Analysis Overview
SHA256
f55ecbf2ad4660558c979a93d00453c2c159530b5fe79f1add41bd0a1cdc4c39
Threat Level: No (potentially) malicious behavior was detected
The file a12d9cbc111475b4b9a497a4a7e9a337_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:37
Reported
2024-06-12 15:39
Platform
win7-20240611-en
Max time kernel
137s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368512" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000029d547accfda8e1e21ea62b80374d419cadbf9e7f842c29facfc261fc0f0be1a000000000e8000000002000020000000f8b28ae2fc1e3aa5a106cf8b803e26052176ef01cb6c8b524947f7afcb95677620000000679016cb32e23e851fc3a3646bd6c4fd9a7992573ebbfa5ea96a07e8ecba24294000000077b200208e5d40a625c06b65bbea7829b2d5afe14bde8fd399db59153dac544facef4cc2f85c400514acf6a0a54601aef2d9f20c2d68b968e2d8627a87d27013 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05a8c7edebcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b4463946c587efe8792bdafbe5e94d237ae512603dec56402e6cafad7583a2cd000000000e8000000002000020000000f592a290397abed1b41019deb767a45ced2ac9015aa3ace3c3902dc8f2b1793f9000000072400d0dfbe7edbc94fbbd12a400550b96be77e83fc769ee3554d2e26940b5721eded3c4c08f98ca7e657ecdeb29de403fdbcb4aa4cc1f069281e9a4b55c94906af109bbd51895bdeab8f433d95460097e5b2574dcc88944c7f46c973ea85eba7ded8e887835276efaaf032e833650e1b4ed3bd885c6d1054bb53b64bab5447cb669e6b8cfd099ee3ccc73271f52c4bb400000008f4798d681c5bdea0591899233eb10696857e4753e6f8af1857a557659f85e1ea0f5744c2aafbc7ae29bbc8b6a124fc5731d32cb9c5519bfb13a8dea5f5f0c6e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9104391-28D1-11EF-B918-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2440 wrote to memory of 2776 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2776 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2776 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2776 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12d9cbc111475b4b9a497a4a7e9a337_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | googleapis.lllil.ru | udp |
| US | 8.8.8.8:53 | images.idealwebtech.com | udp |
| US | 8.8.8.8:53 | uploads.idealwebtech.com | udp |
| US | 8.8.8.8:53 | community.idealwebtech.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab67DA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6889.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfd88addb1686e0d234ea1b53b4fc1e0 |
| SHA1 | a72feec9dd472c89f52e2528fad6fbf2e38fe9e8 |
| SHA256 | 5719004814a2bc0a6c7cc8b4ff3878f3972901af2431257572ebc821a98ccbd8 |
| SHA512 | 332a8b2b830a5bd26e47eeb41ea7ff86ee4386b38c781c1a169a2c7b670e3689f1979b03ea9a28fc3ff614aa15f2786cb6d9fbb4cd0cfd291b89a934c07c3c4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1cfb3339ef1374494d4ebd68b9aa1c5 |
| SHA1 | 8b16c3b0a627ced70717affd7fc514a3b41beea6 |
| SHA256 | 287f4f5b55fde711150e92ec966ace5921a344077bea2aff5396966ce6569b79 |
| SHA512 | 2341c26fa176e691aad8147b4c970d9e7147823a5e507bece4f2d04dd98b7285f4d0e558aa3eadc766c31a3ccbfaa748948aaef32a2d4a43fd8bc10e30a09cd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3532976f769982e2c27167ea698f94a7 |
| SHA1 | b30995531ee22104493aab02b37ec30b8797b761 |
| SHA256 | 59cd64b53704cfdc84d6718b5fcad29605250247d3c386bcb792f461d5e78ba7 |
| SHA512 | 2082d5440f0498f2ef6f49b4de668908eb773d8eb3fb6b8c2676ac2b3d905021c1c9a8c62b0d7d83631d599e084e7f7eae362897fc2c19167f767c94929f4fba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce9e484f276a527abdeac20300265fba |
| SHA1 | df6063afe72de776a978ef563ca8f322fd100344 |
| SHA256 | 68e8a46f927dc0d3547ac1fb8a2dbfdd4635bacdae62dee0eb3f7ad1ef5f735f |
| SHA512 | 1bdfb672c59ebdc6775367ad4ea9bcb7fd66bb99dc54db89ac8b9482e5d555354dcf010f4b5e08752714bba3c891df94af3d56ff6106e8765d741806234efdec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aea98bd4538312ceaea1a22682f69bca |
| SHA1 | b172b400a89c6ec0ec1283e3a9b4f4f00a5d4cc9 |
| SHA256 | 194db71cbdcb0e56f2a25481455b302098b2e22c9bfb148e316c8b0ee07cf99c |
| SHA512 | e29a33b4780ab6a5d39936977ec8b5149ae9224e6658451ff048a70811c1f17af38a89046621636897b25e8db551b192b3a9fe81d1b2f03815a04100a842287a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fea2f44161811606c817ed63e1fc0c2c |
| SHA1 | 21146cc0010c9a79f6db11c731f6b88d31e5e2a8 |
| SHA256 | 407e9f725474b9631dd860b26378fab9d22ce03c2c414f079ce2288df73f339a |
| SHA512 | 86dd041e0721fb5243a3d3aa167017ed9e0779aa1791fe754350943855b858bb6def6037a10533d1ae117f97b2cdb916fc62eb064706ec2bebbbc6c602a8c480 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ac506cf785b1dd2452b5f9528e7bdb3 |
| SHA1 | 17861b3d29d7e423f3a87167cfadd9c5f8fb7dd6 |
| SHA256 | 9d8e49aadeddc0a7d1c3520ec53215fce9d35f6b2d105af7dbd9341934298448 |
| SHA512 | 59e006b4ed3dbe417e7fb31ef0e458b5529cd3474c45c3aba4da6aaeeb861b0f0ce14c16f39e14169e9d46064f058fbe34a46b6e60c2a3251bc99346120bf4c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a2cba91d7df29f03b1461f6a71fbffa |
| SHA1 | dba070f0aaa9d3537849b650be8a2b92a4b23029 |
| SHA256 | ed3fbb9f6a7e615626acc7021bd6a050637568a0a1e5f714821fa84896867d6c |
| SHA512 | b8950a16d6cb041738d343498d17634210356bdcf93c3d082ee57b8231c3bdc6130ea76ac193bae43f6d4426c5a1b3ee82aac2bce7678e2bf89375afd6e973d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f5153fdd186e55d13c974c338728b59 |
| SHA1 | 9ef9007419b8587606fa990fa48c116830636a1b |
| SHA256 | 4ffd4a2d217d2efcf58d0cfcba45de76dc35422f2e1d9a596292403dd1d4823f |
| SHA512 | 587aa1e2ac832624e155e2108669e50bd569f68faf34f3a27c7631c3c40a79d0f78d37a09fe58e65b902536bc4b6baa723ec1c3faef060d2a2f1c8d73cab9b28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa885f555a230cc62d62dee1e66f835b |
| SHA1 | 29b33e6930083c275c3f2b586e1dfda69764d931 |
| SHA256 | 42f3f9a44956d63548fad653e98342062bd36b3d7f6932bf60eddecce9f82b35 |
| SHA512 | c00341e9ab1ce1f814fd3d83fc650aa38eca04b25c9d3fcbdeca2f8f515fff6d94bccfeea28e9bcfb4dced3b70436a35559a7b2563e509841b49303af45f4ff4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c44557906e232703d1caa6f3d50f6a64 |
| SHA1 | 4eb90a0983c2934d1f4f8957145ddade3bf904d3 |
| SHA256 | 676d31af0917d3e2208f879b6834caf859bf21657d0e446d8623270059e5d7f0 |
| SHA512 | 95dadc2e3d588876fbb4acfb81fdc574732e05a6dcb81d77e5145e349b0ba2655d40d9b430446e7958b2b0997eb8b4113e599568287d75c450407f10c1aa4681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 296988f94c5d12a61915582cd3ae77f7 |
| SHA1 | 493ce42b7ee38ddf295d73288ba0b25d04f099ea |
| SHA256 | ccfb21a70eed3d83eb2658c3e9b7dd5320829b48d3d5d8f6c1b47045a20d742d |
| SHA512 | 3d003b0788a1f9ffeb2fc2280c0373c03408e66222485bb6f12f146847a574ec39727c1a0c4e5469fabb7438a5c2fe66bc84fab51f1078f0f20b625ef734b08c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37147cdecf68d47ea03ff454a30d16db |
| SHA1 | 9cc7b6a79b848443a6360caca7fd8dcb34ab311f |
| SHA256 | 599bd49e0d92d387fbaa939077ff8bf6f005d68de6e1289c447044d003fe0773 |
| SHA512 | a8fdaa2a07f04dc458738f48d76988dcc6717b67fc066b67849aa497fa6a6f443c8da11de95fb88f4cf447b977682c174a29c703371ffe77562ad05daf318a4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b660b521a47969bee383cc68ebfd028 |
| SHA1 | bde4cf4fcc62828b2dd4925be7fd1de79d04c0ca |
| SHA256 | 2ad9bf137a3a21cd20e294c6d5cb856abbf87f341d5af687c761ddd2986f9242 |
| SHA512 | b26b2b88706ac11a478dc2be64e978e1638b21ad86f6552cb04978a796fa9567aa93354244e80db31841bbc3dd50b209f67ac8faf1f512918bb3224ac5fe7e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8612e3b47e6119e6363881a2a7376cfe |
| SHA1 | 73fc5c407102c223888f43571d523b2133c2d7c5 |
| SHA256 | 76f1509a0c969d9e1f1798f808094e9d9c7e62d27dd276c33a6dac8c7e0760d2 |
| SHA512 | 04f33821693139804a6bd3bd4b878a5654dcd1680dc0660a6c18bab29a0a99c2e593bb36bb29202f89493184b0da4a39c525bec8590f26ed1a3f68e386da7de6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28b627a965fb6f351997f131cf03c5ed |
| SHA1 | 2b0d8f0873057e36b6fcb199378f426962c69513 |
| SHA256 | 306f703d283de38db866f86857a01e0cdc2880094af574276b733acc00b1b4a2 |
| SHA512 | 59ab30b6528161426c455f46c803983cf9262c45da7418798f66147caf4b66a5e57d887fce0a43f52213f7eef426b55bfd2afc0caa23e3e86130b4dd77e78ee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0a520653d4a3c64b222d835220c1d12 |
| SHA1 | d082e999bbfe3fad5a81b810583589e63bfbd6ea |
| SHA256 | 6807ec8d323c760247f0362ba153c214edf55a59cf78bbd7a9e84ce8197a9798 |
| SHA512 | b50fc5beffd254e67768b9b61f405379cc110a278d485e82bfb498fccf8958718bfd84c064de67382039e35ee217eee99dca60a5a4aa67ec3312c52950fd5803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 657e883de8729476a448e9024303c774 |
| SHA1 | 8798bdf31794ceaba179fef9d275ead8865960bd |
| SHA256 | 363952e5d06596c4b519ab9c5c713a8e84748f23da6014eed16879f48d0ba957 |
| SHA512 | 2c4f2815eff39535dc45950bd1f1b5527c4a8ea1d381ff615c3b1f4758b918853afc4696810636c9315dcc2ab747e6759ceec9b4898db8a431efa5f321b3fde4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f676600c97ee3ebee3ff09b2b4a70ab |
| SHA1 | e9c28299c5ad008d7b7a163626439b56dbf11d24 |
| SHA256 | 27e36715788e61c69964600e5ccd46a5a5e5edc8d4c9f60e2742b5fc5322da3d |
| SHA512 | 8e3a9ae9e77e6647277d0ad261d288006309120d4560c98ee515e6c8747f0e01b4fe8c6cecb5244eb0d8f25f2b4b72eca213cb8f8304b6bc63c178baa6655c62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71c79b31d70e89a9ff87eed92e68cd5d |
| SHA1 | ca4dbeefadd4d149887da75ad0ddbbea5ff9d5b5 |
| SHA256 | 05db6e689f10b8bfcdfd4eb4d3d96faf14333214adb6be093685309091de3521 |
| SHA512 | 4646486d3ceb501f5527100810c5fee8c31071eff4355bd32370a65653fc65f143dfaa242ac59bd13b6478d20924baa5260a425958cc63852e76fc851dcee59b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9a1864fd2817dcf965776ed1094cc69 |
| SHA1 | 563c9c374e09c707ee86c5539ded9f710381748f |
| SHA256 | d01ab0ac372ee81423a8c3bcd330e2136e3e41405046c93159a658637f7f142a |
| SHA512 | 3f95cab57ed05521aae66b0fdc4f889ef54780ead543116252ced083cb8ae16c88fd3b391d5500598eacb9cb917336b610ffb67b54fa7b8ef234770524a67b0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5001a163d3480977f7daf626c575ff32 |
| SHA1 | d1d564341571af44df392148cb4e3226dcf54a32 |
| SHA256 | f7968db8ee211e1b5f0c628272e9602186bc38f86ca7a8c80c7384ea31297445 |
| SHA512 | 6682fe8d6878bf8b2164c5a5918e4d38a17297c755d2e64fe633a0fceb368dad75dfa557152216823552e20513699a11aa00a9f2c4150aec6bbd174e14f87f8d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:37
Reported
2024-06-12 15:39
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12d9cbc111475b4b9a497a4a7e9a337_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae6b746f8,0x7ffae6b74708,0x7ffae6b74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13256539798043353299,9573912823317810000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | googleapis.lllil.ru | udp |
| US | 8.8.8.8:53 | community.idealwebtech.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | community.idealwebtech.com | udp |
| US | 8.8.8.8:53 | community.idealwebtech.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1184_WKNWJJMITTBTCSOS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55ccd368faec11413a2b28cf81c7f599 |
| SHA1 | 826532bf10d7d6e9824247dcf091a8b670ec60dc |
| SHA256 | d280b16549392601c286297775333426b95cca9695771603911defd2ea73d71f |
| SHA512 | eea4683ac326914f5b42eb348c2d8233c4b6435728edca761d5095c8a31b39fdba8a6573d443a0684614b2d083993b8af3bdbba35c00c0bea3acf45d6b0d830e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c27f9a576871db2d9cbb5cb568a10df |
| SHA1 | 48d66efe37282ab1deded68ff5d0e98d48a0cf20 |
| SHA256 | 755c698c6b30c1d082bd3e8666a67e65aae682ce619a6bfd9ee337ef7232c977 |
| SHA512 | 7ecb1ebcc833a60e129a26a4734d8c53d2e020bd36ae599719fb57a234a7bec2cf9c8ebe2bea63529b6f484fb923544e4ba97d34eb4204493154131a4adda3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a028da217fce294405b3db9457da02a |
| SHA1 | fdd3b6d336764860f2c717d9b94e3d96d6e7f0d8 |
| SHA256 | 817354d8eeb32097df6848a716ad516f52f7d537f5a58edb5b40d2e4ee62bdba |
| SHA512 | 73c4730fd3bd67e67aee11989391c05e8dbadef0d0ed3cca4fe7130076299e16541c6baa50fb4131266a3b91094c5d9454e3d27c8459d7ce75f5ca3fa6beee26 |