Analysis Overview
SHA256
ce52a0fe59419653f2e550fafb931b1ce1cfe37dd3ca6f4eccf154482a3df754
Threat Level: No (potentially) malicious behavior was detected
The file a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:09
Reported
2024-06-12 15:12
Platform
win7-20240611-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001433874409444e4d245ed7ea8b64d5f9e24fb939d658537962749f4a042d3317000000000e8000000002000020000000e1247fdb4c6c07e7f4804a1388742df4cb5dc4794580750f2a101e8f6963711420000000c9060f9786c0d1e938f3cd205baa54969d5f3848ce55c9b519ad436b723efee140000000995f8ecc47f495c5ad98a16c6ea7b183257c05b9369d3ef540bf7614d39b136e2a97a505c3f5e90b6c6eee10d9de7e7802170858786d2420fb25c068a2e32ddd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fb3da0dabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000ec728fe6a4ac39c82ae135d3aee358b9b860bf600b266d5d234c3c856cfc02db000000000e8000000002000020000000a376182994ad96bd097e98df08cbdaf21bd8d5ea35513cac1082abebf69465ea9000000016d708cbe6e301d2cacf63ee41a044719daab709a76b462f75269ec375675dc1c06e875dee585dc34a98b40a533501a6340aaa5a8f97e1c6b58cf101b5b23f35dc34630bad9f016822e08aa55dc070d61c3fb8767a3c4b299f54f516622541fe15defb01417fa0985728f5ff52246078660717f26d292e05f0cd87a1e14e97d237f6e6b3cec256b395e463d6e48813c540000000f3d4dce070d66bf993d61ea6952c97d7deb728f00e5bf9c1ee29fb811b30d6f25aced506cf84a04e8ba5c3b197b4da581353481d985b847113e26d6f4b057359 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366847" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA82D7D1-28CD-11EF-ADBE-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 636 wrote to memory of 2108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 636 wrote to memory of 2108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 636 wrote to memory of 2108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 636 wrote to memory of 2108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:636 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | makingdifferent.github.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cuerosb.googlecode.com | udp |
| US | 8.8.8.8:53 | www.hostinger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ho.lazada.co.id | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | media.go2speed.org | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 185.199.108.153:80 | makingdifferent.github.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 185.199.108.153:80 | makingdifferent.github.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| NL | 142.250.102.82:80 | cuerosb.googlecode.com | tcp |
| NL | 142.250.102.82:80 | cuerosb.googlecode.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 13.33.187.7:443 | media.go2speed.org | tcp |
| US | 13.33.187.7:443 | media.go2speed.org | tcp |
| US | 104.16.147.108:443 | www.hostinger.com | tcp |
| US | 104.16.147.108:443 | www.hostinger.com | tcp |
| IE | 52.19.123.128:80 | ho.lazada.co.id | tcp |
| IE | 52.19.123.128:80 | ho.lazada.co.id | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.jasfora.web.id | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 104.16.147.108:443 | www.hostinger.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab936.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9fdf879b281ad3a09254f3bee3244a6b |
| SHA1 | 68f97e76bf4224484195784b50fc477b99ff343e |
| SHA256 | 8ed8e347df034ccfbe725b352b0af453875f5d780eecac845c481d34e41470ad |
| SHA512 | e4b26590b58508f61ff787284f95d9e0d9f4aad6ad1525d018486ed3c9c5959dd1d9ba5e34e5dd26107535e728450280ac66c5442b4f65a4fbc699ad4ccd36fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 962debf6fda6f65f06a5df811f4a7407 |
| SHA1 | f6257069f9287554248fb2e067271b77ac9a7136 |
| SHA256 | d57f0a30d35d94a2697ba14ea6bb57f2ad52b4b612a8fa5f37ec31cf08e40e6a |
| SHA512 | 8bd8b1e5d0a3995ec7bbd1a69b01c0c97d9cb436d803ebc91f691d0a91cb3ba429edc588de9d33bf2d2dc5dc2a1ce27f572989f24cf378d58480bad856af0074 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 305ba9f9ddcb867508d750ca79939e09 |
| SHA1 | ff4592cabd75d051757e2e22ce6fc1a70e270e3f |
| SHA256 | 2525483959e769c3ddefe7142c95a4b389bb033802c93c6b6deae986b71e4d71 |
| SHA512 | ed46c42fed9512ae0a9cc75bdef4e9b2522ffdc44baa2f683162a537d8856529fab4a4f954fbc37813ceab1a1900a043ace04395e2b59be4728fddaf5c835145 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dc540d69a66cc93310c9f9dcb4e1d9b |
| SHA1 | 51fbe604a88f3d32b82c0d020527ef3dae5bf3ac |
| SHA256 | 6058e31a157418a0d24327c5083dd29245ad113aa664acef850cb6ea7146760e |
| SHA512 | caa7041fbdf3fdc63060eb25ce2de0073022a423672f80d41f393940f01555af8466d596201c3ae19d1f8b00a3634f5045eb25ef1cf3556adc5bba1d422a5129 |
C:\Users\Admin\AppData\Local\Temp\TarA18.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | be59a55a295d22448342e6eb18298be9 |
| SHA1 | a04af1b52caee675468e24d1efde0417d33af622 |
| SHA256 | f12769931d73a90efd3fe686ae8c19865bde8ce4417229089ee078cbd70b8cf2 |
| SHA512 | 03d72e1284b4a3ebee08c82457fcfc9305a2c7840e86de3109a3436b81cb59c83935286ba39418bb9a3bdb4ca8a7c820e559a94688cd9af8712857cea979e55e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ff59c228176aa68557aed09a301b4138 |
| SHA1 | 7ac41aa2930961b0caa3a1b7000fbd1e43f9c994 |
| SHA256 | 0523ec9c8770dea389c5e0a8ba1f46ef59d445501231719eccb5e8a484be7487 |
| SHA512 | 95fec7852a4dba000197d7d483820ec50ae71fe8ed310e5f69f8c339cfe08b1c5ba680a34a1931fabcfcbaf77aac6130eebbbdd5542cefdf164688ee31003d52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d827aa774bab0c55837294ab25c6102 |
| SHA1 | 12399cbd06cf6ee535e250ac420237ed6179db37 |
| SHA256 | 225417eb2ebc4163af06f6d8d31482d017c9aa3454c14553aa3ac83d60c91f2a |
| SHA512 | 16b3fd1852b99e924a37a3c52ce036fb60cd88ee6705daa1384e2f55ff3d6d0eb4381414a2b5409a3be0f784c075ee61a793f2e23c3c12e7c3a3a80d057b9909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 53118369501d0f897bce8fd1e89aa611 |
| SHA1 | dbd92783350be4cad7cb48af599e872203a66712 |
| SHA256 | 68f461c81b885d2ae06193c03b6ade0a370b3c003f18323ff4733816db7e8543 |
| SHA512 | 9a2dd4802c7cf2c055ce506baa30b671f45e7b5c112ee8ac31f45a49a5ccb7c6f185845faf12b00140fd0a0a9dd5d05677b66075606c7fd72f51b88879b09b41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67c6dab9854b80f847c1da590347b643 |
| SHA1 | 74f7bf01f3634636785517817fc4259d966271b0 |
| SHA256 | 58cdbcf8baa14d66e86dc22f0c4f992ba868ae314fa075b53e2998b21f7a3e97 |
| SHA512 | 171f67fc811f8ea071126c8081a8a6bd5a83b0a9830302ddec40ed9fa450c1c0de15f0bac52606627589aa3769b2df726339f7380b3efc4dd87fa115ca37696d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d4ee6df86fba506b39d544b9d99eacd |
| SHA1 | a0eefc9359c06b023231317b75c0cf6dc3299c16 |
| SHA256 | fe5bc02d6b42abc5a400cfab1bb1f98cf8ccafc9a2df593307679de840041547 |
| SHA512 | f8f7f5bb7517715f49a6aab27e2e1f03805271d8a8cd8cd06deac30207217227cc32d409face0fb9788a21659e9703974daf3cdc53988e099550073de2be23a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c89781a6f49c01c19baa38aa04e3c7 |
| SHA1 | 640e99aa539afc98782417b07e43d36d5b26041f |
| SHA256 | 9f363e6e81f2da21aa53290c97980be4eab9d22cabb7c4fb1598c7edbfc6ec7f |
| SHA512 | 1104acd97ed82345504628683540a7f0b4c96f697c8daf5e7897c4397470d056be843498264234d3a378e3cc74ceffeac553a81dd31993cf2fef61863d234939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2c6b260746bf1dc6f6ac64f81075bca |
| SHA1 | bb211d5717ca621b3facaae0695570cf996aed60 |
| SHA256 | dd3dcdde74e94e7ec9ee22aa77e3d015d39231281ee44414aa966357c5a4b57d |
| SHA512 | 3397624f54e794ecc312ecfce76ae73250ab2f1ac0825aca905b82e5aaac6419870d1aef254c48b2453e25418ab9da5e041631ede3158932f3aac1faf46460a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4532fdadaa0f6377f6b451f8fb62d2c7 |
| SHA1 | 162d058651abfba563e5fe9160a88668dd71d62d |
| SHA256 | 7961fb9c3b728bc76031ba721b653305556b8945d9d8c6b1ef8626616984e447 |
| SHA512 | 175455a7edd02905e792581a27cb8fef30bda522744ae5cde43acd28b40789b735083be9190bbb6a80614dc4406176b4d052e9dfa8806f38c27188cf0b3dd0d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 265250b6a5d08a14026d8ae3306af001 |
| SHA1 | a59d5114032c7390955e8bfb6de57b41e9b99aa9 |
| SHA256 | c12ab0a9ef5effd3ee0040c2058f64a79b18ad981afde5080786f0ce2bd6284e |
| SHA512 | e57466922733913b5ab24ba1d2f8894ea4fa367f0f7cfeb34140f11a2c0c05a201a0d3c5b30bac9c1ecf72cbf3339ce31311e2c4b396a4bff8aba4777f94fead |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d5b3ecde2b1b3edcff0a792bda0f28e |
| SHA1 | 3197f3f9baa363a5ba8a5497eab36f8d56f29611 |
| SHA256 | 68f30321a9c26c6becf394e55b845cd43deb699623de3f96e2d8de304ece3e83 |
| SHA512 | 43b6d63ea9308e163a235890cf8949ba665d3bc4de3c2800d52ea778e83aa333da5b3ef88adf8ad00d11b66d6b03b5c993a2db0d9af30cb9aaa97c6b6e5a09bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37bbbd937b61b298b4ef5e83a226d6c0 |
| SHA1 | 88ad88a2c60d93afb631ba12d989d1a92f9bd021 |
| SHA256 | ce65ed31a7e155ac3af1ac6502b69f8b092c0cc53db5a37707db2d9f5d2a2f40 |
| SHA512 | 247330c222d37a95363216231dd15f41eea6073e534d037cd4843a80f4d561a16ae625f178a5e46e0049c9102ddc873b5fd132f218595b324dbf736945e27a24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9b31b8b7708d6caa0c46b16e1100932 |
| SHA1 | a0820d42771939512e54806b9ab17f3fb8af6452 |
| SHA256 | 3c868994dc31d21bf8d8ecc94d62d39fb1746c1fa9d31e0239b0079a418d2000 |
| SHA512 | ab264d63b4c5759d6f075c99ffe0ae40514400c78919981e3fd25e4434c6330cafbd1a3a417818687ae5692e59f949cf67f02ef710c900a43469eff048a08011 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\fb[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dab769b6c8c8338c480c0457385bc5fc |
| SHA1 | b756465637cfbb9752423aaeb39da444e7563aaa |
| SHA256 | 9a61f12693e30d0d6b249dc7ba8060b0427b9ebadc0fae1f46a6e5e94590405d |
| SHA512 | a4d7dd4aa9fec38162ca76b1fc5f2015ea83a935efd43c1eed31a47885515a102c9e89a5421c16fe14bb6fe74b5c9d0c18a01fcfb48808e25bce95fb2fbd6179 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1440e30aae59d87779669d01d09e509 |
| SHA1 | 6b93ebfb302eab831257d9aa5fcbf8460b6a1445 |
| SHA256 | 189d6fa813aec4a53021b834e81852762fc423b3598f9af5a9959a250bb5b4f4 |
| SHA512 | c5cbf1cc0c187623ae8747bf7d2c21b42cb13ccd59085357ed76300d4a81fca785b5b8e4cbdea163dc77cec766c30648c5c8933774984c3a08e23b63d2acacf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f2dba5fa21cddcb4bdd17b64c019383 |
| SHA1 | 56e59c853b0c0364406c444bc0f0809732ae95a0 |
| SHA256 | c540d579fce0b8180010f7739590b4fa57b0ff02cd2e3ef6527b217c8c9ec30b |
| SHA512 | 510c633bc85852cc2b50e4819a9cc2f83237783f7bcc48cafb223e594337aaa0c20337f958ae3631981301ba1848e1d13bcd50bd9079b9836a2ffaf3c61b0343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23e982c2b8f8314558bd32963b741d8d |
| SHA1 | 132b0e06e30d3f43e28a23d4d07274ca87992d7e |
| SHA256 | 8f2bdcbd1b94cc1d5d03c3a695c6761da9db33ed7aaf49cb5fde220b95ceaee2 |
| SHA512 | 0e721f528f13c38273ded34910c0db8e024333e265e8436c53b52da50520417b64c81f3caae6a4e13189e8653bfc6d973c22ebd707ad05f3ecd3d794a0d7cf25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a2debbbc59acf5c0bff89ea680ed24a |
| SHA1 | 640384685ec46b5dd7f6826a1af7fbc047788385 |
| SHA256 | 5dc43f59ac19961c9ef51c02d62a855ff64d24cc7f594b0052f98d1e2502c89f |
| SHA512 | 2f4b4c7a9872447b7757e501ac39a055919130611c9c07d806f7178b4c37e2c31421b41b4de0c3a0cfc12c7443b86f670a298351daa66238d1e6bd27121b9f07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04546ef0d59d9b3f9d41a002b00edb95 |
| SHA1 | f382004539ebf553018b96d05c41eb5f145600c4 |
| SHA256 | ddbf665bc87530055d676f679dcc63af35eb568658a9585595e5ad4bb28d87ca |
| SHA512 | c67fbe9a33c56cedfa2982009bff8dbf12d5408d11214c5f861168ef8ae633420ab16d7c528af7311e0602009a661f145a414b7909394681e352734e459bc1e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7071c34149263e9757f6efa3efb5c508 |
| SHA1 | 30d72860f4bd2a6e93dead7366035b54d937e77f |
| SHA256 | 781ac93957394d44c139a32f9782e0f619033ddb4d8d234f4fc883bf37c7109e |
| SHA512 | dc3b5b5cf5db3c472ceadcd795cda6316f9b02de0ed8bb1adf683b962df23c311772dd60f1302885a2f54748c0c990349921fcea1565bbfdb62670e443624553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1015711f8de039b78bc1ae435b962111 |
| SHA1 | a925e8178f4fa747fa6b4480cb07fb61aed73a70 |
| SHA256 | 8a1896e97bccfed44bdac20b8ee96ab75105a6af39d5436c3fab15ba9ffc805e |
| SHA512 | 9f88652ffb351192d99a10c906c02203bea1445d79b50aac0d3d40ae57cf7b8e5262dc71f642d687b95997b1a7d3dd746ff7aaa0b930f52342adf253c345be03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05a24bb9962a7890935cb3b3d25eaffc |
| SHA1 | 5bc12cc74071db4d4a995aaf3b2ed172774ebe1f |
| SHA256 | 7ba2c03eb3488904ddaa02a4302307eb1f63ab7f3df87b56b8e9acdb276e3d19 |
| SHA512 | c8c991ca70f23450b9c542d2cda3d560abbb019c87b724d715a0f798354b2fb8f6eb80ac59d371db3dd9a7f08eeda867570a038f4a973e693979cb1be924ce2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b3f0a68b046c83dc2669c6ad8e98690 |
| SHA1 | 553ab33b1b2c9cc93c712b8c703000120bc2eea2 |
| SHA256 | 8330e96bc0ffa708fc1048538b1319c7a54e23a3d15724fc2457e8efeffe1175 |
| SHA512 | 25303c1a05ccc2b7d53617b3d74fc48b9997d7f69ffd342217b410639705bdb4810d91dfd03183575b01ce114763687c9419cce6e3f0adc25a50d7b6e7664b5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3246df437c2fc62527628b9f4bdb66d |
| SHA1 | 049868a7793b04137efd60a055666beeeb7eecfd |
| SHA256 | 9cd69e987f43acaa7067323c9692d1e75b207bd36a2c3d1eb2ce1308f0db469f |
| SHA512 | 753e13f6977086bef7e2702caf0ed0c03a17f12761fbd899b08524471a4cdafa4583b95dee3c70255032d9228577722778aabe7bad9938ec93fedefa75ee6c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 049251a4485236f8cf4d7dd83ba080e4 |
| SHA1 | 82910ffb0dfb345f62152df444ae276e42ca974e |
| SHA256 | 8fc604eb30408df716698a58ced0a50c17bf5a51c47ebbaf2d5d719c07d70c87 |
| SHA512 | 13f60cbbbc4b734f1df067e719a7622b07919d5b2da0ef0cd1e6262ea10b049f4ea4a219775bb10a518c6fc5d46387c1316ec26af0f87c28ae5aa41943b198cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90159f05a9a2b8da4ccb09c8e96096d0 |
| SHA1 | ad6af0b1514df703ef96cd7af851c22e75dee0fe |
| SHA256 | 9bea653bbd1bed37d5e98f23550d86778900a9ac27de6988ad0697274c7fbe96 |
| SHA512 | aa0452c765d71fa5990365e4cc9af6e4a6b67df141dcb098c8df3d814a99be86b375ea3408c149092ff48ef54ae5e97fb3dce893d05881fe28a2a91554185d04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38e552cb77cd8997a4530db3af4aa2ca |
| SHA1 | a2f1d273758a3677c54cbbbfb265485506ec32f3 |
| SHA256 | c371f0dea984f031a31fc7df9a35799a4bacdde0dd52c0d9282637dfb2c282c9 |
| SHA512 | 7c24eca08923d77bd30834cd727fbce7f993c81c78f0e404321274820631da504f0e0517c2b0fbd3395be13712f26476a2cd7e41ce1cb904516a2240bdad6db3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1394921427067aeeac08aabc9e050d |
| SHA1 | 50f3d1b5b7d6ca7edc6b227caab0bcb9735180f9 |
| SHA256 | 3b5d776c4d413d04c3262524ec3cd503c2fceaac6f9fe6f3ba7e465326b0322c |
| SHA512 | 2d242811f61162c06044e2831c49bd0497ca1c459ea4453d4aa67dded9033ec8f4a1742a8fb06d5dade9f7a7ff82f34a24f5e88eee767786ea1ebb786b69ef97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc29e85f53afa0cc0bf1c96517d7c0fb |
| SHA1 | c842b45a3ef110ed74a83197ba70a1cc2542f33c |
| SHA256 | a51b46f76761a16966008a3d145200ac7dc239b4fb99d2b19b813b517ec4d0cc |
| SHA512 | 0bc747afdbab587fae5df1f0bdb03d97c2755423d3f5acd2690a04c45c000a4dfdb99a7d0649d687cce7446fb59ae93d77f82e7d1bb18fdbe7e843e39a0801b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfac6e5e52f6746226379f8a2ceb7dff |
| SHA1 | 259ee4a066fc4dbf555061a21d01e84bcba26b1e |
| SHA256 | 34357e60a513de222019383ccffccb3a88acabd6bcb915633d40e2d4ebe0535c |
| SHA512 | f54d2b1e23ee25b609dd645be0a1db722f575d296e1c8e3b28d2c9c94a9a4469651ca49ce436e19576afae06ee4bbe67d36dbc7d3fc4b97aa1174ead70938673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3c67e74f3a24c5c80d9b03bbdb790fa |
| SHA1 | c4f2ebac7fd3d64028334f1689c11e888639fce7 |
| SHA256 | 359627c29c9f34112f52330f89ac1af95a7a13c1d50ca3ebcd2b07317340ae21 |
| SHA512 | 33ebbccbe4e20fd474c192a454b0d3e3328ed3ccafd8b07ee8e72f569f1f3ab5a83182fe0df3ecbff78c0ab5829565e524fd0e5a0fe4fc99d28bbb7dbda1c52f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2a538bdfac835d888e7b438d84b3a2f |
| SHA1 | f61033a84d1f1a0f597ac8f296e31e8df0b8ff1e |
| SHA256 | 2ddc39ba946c2307e6a2018528aadf738339f8c9e01556e0d91014ba39771a90 |
| SHA512 | 0d844d10a25063965fee78d111a634b917055195fed7da59c07e464508d4519a57a1cc22847c1ac7e034481c4875a6b3d261719f66be500ca1c3a2845f373d59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 876b3cc15175dc4c6c5cc68c5c5a230e |
| SHA1 | a25ca370b9cc185438241513223979a78a50dd18 |
| SHA256 | 07f919b929f703164b03e291b9f14dd436163b4e0dd01df6685da7cb602f5dcc |
| SHA512 | 7ee81814c9902e3465a670762ff67b85babaada74bc4727cbb9ad2e3f6b6c49acf317ed232a2027ab35eac13c2699774a2059c6c2085fe1e43ecd95cd25a4403 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f39e3f19b9bcaee2b38ae056ce4f464b |
| SHA1 | 0bd205be9750cc41b9ce537f90e8c409854700e3 |
| SHA256 | e9f0c095bfa670caa538d5cf0b435a778077626e57a4aff6e1eea1e0abc42c00 |
| SHA512 | eb88002d143abca9b958e3f21fb74a5f30e3876898f6603af74574d9a8f4fcdb4694df96ee34dc21dc00b82380d8da0c63b6b4dc36f0b3d4f7bbb51a671512b2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:09
Reported
2024-06-12 15:12
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeefbe46f8,0x7ffeefbe4708,0x7ffeefbe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | makingdifferent.github.com | udp |
| US | 8.8.8.8:53 | cuerosb.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.98:445 | pagead2.googlesyndication.com | tcp |
| US | 185.199.110.153:80 | makingdifferent.github.com | tcp |
| NL | 142.250.102.82:80 | cuerosb.googlecode.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 185.199.110.153:80 | makingdifferent.github.com | tcp |
| US | 185.199.110.153:80 | makingdifferent.github.com | tcp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.hostinger.com | udp |
| US | 104.16.147.108:443 | www.hostinger.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | media.go2speed.org | udp |
| US | 13.33.187.75:443 | media.go2speed.org | tcp |
| US | 8.8.8.8:53 | ho.lazada.co.id | udp |
| IE | 52.16.67.239:80 | ho.lazada.co.id | tcp |
| GB | 216.58.212.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.196.74:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 108.147.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.187.33.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.67.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.196.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.10:445 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| NL | 142.250.102.82:80 | cuerosb.googlecode.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 185.199.110.153:80 | makingdifferent.github.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.jasfora.web.id | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.jasfora.web.id | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_3424_CKNNEGWNTYMPUCVN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6030dd1972d27a5128312f1316b5008e |
| SHA1 | de3eaa6c7de6f6c2a6848dec6922c7cb379cdb3e |
| SHA256 | dcc04e67d4e18917a923d90ab72afc6fbc44570d6ce2f2cedc7d2b132ea5cf31 |
| SHA512 | 05e0f9b6ec7573bac233db593c5f4127629824d78157931a89c818835873d9edc7900cde3f65b10664db6e3df78dc69f1c9ccba54fc67c6116e0f0fbd2d30f42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 433100345151199d288270b1c0a9a2bb |
| SHA1 | 8503c4417b0347d0a08749292e1677b82f978bd6 |
| SHA256 | 24cf277ddea78b4630bcd333a63cb9b9f5df5ffa43a50cdd597271cb40c06fd2 |
| SHA512 | 186ed43cef6c0d6ebaab9226fdb65f742150ab2b1a414934fbc8c4c6d8e4c46145df9eb92af95eb214cb64498dceafc8d43ffe4f93aec89469c0265d917cc6c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e02eee10c80efbff36e1e4ffb8e1ad18 |
| SHA1 | dfaef8168b1a9894336153716875d234f0c99c1d |
| SHA256 | 020af86d5bc8657f872f440d85f65cfacc3d303e2c6871ae53bf48bda7dc8b54 |
| SHA512 | 07880d926ea9952f1c1356e336e908c05302f8c5c4d4b422a3368d9eb5678932a34ea14cc60e72141a094250b41696db6b6e516602cd0d71ff4e63a66e126ba3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b0f122370c2e985b36df2c5a990d8fc |
| SHA1 | e3ae34eadc0701d84d43ea1f017535f283d23a75 |
| SHA256 | d990fb298a7bf6d0778e27759541fecfaa09978440f54a7c69025e1ef19b6f42 |
| SHA512 | d99db481a7bac90d4d6cfdeac0a07751bfecf2ede3c1572e43c3537720684c468acc50f9cfcdcce583cbbbb50f7953ab41f58c10e29f1c07ac7e8f7e793e1167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3f6bdf8996c6f41cb65c7a2bcc8da593 |
| SHA1 | 6f11c3ccd9626663b93ddb310b77c7c85f4b01e1 |
| SHA256 | ce5c39daae4139786cdf13919253317fd51b7dc7456d9fac4407c121b85af499 |
| SHA512 | 5318bdd813d34711d6c6a5e06d2d5cb146765d90d124690f3cd3574b04c36ade3e28a58409ebfb75ba9e660ad9c2e471969413dd4211847362f23252e5e94087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c76aac74a26bc587f7c1a38780a63176 |
| SHA1 | aa4f3a5b8156cda281efaa943b82a45860494ad7 |
| SHA256 | 43d1137e9e6462e24eb99da8f16dec9e06524386ff524e32dee2c3a78f75a859 |
| SHA512 | 0d8c0c0324a02c571b42ad61268275b4b55661cac3f7060b9485028e279477247383b464cc6618ae8f5db4f4549cb9003920c87528abc4b94bc3adac8548b917 |