Analysis Overview
SHA256
34f96f9c888bd70f52b83d3be72ac170e8c4cba1cdf6c48f3aeea58820da2c43
Threat Level: No (potentially) malicious behavior was detected
The file a119b0246697222f7d25600a773e5699_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win7-20240611-en
Max time kernel
136s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000479de66d0046cdef33693674a342813b56e976bd140e32bfbfedf1762358a6f4000000000e8000000002000020000000031e969413cd37d595dfc334f0e55986155d55cf1501cd12e75e903cb79acef120000000d4c38918b4779450432e19a260a121b55895de7dc1527b85c6b3d53ae722b8b7400000007537c78eecc02ce279bf104e9bbba0f23d1ae775323780fa30e1e91a5ce831213db67c964b307a34f66f1e813efd08629eb20458ec0658cefad89b558fb1025f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5035cc80dabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7DB4AA1-28CD-11EF-AC4C-424EC277AA72} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366792" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ccf3401835b9dc54f039259f1403154028274584c7817fe9964092d52f6b4299000000000e800000000200002000000013e2c8bb4bf4676394f49574b78c4933b2b4f67d3db75f9afb0c1374371f4053900000000ee3352f3d17b78488aa50c99b061a1fa2696d1e2bc8a43de29e84d909035a7fb7b0d5953ba4aea9e6901043b9c2e9cdd05cc69c534f054dcb1dd593be84e119552fbe665d762ee95e95315b35eb8b39299bb461f0630a1ad23ca54c21bc881df89d8afe8c710c31c814f58998ea7b619c293bd9847b2fc7b1b884e74b593b499edd8e8a88eae3f8a993500e0615c9af40000000198afe1861b8a68f4671afcd4acf2fcdc5abc02a82745cd2127aba074c2d6bf5195e887a51501399957169db506774cc70d4957a0b1d92190d9c835137481e42 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2140 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a119b0246697222f7d25600a773e5699_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9206.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar92F3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f360f4957a0ade410cfabfb4dc994b4 |
| SHA1 | 8bdc413a3172e4abfc50cb2c1bcd0d5a81f6bd3a |
| SHA256 | 65eb814c5d8be0c47c1109acdb90566c4424c6dc45d3f8a66473e76f25ad060a |
| SHA512 | 4dbbcdd40b7ab88d77cdf0fda082a3b0582a1d826dd85d8ae7683955e74533411237020dd66d40a62b22f121586b580233e3aa27ed9a094d18c988fc0a261470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a70a7e5357a18f10ef7fd03a5b6a75b |
| SHA1 | 508a5435bc20b3cda5e4ec6920e1a5c5225e8021 |
| SHA256 | dcb94e1788076e2d940d36d0c0cc3cd2cd362fcd9ba4059587794905e3efafcb |
| SHA512 | d3da43dcd581c83e519bae110fcbf659ababaf12091e29fb16211c9f4f35437e8788f5e5a0c7c8bd2924d4027b92aaa9934cf9ce06f7879291d57e0275632f6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 384c314d0ea67ff9d2974dc4aaab791b |
| SHA1 | ac2a497852bc7c90a9e50bb3020711236eb5e105 |
| SHA256 | bd8d61bdcfd583f340302ff5f1b8902aefd93feae9cd48dd6b707da598340fd9 |
| SHA512 | 0fcac4e7913d4e762c78902b115c8a35e60163dd50e8db12ee2f58ea35e288d3c40ed42522d260ed494a0588417ad25dae2170a57e9523c7f1cf4a53dff7398f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f3fbaae4671c33d7c5079b3f871d832 |
| SHA1 | 4b39ea4a49c46ea0528d7c95840212b0644753e0 |
| SHA256 | 10823cc93bf51dea2d82559bd23b6cb87276f9b10474021bcd46ed78283c4332 |
| SHA512 | 6fd80c2b6b5a3fec30f414ab46352cc70d15153a776449783cb2c7c2207d07fa7e0af4e1eb9fa56d18d599e14c9161c4323af1b9137225640359f711862464f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d640a81f1f5d62a641d61fed710889e |
| SHA1 | 5e9103794bbc5f221ce227094e3d3faea5f3ed44 |
| SHA256 | 67f6cdaabe2601fbfdfb5d72ab2bc538ca9e438fc1b829a5fd9d9973b2b8c29a |
| SHA512 | f770def0e4af7fc89c8c995d07b3ab92b00a0b112193fd41fbbd01ce7b4b4229f1bed29a02519b853a19086bb8970f4c33f173c8b7c156f23f2dd696b8bdd824 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6b2e9eaab4b7f822d5b423d8cde80f6 |
| SHA1 | 2aeb2d53020e1e3e4b05a7539e83c136024fa314 |
| SHA256 | 0326ccf14a776feeac2cd71cf162cccd413364988f710f64777c272a4e4f5f49 |
| SHA512 | 091be292f75eb64f1030e37bf7c03eb8086914d6542db594bf9a34d559df883bd31fdac0e96d90ce8de924a9d72d4fa1ef6e663164a21f9a7bdf70b9f5a3da21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97c419cd7e152a4b77bde8df65df6a58 |
| SHA1 | 443454e43301ea2035c6fddd3881e70f8a60d6c6 |
| SHA256 | 7cb5caa7f5c767301dc8cd3d2be8d231d98ff6923e41a858778bd271f06ccc9b |
| SHA512 | f053da602c973cade5bbfef492d7dbef4960a31a081206a8e42c80caa74f658c7e6195fab7cbbfbf0647b1426553821fdc813d1ef6acf079cbb28bd94d057e01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87a837e4f8076f8c2c339d63320bdef0 |
| SHA1 | 3362694b4e89c5d6f593db179df9706bc83f38da |
| SHA256 | 2b895b02136d3a715c760a66e7f1146986c0f46cc608dd582f96b7de4504c139 |
| SHA512 | 109ca5fda1904ef72e3ceac47a5042eba0222d317b4f3241a9dcc4fc48306cb8dc5419998d7f497889ba4bb090b747452197d4dee9cba42d7bfaa7842975eafa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0a1e4869f4fa27b0dfbafe59cc5846f |
| SHA1 | f36898ae94b357fb5bcccbc1c653c08795ef1d17 |
| SHA256 | dae52d89d1036ee01ee1155fb556f899877ad46e6a5e8cb731c84773a8386b9f |
| SHA512 | 22ff232a39f6e80161604dcba8ffcc604e42918f00992d690a11b42f8d2d7cd00f9ee79fcfec3e6b0bed0f9821e0ffa3036906271be70bb225cdc3ae2ea98eb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10755365d446367e56a3d188cc026571 |
| SHA1 | 8f288665b6ad0dfe3dc5f17cff2c7c99b3b26e81 |
| SHA256 | 38f81b45d71d95b75bc0415fce9617c345e766a1e33e616d0c24d7b90d04e2e6 |
| SHA512 | be390072e60ebeff4b6717c436b31357fb0e30fafb5b8cc793421b6e13fefc250d6c27c4bbb4b2110c4ee097d4122268ea7d752120e1adc0181bb1ad41013df5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9016aedaee8abe14280090df2b7fabe3 |
| SHA1 | 12d57ff7e9e0a4efc73ca124792baecbe3daaf5a |
| SHA256 | 38b02f9a50e0f0571bd1fa1954504d6f21ffa5d2691363136e913a384a57fcbd |
| SHA512 | 9dd65301e985c654002cc3a2baaaef53f3c160411f7676b774b5a05b2429fed57c5c712907622e9d3a57322d1e524702291ad5ab62b1e0ba0a09249c9a396aaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66a06e7c83e917f1e2c92b56733cf1cb |
| SHA1 | a4c8d0b945bca0353debf93c4bf220b4f0071b33 |
| SHA256 | 845bfd6a04d120c18d33473125ed312bd4f95afc7e64fe551fae5250b4fb466f |
| SHA512 | 9f375bb04727f442130f96ba79861c455dc734518215eb035e157dea745580d43f6022244f08ce5b72f85685333bc20983d5f33caaf063ca63f5d82d03837571 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aae48ae941b34709795c4e69f2345c6 |
| SHA1 | a9db4c7686ddbce7be587bd7b7f8409243a4c2cd |
| SHA256 | 221eec66219dc57b27a465083697130fa659d894a1c9d39ccc4fc2f2fe6fbf13 |
| SHA512 | 5f9dba6eb2688f53934f34215d5b336ca449ecfef8377082d90940beeb61e4eb2c9474917c119847786851a4522f3d5f28603ab329a6530615b9b5bfae7a3ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45a0acef107ebf59beec90e240af812d |
| SHA1 | 6d4b2ab1075fe236ca4720d2b7982cee6a07856f |
| SHA256 | 0899e8e0ee929b2612c19324e132dc7d7bfca93c7294d869bf68c5046113de86 |
| SHA512 | 3a6c6b9a1ae8da6ebd87d3eef57dc2e0156d13d3a9edfa0051553b7cb233aca9ad4e1ac80cdbef149b7cb16b3f70f87728e6b2bbe92b0cceb20779273f63f9c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29e3a77200c4d5336f8d195cf40d3f5b |
| SHA1 | 689dd5fbca2c89eb6956fcfcc5e7fde8a519aa7a |
| SHA256 | aaf71431f63065bc2fa31b3b05e6ea58d2ae844ab16d3a89f6d2ce7f3a0c42b3 |
| SHA512 | 3a9c65bfdb40b2c9f6494dd4646d0c94813759e5bd1ec304c9bea995014d477eec001ee09b828b0d8c0bf62698b8099ab1facc15dcc575b0aa06818fb223e46c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22322ebe94c2f3c22180dd09599506cf |
| SHA1 | ecc81cd7c54c959f416053be75232767619235fc |
| SHA256 | 4ae9ccde638967dde55aa33133445e7ea22e51830f939a5fac7c2fe4ac85c391 |
| SHA512 | 636dd8ecd0a227a223514dd1590f55bf6f5a6d67d8ecf7969c6f888a40dfae2d7c5493e6754d20b3424aae4a3297b87b4f3419c2f290e94010369a9ba621e11b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a147d2ec2bad66e05e95536e46033cf |
| SHA1 | 7f6387d9a8bbd39afb30c4f0370de04ec2897d14 |
| SHA256 | 44397e4b2c7ec1e1dbf06034b73a181ee8beb03cc801d4b3f905d4a33ff8e00a |
| SHA512 | b5118ed9db9380cfe98bfcf4cd0e9abc3c5a48e4dbe4f46ca188e6ccb281aa50e0dfd97f3d47d318098f39f0769a633b1003addc56b379349fa19ffa4ea11b96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a25a17f180d87ae0ecd14d8d2095e38 |
| SHA1 | 45441299463b93f98f638643bc39f3d0611d34a9 |
| SHA256 | 27ea0b68c923646276d8686f522d4f248b8f71ff35c851ea7839775fbc0447b9 |
| SHA512 | 663c452025d52de286a3e493bda1db2623b6d00798a515267627a2dee5c38ae2d50c9e2fffb88f34a289080ede653b71efdd663d2cf19e39a8fb9c477dd35603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 930e44c1357dfd2447ae0a9610ab1773 |
| SHA1 | 40ae7cee003be2c4413a6eba90dd677db5197404 |
| SHA256 | 04ab8a90c5a51d0b61d2169d9a49a051c47556c0f6fa65e08b6b8285a5086602 |
| SHA512 | dcf9f1fe8b05bebabf8d3025ac08d86dce0aa739935995a912cbe34a2ecab9652e54c3961ddafa53f280a850a9fa3eadf3b4b0cc0fc9646c05c75998e02881ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b0b8b0cc89b58b55b1122babe539ab2 |
| SHA1 | f106f075a150125970f93df256b67a5bd6489280 |
| SHA256 | 28ec178695174805d19913791cbb658554a6a37cc161a1b1c99ab7bc2b2c3d82 |
| SHA512 | da1138fd4c3f9ae9ba6bc04d85f61cf9f18f97f5009a14938cdda61e0be606a550a181c2b56aff1d5f749920ff2de82684941f137ae56ec6f223687ea6d169a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 590db81043f18f220745690081d5fc1e |
| SHA1 | afd1a365317d5d94756fe4aa9f863236f382bb5d |
| SHA256 | 3850da0ea670ff19871fd1413b6562be9e8ad40ad4b193bc1db28c8ed4053f35 |
| SHA512 | 5681ffa2a4f538a99a9a879ce0811140ab9bcc99efb757efc6de8da1d9a757d66609c10ca92f933e51c39ab2e33670f81350cc7553566632266e6fbd3e5d79e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a119b0246697222f7d25600a773e5699_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12b746f8,0x7fff12b74708,0x7fff12b74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2027836841978373525,13330227686873172705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4268 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2120_LFWTBEJHRYWZHEHD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e7096a2ed51e416434754adaebbc5a9 |
| SHA1 | bd1f9a0d82988b42c0c5f20b4dbe3c1f205eb449 |
| SHA256 | b4a93be819245d4663a1f4cfb388a4391934239ec656f63c2505c9f475559521 |
| SHA512 | 47896b889b1741fb108ce152aaf7000da6d44e4a56f7d8474623f62b95d8d65a155e3e0d95b2e46828f63a1ca598b545d56330d9a329e9427daf2ebb3b7a473b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 155fb464da2146616bc05bd328fbe4ed |
| SHA1 | 7b1dbd12b0692e917ba9eaed1921866ea8a06d86 |
| SHA256 | c9286039147ff3e92bf1a53f56b867f13b7e1ba38bd485629bc6c42be9abd644 |
| SHA512 | 8e88d09cd86948191aecfb2096960511c0c062abf8716b59eefeaad589c1f2ca1678e7ddd0e2eef321872304b96883af0e239acc1afcc48596f7b4c5c8189581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e7042538ac0902933bea79962f5e3bd |
| SHA1 | 4aea2ba56f9cef03ce137735ab94c1e9c5c63cfb |
| SHA256 | 7ddca774f201ebe2eba335c13275c15aa345aa711892513f4510a150fb1b92d4 |
| SHA512 | 19d125d0bb1faf112f091647a4443a7eb9349dba199d7821e4a6bece4e3fe019e99383b69e082fcdeac6feef5fc624840ef26f6aaf000eb31b4b914caf752d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |