Analysis Overview
SHA256
8e61bb889af40b79e93fc78f0e048df996022cad7156e13a4e6c4793cf7bba22
Threat Level: No (potentially) malicious behavior was detected
The file a119dde2eff2b2cc5dd67020dbc78f55_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win7-20240220-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007a63d22a1691fa4183233f69a46b2529000000000200000000001066000000010000200000001e4c7d133cb0b5133edffcf0eb7bce119e53adbf08ae877ac890869224e34588000000000e80000000020000200000001177acb16d371d51382bd9f382b4806d8aa7e42f19dcdb28833f0348e5ba2f7a2000000093e129ae1e3ab898d70afdbb2f14af6ceb8c8ce4ab8fc2790c7088527760571d400000006b690d0a8e4cecb5d81c0195872e77b976f0abd390ef5811cd4a805f3abc49e551791313eb37eafe1d31fac6b387275943262fd6e3b123208bf12601b6d53e9f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366804" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007a63d22a1691fa4183233f69a46b252900000000020000000000106600000001000020000000bd7b2c8c68020114118024c6e2ac7bd57c274abce4331edb4aaa6ce50f599543000000000e800000000200002000000037122f84e9cf8ee4782bd3b36122123c531f67b171215202b02e802d107cb7a2900000006f2ed893b9d40c88aacf4957155296e83a1c3460ce07eccdfbc0c0cbdf9166268443c5702cdc7a288a29dec76faa932d9c7794e93c3ea74f296e4df39f67bf2de0d973f4b0102889315323e73c47e40deeb252d6ce7266ce0729f9a25147d80e508caa3cb7103cb61bba2dec7d2206b75e3f078921458bdee169e76fa76cbcb1e9bc5c0c498c2e3aa9a5edb0048da4d640000000ccb897d06b45d209de59c63d5b95900522c23b6318b91877ec433bed4d80b43d03dbf3ff62a148b27c7c37949ab537cf8abeb2db47974bf8dbb66c1174a11b31 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90bde184dabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B04E1281-28CD-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a119dde2eff2b2cc5dd67020dbc78f55_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.healthcaretravel.lv | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab28B9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar29AA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0e4ae7c4c1cd89afcb2e9bbaf6591b5 |
| SHA1 | 388415e261eea98cb43cb141f5d3c49209768ae4 |
| SHA256 | 821f367e440f019eb967cbeba7913f9fabff53359376240982ec9638a69faf95 |
| SHA512 | 2830d2fafb27d4583e56b0387c5f4ec332e0339647c670b614126d029e500adcbfb75d8982d6abec63d0e280b71b9be26be1971ba046d415bec1d056ff966f77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a25fce15725c1677027df21a691db0ae |
| SHA1 | 955349cb622821dca3291799401d2b61c8bf4a53 |
| SHA256 | 49628be94c09be045edc30b94c571738eda897f44a09ad035a1496704b4795ad |
| SHA512 | 4f0e21268172f23bd67cb707de3d27aa77d3b2efeb8d82f94d3bb4e8452d2f66a062350a0a50d4b9f3d990666ea0c405c5d7a47483f4d3250e51fcd8ba6bbcfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7336526d20616a929406d57c1f03289 |
| SHA1 | a668ea419b83056a4c45a88266dcf29239687b1e |
| SHA256 | e9b09a0ab3ab442760628450f2cfd6230592d23d5740e166e675c3ffff4f20f0 |
| SHA512 | 4445b57b8803a0a4cd6c84c4016341fd1e071951a6dbfe8083648150d24df61833b914d6c358424fe3837e83bc7df41bee41e37fc430a78c459b0faf521ec52d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 030c7438d93941538509e593d90991de |
| SHA1 | ea3d4ef22caefeecd0a3351b40d44562d67b72ad |
| SHA256 | 0ef87025c44265543fa963bb9159fd289311e2d519b4d03274986d103726eb72 |
| SHA512 | e9a1bbfb505da158c4954fd80a8135af433c846522021395bb011cba216b26ce97042f457732cf8be3f22e596dde5725b773a706bcb9257b60bb2de5a7b93205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67bac9dbbeadcab412a686d05ae4beec |
| SHA1 | 1ca211db7e1e4caf165d3391917c62b81cd42702 |
| SHA256 | 0c2cb7745046788fb5d10ec0664547a488eb78454a2d3247ec962868b90efd11 |
| SHA512 | b3ba1c8003705a22569bfed0383ef03b57a5f665c5a547aae4825a28eb9be374c46bc20ed5063d5d32090fe02ad7918b8827187cfcf848ed16ec7579626aa42c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bae36041d5d53428115ff0fd241f4f71 |
| SHA1 | 8573018b89c5b53e274a146fa19479b0a2747506 |
| SHA256 | 2fb8273ebac38e4333cb70e3552c59b346ee3aec2a84aea6936671e7b4d88eb0 |
| SHA512 | 1e9157b0414a1dc15595291356b909b400b08fa490a216ba94dab55127bf4e4e4f8ad937444f83374a9dd25175f670025129a53b4e02bfc3da592ce2c029a41b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11e19a7a5af5bad5b5b411b4a7bb6697 |
| SHA1 | e61724a185d2e34bed3c7b788d5d825f124e284f |
| SHA256 | bf68dbe73f5d0961ce6d0ad4be3360670f8dcb91e0144ada3b410e4cc9d43855 |
| SHA512 | aa0e06c3b2247e15115cf71143585a683970fcf9952f554ec2450934150c1d012808dc536cda07fcaa478b9aeba105a3bb76eb2277f3ee98cd14a1f86988d220 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed0c5e1423761e15fc3bfcb90b95eb3 |
| SHA1 | ce21179cfb04b43e209e98f5c1ee80faafdcba91 |
| SHA256 | 91afee8806a3b7ae5c3a8a1ecb920ee9ee53b2ff1c2c2d96bb2c4f6a74bc49b9 |
| SHA512 | a00e8b9d8d5d613534341992bb6c5193803a9333b300521aca4a8fbc70e81bc19d4e60a1ddccd04b236040ac6bdbca8544362c40e1e9b407edcbf12d21ffd843 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a48a31a7741c6bc70d8d6f878a326d2c |
| SHA1 | 4f31de1f3035a22d3b74108f69318b5b1191ef50 |
| SHA256 | 7d40c47874e74aa17044409c7822a0547bfa9ab7ab8189ba16d0d775ecc7bc9e |
| SHA512 | 7ff8c98b67cdac94ceb8a05157eb92547d5a3c3fb712623d5d4432f1bc8c496722716af8174e9581358c7c3d6cbcba8ff50f8c92c633800e0e2b15f8f33de6ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f68c3c243de88452f7adaa980d82562 |
| SHA1 | 6724eb900584a08db60af6ae6ecde4fa4d56a5ee |
| SHA256 | 4ff9cc68c973b3dcd047943b8be63f7ee64fb98f024e7d845ee8e31ccf446743 |
| SHA512 | 71d82394cfa323838b4606a867bcab3757ab846a0bd7dbd0390c40b4294601ee87bb3a76ceb1807b17e9afcda95bd8ef76e4aaa5a5e92db12002ce9a5f4a5396 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f97293597c01f0c7abad53da7e8102f7 |
| SHA1 | 85bc8f7f882c39a3116fe589610e9eb83a526e69 |
| SHA256 | ce2ac9a13467bf45b4e5e1dd4f006e004ec78c6e2e25b11af085fe47b330f9f0 |
| SHA512 | bdbd8be31bfbe5e20376b076ebd5e6b100d58fcf594e775c250d26b80bfe02c8a5b64bfb67d61fd121905cbe351f7fa40de6a138089f4d33e74737102f30c782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eeaddbe2f628273a6ea90308c806811 |
| SHA1 | 142c3ec9906098afa768abe85232090a909ec8ce |
| SHA256 | 52ca4a390e41f0f2e7713e8bb78ffd8ebdb45591cc3f2152faf181b2dffbae6d |
| SHA512 | 5dec2698faddaf5455b679f3759710e589dff94b9808bb97a15b6996c5a65137e393d04e1c6412a7674676f8f2995e89c5e15001d9c0ddb45271c507bf09ed7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a97fd5e6a64c43d31bb6ee4f7d34fdd |
| SHA1 | ce49ad23bf9db2506f413cb0fc96b719df837e58 |
| SHA256 | 1dd73a765aa7dadd98ee13b4d02d9ec2cbc7bbd4d0104cab34615bb0d3a75018 |
| SHA512 | c75e8f7a743daa28f68cc8768e341c5e9ff3583a12fd1cd71774ea6a5fe66890d1238746980e5405476cd74c08cbae5b0ebb568cc3129850b188c461cb1cd79a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 588ac63e764b28fa5a9eebb21c14db3b |
| SHA1 | 4e9e33f41d93f83cbfdbcb433fc1943d19ef58cd |
| SHA256 | ce9013e06f6682b7019075a2df40468f8d660d94b74299b58f46c01d9dd3f50c |
| SHA512 | c1439b09da66005c05c388e39855653240745f4bec1520dd81f7410294ee2f4075e015410729c6d7bf882581ab70749224c07e7a7f2eaed413e04f8b31c42e46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77a17aadcca24d8d8325d3b7a23c1265 |
| SHA1 | 2594fcdb9a28720ce90f5701505d3c4d887b7fbc |
| SHA256 | 3992162b94d545ff5e968ab13cb873ebd9ab2edfed6ba6cd92434314e9c8b820 |
| SHA512 | e6876fc2d6c6c68946530e8dffceb5e611581c29ebebb431cf34b9a4d6c9579e6f756f189f9ddd79fe189c4d8109d637fdb99bfd73677f5e825c3699d2b9407e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d2f10bcf13ffb2eca4fd321d268ab39 |
| SHA1 | ac59016a1cecca37d2c20427f18cfd08ba316f8f |
| SHA256 | 50c6f5c89e40af1f2d392f72b61dfa5dcef30252967555c9266a848f20aa2da0 |
| SHA512 | 062a13965e5fda599edfb51cad893c91bbaf60b55c9bc87d65466bd12cd800c20672b5a680fbd72b558b5afdde9431e8ccd0e213439c9c908af51af6daf1aa14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0dd52168c49d0cf276e187a5663c39a |
| SHA1 | b93d499b47f580829b311908d2efe1a4c58cd298 |
| SHA256 | daf18070c6da9fd1d74e599da705e11c415d604cf223735a10be3cdb4d745215 |
| SHA512 | fe81726cd0a4e4d337c7e63835799910be0b27ff8b6e1227764c8e1d91d2b35c34f6583956a78387da0c8162066c8e3709da74510c7a4a14d869c75ae799eeb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ed150e606361dd9b039f2732421549d |
| SHA1 | 6e4db660aba6071c03820ead26a3079c786031e0 |
| SHA256 | 5c25075e46710d178a807def7afa8c56daf0997d1779ce46f1cf36f808e6b076 |
| SHA512 | ebc0c08d89063446e886729d3cdd8988042b8ff3f1adaed46f18cbbb270915042b37be4841788e427e62bc3248946c5b7a67afa7dfd905e2bd4969785f36129f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28357912d6fefe6bf1a996370b65d316 |
| SHA1 | c70f17e77c8791041ed5e8bce893524a06aed59e |
| SHA256 | 9038ef198b31ffb673e5cc0b2d389dcd3c5b5acf4d9de3250b9a45daa343e231 |
| SHA512 | 6ece38db6baaf084f6c631822f976555748400dacfce401d5baf74adb65ab08ef8b8f2ae0c0aed8d387f08fbdacc97fce33ed407e9b292e5448dd113d1d985ae |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a119dde2eff2b2cc5dd67020dbc78f55_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa292946f8,0x7ffa29294708,0x7ffa29294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,27488093736411466,15593605299884983170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.healthcaretravel.lv | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.healthcaretravel.lv | udp |
| US | 8.8.8.8:53 | www.healthcaretravel.lv | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3032_SQZWEPAZLMFMVMVF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26de861d5e081247c01e7a82def6d010 |
| SHA1 | 3d30291cf795cc6b7517687633aa966f66a4bfc9 |
| SHA256 | 0d76f74affe50c88884073bad0bf46d77fa3ffd6998a0875ff54ea63729401bc |
| SHA512 | 68e7e5a1742e79d8a23a794e3446b710b162fff0faa6dd5113a35873e6c5d60cbe6e1270c7f2f50c5d3e3df73fc09e4f6d86178c3c2f58aedc91328f45afb605 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4371527ac7d27535cf4410e5652a2720 |
| SHA1 | 86b2ba5bc6bc4bc8b369068d3357ac11374b474d |
| SHA256 | e6b7bf8bcb11a9522c2de911f78d0ce9048fdfe2cf62dfe1de1428e07f8224c5 |
| SHA512 | 7a0b7d8a7e90777eac2a7adc30b5a913423ebf86711a7d704e16ad8f239877c95bd6b665c6f278167d2612418164927a8eea6a3aa793d00366f4d890fefc760d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e39edf83eb7d9e76226963db19f40ee6 |
| SHA1 | 3f3dc2170cb3f919eadd2a770c193695d3071745 |
| SHA256 | 69d5e174634dc3b04f826ebbf115508a44da87c0929b6b81889a8af2215352e2 |
| SHA512 | 14fba36b725ccaed7ac72939d3595fe2c793bfea1e5c1420f622c2bb3dc20d90daf95f9b394e8e407146ed5a06a1419bf4cb40d6cb43dc8445239ab70f2438e7 |