d3f8f660c4a03d9240469da55809214c9d36a0810766f754a8393a78e95c6df51e753f5c3f5469ebb181abf231d80a29c436c05e6d360 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395043" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{701DCC41-290F-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002828dedf51ebba4c8f297cb7b431175400000000020000000000106600000001000020000000e8763b810ea8b5fa94098459948559775615b324e64e0e1648cfed573179ce98000000000e8000000002000020000000c8eddc8d216f9bf567ee736a145218ee44bf31804881a5566a3b77aca88c4e9c90000000abaf110a15d7139f2c36bdc539deabc4c3f8e78b1c2d312f23e8d1f847c544f7f0bb3329afa612a7001f195925d7f7f43b86b3ed890264da2cbca2df9d6cd2e310e1cfc1ed0fa20b37d9234a385829110cd916af7844a14fcd1ce61637bc9409b0e06a10455c74906c3ebc5140a79678c710ed1bc8e95b3f9d8e2e44cc851f7043afc60199f6fa14da1f1effc3880e6b400000001e72138233c8e895a75baf5db6d7586437e1c665234faf03165232c3befdc9d904f28e321f66b966bbd709ac3ace042f7a7e42b60c5e4488b3d546a3ac457a7a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c056cf861cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d2778be998998ed954f3ad8bfb811e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ztu3m.36106.co | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1D24.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab1DF0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E05.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b6f0bd9c698e64934e74cd453bbd83f |
| SHA1 | 7fab94e98ae2d774a5dc0097689156848a8d6ed3 |
| SHA256 | fa58fcc888c07be590aaafff9d20525faef9fd6ecf41bd7b4e6d7034778bcdcf |
| SHA512 | 69e3fed4354555e3e8cf6563e824511e56d1b8e6009254542f014ef6dc6d1680b07859baad23f868db5313996e40a790d915ce50d29bb19050c5dc4023567ed1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a98f1c0f2facad5ce333cf06f783650 |
| SHA1 | fc16aa5424d352c0d6bc860fb100dcbdda352d79 |
| SHA256 | e22626ef52871f7c6ee087b6a09a8b0bdc219685f3e0df6806e0415093dc939d |
| SHA512 | 88dc86846bed1d439c8d0a292915f48093627a3fac2b367ca5afd465bdce29a9950b044da429a92abd9f72da67c04c088a658bd03e6e8d1aa70c58111515b768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5549594880f75d980798bfda15de8366 |
| SHA1 | 4ab237a6bad9cc47c70a0177ec0f26a90350989b |
| SHA256 | b0bd902a9e036f93135b52f782e90ab7d3a89fe0e2a10ef7d51b8252662b3b5a |
| SHA512 | 3b490ae517f433d05f2f6ce23d7e7ae0c1160dffd2c249e3c0bfb7785c6d949caa83ed605178ab5b196f04a2a73444da10b30dd2f8583cba34d10a0b74a0a238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cfe8a282d039d3767c5ae8a2cebe5f1 |
| SHA1 | b1e650fee39840e1d95e8653e277a367f261130d |
| SHA256 | 67b48b1503fd24bdea47f0896a7d6d1251ab676fc1d5fb5a42811be912034ed4 |
| SHA512 | b182ed00363a896ce2e62fdd67de44ac4573c777ebf268ef4da648a6bc801248cb4c5956272dcd8ae8919c77c3cc1b478de58a092ab3c881cf79b71372201287 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5003199060b3d4196596dc396b39ebd6 |
| SHA1 | e0083bf71171b9ee70a66292c88023c8982d8d23 |
| SHA256 | bf353a57e865995c4887f46d638db3682a11f8e58d11e82c93ba71c5f9fdecaa |
| SHA512 | 72ff5c1e0877a71fbc81ec0bd1fb01dfd45e18e420f43c9dc62d59225a8a26ea45dc7fa253e7da0ad7cf7e8005de3e565c6e5ab8644643f85e25a66a4d4f27f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e123c575747c1062ddb1bce1bae620c |
| SHA1 | fecad4ae9701dbf7fcedb337e4f819ecea5d37f3 |
| SHA256 | 9367e25ef5b10e2e42752f505ec1380293a46f033cb30d8bc063b49fd695ed61 |
| SHA512 | caa1b93baea2c10ed9009c0e167a58067e1cecf6fa2f926c2c74155d369bb5c46f43226b8e5d17ee4041d96cde9cc1015a723cc6a1e58d61c1680518448063c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 195224052ea2a5de7e7fb5aa696c8ab5 |
| SHA1 | ab0a39d1dad1343eab42a30b2015655b9ce6a77c |
| SHA256 | 5b5420b204f55aae158061575daa3ff07e88998480135a052ddfeae95eaee2d3 |
| SHA512 | 0f6f6a0ecfe401d8cd0a927cef908ec176af2ff29c954d3b1720dbe3b68450cd129118fa0a280bb33beedfd18387dd6f2245f34664590a7b53bd01078ac1bdcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3577c6362c91ee0dd8ab483614fb0834 |
| SHA1 | 636531790fa607a92645ca5fb4a6374ff6ba8444 |
| SHA256 | 2cdf1993ee03356d79bd747d540d31fac9c9e8725594814019f160d7262b03bd |
| SHA512 | e667b4e94fb17fc6d372f01646d5981f631661b8cf443deed53ac073af36d14a5fc702566ca506b8466e1b511596192f83ed6df15903b3712c50c9d27ae10419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bfcfaec14b2d717a2efae1dcbe9712a |
| SHA1 | 64719d6335edca0417cb9d3d9104dfa76bc73457 |
| SHA256 | e3d97615180bb1231e65bf05b31621f454e9ed9108074b4776dfc9a7c646307c |
| SHA512 | a30cdc6cad78c6a3b6cc6c467ff0d9ce634f026b34c3605d2026ae9af8568ea871de644446a6d9493a5e95e6b3267d26fe0294cdf332a5a6fd8c5486da62d5cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 843aa7510e080d9bc062709a90263c42 |
| SHA1 | 0f4871b660ae4c07354e16469e83c21669a1a256 |
| SHA256 | c3897eda691c06b50708ecf959d556ba13ccdd8ac0edeb27cb510ebe720a285a |
| SHA512 | d0bf8bbf1a6da6be32e1dc8bd753eb6c9050b865f42a62e9bb61737f393303ef745b7263d2e9e02cc74b17005f6e87739e46d4aa6f3e1bc8ee6609be9f97a66b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e9b26002f85ecd671634c3b286c00ab |
| SHA1 | b4bffd30e9bad904e686ab3a7532126205ed6df9 |
| SHA256 | 8f3ba0da64fdde4882fa9ce6b104b3bd18412340fdeb082107fc0133c5dc1b19 |
| SHA512 | 990fa55a749fe848547dbf255c8e23c52e25576892774edc5d01f04ffe97a18aa70c9b946e96062dd6f8debd5fcaeabbcd9ea50c37af7ae3108ee21c9fb8ac21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb63c1d07ab82c64df861cb8487c00ef |
| SHA1 | 13d1b01af32d4bbafd3ed1958629a343795d59f5 |
| SHA256 | 4c958f5ce1708d138e657f5598db8395234e8c3bf90921215619c06a7bbd7fff |
| SHA512 | bdbe89a1e4e83cae8935e134f8c906993e7ae31c486d1b0c1137f16074ddf36c306e42478bf8acde2d8b36a03975489f5b9f55acac8fc5db31af303b049f5839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 974188d5837a3d2035638d4df38fd31b |
| SHA1 | 56a1742e89d257e7c0cabf13bb11de5c2f30d4f4 |
| SHA256 | ba3c9bd463cd11fd79dc6fffa4f840f9b7a3a653c4d8550a6df15041f895eb77 |
| SHA512 | a48064e53b50e511b2631ed5fd0355c63d34b899b4cf2eefa6bc2384c6a6742ad7a27aad0b161d64c02a1e7b35e8e4e6b0bdf762d69fd7cd17a80dea37b3e0b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 648b715f0f398ac9787ce8fe9a384db5 |
| SHA1 | 72675b4b1c7e9afee4622347a2e8e0421e6fab0e |
| SHA256 | 1b6d03953a27d3e16d0dea027f9555473e018b6b33a886bf6f9d89ffa3a704a6 |
| SHA512 | 23082118ab1aebae0eaa386455b60e9a74bfda540696538fcb6e3c6bffe804a466e7b207cfe0a8cf9c380ab70c375c4ad5f9da80f8945a9eeb29bae6f67e5eb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06542e1efe25722a889c2559d10dee17 |
| SHA1 | 1ff5c0598757ed8ec73a19904d26ed59548c211e |
| SHA256 | 3bc64175b73eb32b014317c2735c266b5ac24784df8e991a9b3f36bccee7623e |
| SHA512 | 47d2f5dc89d13d69040b6e3fba211e89df70a5b8bb17591725e01556ffef07359253a8cbfe600e9943687586eb47237b60b17b49389bd0ac9a3391a9ce3621fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e66afeaf1a3a2ed5adc4195fe1e09a |
| SHA1 | b4059c5d7a2993e2cbe2bd38798101bdf26f971b |
| SHA256 | 3f33f069e984a2b70ab9d062d57a5bcd10e6fb745767344779a40980077075b8 |
| SHA512 | a9dfc8fa57b120453cdf9bcdfdb1e7083353eaf889d3c4cbae97328d36faf707869901c7462c016e159215b7ea43f8d29567a5997fcf0d1a37f4ebb4844c2bb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73494e276a3a11ee5d80387f2d87573b |
| SHA1 | 9a399e15fe5f77d1a9a8796298d3802bbba933c2 |
| SHA256 | 0a6b56b5831c80a32bae718e4a1b901fad1c012fcaf421ad66a30559f1de3875 |
| SHA512 | 80ca7142ad9d328351b133557d9606f3e1dc4407f8f43c274960031fe226827aaf0b38f2badd38513080ecfa0a4b2d71d220c83855afc3734232f1dad3a5c442 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d659105a4d419e56e683c086f15a6236 |
| SHA1 | 5f95d83bc930e1532419d1a9b1f2ddec320216f1 |
| SHA256 | 3298743f4cf95f5a3b545bb59d72328e5174a42f806b743143766a086e5284b6 |
| SHA512 | 6a2b8b4f98cc62a5d351bb2cc41296e40e910e177393a30826ff9530c7d3106abe8c9a1cc5e6a140b4f79aacbde16a56d183c9dd03f77dd7caeef768d408f00f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62825b9334434a1ae224a83a4cb44750 |
| SHA1 | cf3e6d33bd57bcb2812efb8d667ea046864b39d8 |
| SHA256 | 8b8f73c01c4b882f79de135dc0b2f6de705613150d7c2d8d81d27199fbc9f1a8 |
| SHA512 | 138ee5f2399e390c0c16b007d2eb70d10832fb778bbfc88c518ef9788ec4042ae07e2c2cc4509b945f37c0cb7f54d74e2797ff33d8c88ad8876db9d2fd72cb9f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:59
Reported
2024-06-12 23:02
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d2778be998998ed954f3ad8bfb811e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d18a46f8,0x7ff8d18a4708,0x7ff8d18a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9738411277827157686,16879822218558865416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9738411277827157686,16879822218558865416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,9738411277827157686,16879822218558865416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9738411277827157686,16879822218558865416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9738411277827157686,16879822218558865416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9738411277827157686,16879822218558865416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ztu3m.36106.co | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 2.17.196.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 177.196.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_3488_RKPOQCJWQLXLICKF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be9829f1ba9a96502a3872d1ea965a07 |
| SHA1 | 5329cc2d5d44c7aacc10c6ddda32bbfd5f93b135 |
| SHA256 | 966229d14ac53dd0a994a603235fdb4bd24694ee6b2716de792d2788b7d5bb59 |
| SHA512 | 98168e76081e0a456b9c905c1849bc18ff4d3e1fdd0886a0a2a55a716e38836029c8fa2672efe40911c335cf0b312815be6569d84ac874f02a684ee8427742b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4df44503-e002-42b0-ac31-caa26e1354f4.tmp
| MD5 | 4ad2d96b7bc1393a67a9922ecbe7d404 |
| SHA1 | 473ca1d099203bbe0d8e0f410aee21a82e8a0e03 |
| SHA256 | a20ed79935f9719ec30589bb1279f124f15d3a8f79f3e72d33805c1b866e2f41 |
| SHA512 | 16751a7e7cf22f3d4219357e2943a52d4494aad0b7c0fcf0c911f136078f0ee3b0b5b0868b46885456de387ea39fa6cc7f05646d26586c42feefe0d09a8fb55a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 527c64c6bf5d67f19aa551ac95a4b515 |
| SHA1 | a8b5dd9be82d9ec77df211cd4f64600255b0a619 |
| SHA256 | e0f4af5c2560f52a4683cbcaaa44e4d870a447cf402174695dbf4a18847f4122 |
| SHA512 | eef32d4a3cdecb539f4d92fcac0ae74a9fd0e95ca065a30b62674f67f2a93119a490da7562a928ea44886dd34c529f5e166ab23e854ece48a48336ba29263f86 |