Analysis Overview
SHA256
66b5fc3f9da38974d0b224fe836b07588e2f37c26619a309c44b8c8c1efcf207
Threat Level: No (potentially) malicious behavior was detected
The file a1bd57e0f14064d324a78fc7873ce539_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:28
Reported
2024-06-12 18:30
Platform
win7-20240611-en
Max time kernel
137s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378766" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d7eac156e0ebaaa1f44976dcd203e6a625a2c863e2eb1d221956f1473580ad15000000000e800000000200002000000038806ff8f4abfa1927e7b431dc6c2546763270f08490551b95a495cd748eab9720000000b2cffa870650706f4bdec6ef1958d219443182f926bc434370f43cf5da32afb9400000009a1128507541cf79178e6ab4ebdb4be779295835b438e3f8be9b486bca1e0539b78c845ef1697afe9b1693a6ebd29f2f13bff51ab54c3b88e326d41e705defa7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8972CD61-28E9-11EF-AAC6-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c045db6bf6bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000a4fef3d4d88d9c87eaf633beea84516ff452876bcb00dd4d4a036ccf16422bf000000000e8000000002000020000000fd78bf206d8735c3cd22c55a63a3b5b0f4492247e3ad5141fc9d1313b73c07d29000000073307d093b9dfa249fd127261dbeb898920009b4ef7828474bd5b3562ecad86f8f8ca4b53ee2d401fc69b8af4483851f146977cbb87c65bf05af69292488218d041c97deda13175907897ec631ea7a738cc4962447b1890fc9a60183e99c34c9683b8ef4ecb5b319bff19ee6130f5e8ce7f4821ab482c767ebe3ea1b77d8b3480badbd5455efa0cd4c2beca819d3552240000000f95a2d1a42d40ad9f9c8ec302a4db2ed21e66f0b04895ed61dd0d78719449a2d4aedc59172dc904636b79ee00820b769f8c3f349a78438d2121876f587bbfc89 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1768 wrote to memory of 2816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1768 wrote to memory of 2816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1768 wrote to memory of 2816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1768 wrote to memory of 2816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1bd57e0f14064d324a78fc7873ce539_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.buscamais.net | udp |
| US | 8.8.8.8:53 | ads66019.hotwords.com.br | udp |
| PL | 79.96.168.112:80 | 79.96.168.112 | tcp |
| PL | 79.96.168.112:80 | tcp | |
| US | 8.8.8.8:53 | fuzzylogicinc.net | udp |
| US | 206.72.115.132:80 | fuzzylogicinc.net | tcp |
| US | 206.72.115.132:80 | fuzzylogicinc.net | tcp |
| US | 206.72.115.132:80 | fuzzylogicinc.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCADF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCBFC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ebf8352213cd388b45132b07826f156 |
| SHA1 | 5abbbeaa5b8587c28fd7eefb3f75a68d5778842a |
| SHA256 | bc360ce14c21d1802554471c168e64b7319953251927f85224b371668c543eee |
| SHA512 | 7c441f1f877208a244e60cbbe691cc68f6d885cc69e92c05a1e4567bba41fae9cb2a11a4e201fe7f4caf8d47063b1f2aa04b3b97b0080b188a56f62ddaaf020a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c98df1d32aa423b27a9c161e69d73d6c |
| SHA1 | 76a1ed43f509b9929ff253a8621d6099c94c38e8 |
| SHA256 | f5b3cf025408cea87b53ec62b176c8bb911ffd57a2151b8c0aa1d7e2211d66d8 |
| SHA512 | 7c06bc5186b34c327d73cdf042797adf8d56ccb5ed6101e3580ec04a1d2ddad4369a10cb225e715c77fe44acf966044339d7bef863f9c1fcd9b686bf8f12564e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f54f76901ac70e7df80e2cd81e11b8e1 |
| SHA1 | 5b44d3dca25a649924240152c9b80a3af049d912 |
| SHA256 | fb0bcab2c01ba0b6752c84afaad9c32e34972e4c0818b2464d5e6a789404301d |
| SHA512 | bd673ff65e80305c7c4d722e586026593f1283fbb5076330b051d7b4020d4acb9d46ca1f6de51b7d806d18c10773001d0fb15fb2b61b6a92720913c9490dc700 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9057ff6a07fc73e9b80c140c7e158b9e |
| SHA1 | 1266334c8569ca7ab26aaa8968e03e9a70426799 |
| SHA256 | 5877f405f3ee668f7e74e37f4a0f629e727f517a0953ae9b186c49daddf3ce5a |
| SHA512 | 02397e003173db8ea2a078c65bf483309f507dfe4324c91965af02fa348df47d882d9ea1311f9e817d5906081c1d3cfc70025039fb35cad2c3b370cafd7702e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a2eac910b3dc65740d973a9f826b175 |
| SHA1 | 9d802982750d4d01f44617e26325658f952bc40b |
| SHA256 | 14bc739047ec33235debbad18e6a981ae07c23c10dae278a4bcb134174d5ba73 |
| SHA512 | 93c62af82f6ba8ace451f5b8c9501582cb26f447432fd52574ea834837a23bfc02aabb78ce4ab6c92e8e6a207307746d77cbbe189a8fda91b72d57dde751381e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebb370a37076096bc7f03dffada190b6 |
| SHA1 | db3f6caf0f6e2abb6243a06d38d67a72c56590d2 |
| SHA256 | 2bd33ee5e053ea235cc868f0c5d0c69d19a05b1e6219ab83e2ebd2a68e6feb64 |
| SHA512 | 35ffd5ad60311cbe1c03c2f6f7d275a808f9ae0dcdb3c34f0cb40950cd0d46825ff26f00f4d8b33cbb019753fe15c2cd84c3835491d56ce85e4fda0b68cfefbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd388126ef026b51c9d7338adeb97829 |
| SHA1 | 90f584d09edcabec48ec1e6619ab0aee95b2373d |
| SHA256 | 8f394638a736f2fdb0b49267f06852549a873c68c1d33d110ea376ea81073ea5 |
| SHA512 | fd47fa35128553600bcb4e9a3e86de44db961ddf964fde935669aec734ad8f603b6bbb4eef59a112d4b952eba34c857d8278b9991fe12be87698723a57fcd153 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6338124b53ad85cfa04f5e45de3ee1ee |
| SHA1 | ccf88add5ad4e9c899b0471ab2c2a739425c0ea2 |
| SHA256 | c5b82745f074080b338b5f20b390149d924a663140dd881ab3377fbe1d5b9683 |
| SHA512 | c4dbc4d036fe0dd34a65cd1bd1707714971a3a91cae1e1e29f3a4f37574198d04cca2aeed5e2d627840d37ad494a7b7ecd0f79b73eda91b0ffdb0b671ea630c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec14572b9df59b94cd9864f279d42afd |
| SHA1 | 95ec4a0a5e2671c32c858009bea7d1fd922f00a2 |
| SHA256 | 0c313b2fd2559ea5bddddea0d4573b8330a104a4e2194ff621da6860bebfe9f9 |
| SHA512 | fdf667ef96f9d6484e2eb9fa0de3e5d71da26d5b570c296881a09923bdc67dc372578c85e896fdfec98bb61471dd4e0334fa95eee705db45dcc5d48f7f33e9c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6c6e8bc02eddbbb41180ffd763cc5cf |
| SHA1 | 432285014f3327d04574cd9079d90fb323caee48 |
| SHA256 | cfbd9a45f47961c6b265b9983b3ee34f9f3fdd1954a0264a5587f6cebd481a45 |
| SHA512 | 0b055968b840f0d8c82337d4ce091b426000aea97924c0b19dbb36c01850755fb560a81b05df37c38be4e9bc770d660746ead5349e5e6bbaeb6e9e2b24a852af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7e7fb08c1f7252d37d7e582a07f50e0 |
| SHA1 | adf23637a2285e821994b27afd409761160918ef |
| SHA256 | b3773c439f7a67be5c3ab93af16db9053f43c79e5fd9b729ae914aa50cf2c42b |
| SHA512 | 0ed1babd9b4cecbc53f1e41e05815b8b4a759ab45bbb312ce14a90a82cb34eae85a33a39a54459be13e71c12b5b3d55a654212b1bdcd705064bd812c46828b11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85b546ab7ff030412451688038669cbb |
| SHA1 | 836ba82442bc40131893bc048bfb7456de17e08c |
| SHA256 | 38a05ce8eda36b14076fe8f3e6926e3b031b9286e6799036dfdb766c6bf63b72 |
| SHA512 | 2c0fc01b15eef7231eccab6032090bc14bf79408b8058f2cdf7a7475c1b3ab3d939a119d217db7413d1f3372b81b092971f2d8b9604cd3214d2a4b4f8cacf435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19d160348c57efa1762e9f9e4c04f851 |
| SHA1 | ecd464d7e31efdb36128ecf47c514ddec0fbc53f |
| SHA256 | edd43b0a965d7adad72c2f817a65e57994da89a9e08d9f49d09ec706c08f96d5 |
| SHA512 | 05aeffc801e3d67b135a94e3893e0107220786d68d009f27ac533649918214260bde2303a7bf0d99e5524bec79179f46cdd2585c78033b83533d88330221ac9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f750a44ead5ddf3483a8f558637ad8fc |
| SHA1 | db9f2b9fcd3207c2b0f255d6623238c5420275b6 |
| SHA256 | 0e8a02e66ce14b2385252d97b59d69c3b9c4b9185895ca60e3cf8dc1c70a8ac0 |
| SHA512 | 0f96cac3c8ead42466e46c2480237af3e65baefb78139c4cc69ab1077efe6f1d32ea19a2d758acd00fa4cade3c12b9121afe8cd523fbb52e81e9dd7cf5266adc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69afcfa44341c6f4ca182d293b681b56 |
| SHA1 | d32a77d8654ea30d5f25164fa262286d9ce7dc20 |
| SHA256 | 3176199e0aaf1343117daeca10ef3bc1716e6e0e6d709aa1a5f12bc593b14887 |
| SHA512 | 6d220c8bdcce57400d63cdaff8958c31e803e12a346394dbd868836ab03444141222aba953ae699e437ff8f87ecc8b14590b8958d74c4134914623468eda9515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 234f38c178802ec72ded417941802182 |
| SHA1 | 57ac3aa39154e8c349039ca8d3b743cf615586c2 |
| SHA256 | afc05efac562c7fb0a7acea388428ce8cbe6c0cb381d16aae5c7a31bbda46ef4 |
| SHA512 | f9ed8e003ce9caf229017c6199a3b0ccf99fef6c7c8dd4fb96c86d7bb1b4832401eaa904304a01c13d80ce817e928fab24cdc10d71067025613b47a8deae4756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d64c2079ce08846aff7ea9f829b752b |
| SHA1 | 930deae851617cb089c5dbe98224016589b73604 |
| SHA256 | 2cdd452bcd69d149d224e5b69664ef43c3b03bce3ff16f18882f529c1d4b8c1e |
| SHA512 | ca4e9e2cd3cd27aa1998294f166047ded06b9fb40338779c29b641d958554540c2f6ba09d88f9c202853d775ecbfad10295163e1c5cb1f1ca4960187909b6896 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22fdce3f839ce17847948203fd2c308a |
| SHA1 | 0866f98a3a75c50c9ac2947c62c87fc3e2f8300f |
| SHA256 | 9363be3fd67700b37e78f7ae1e5a23ce53732fc84518eb5e06d5cdc278ea0786 |
| SHA512 | d0ea506386f2e43bae3713c0ad35607864d8d3a6fb05ead35ae1d823a99c6fedd96ebdecbda2448ef16fd93fed35e410d3b36d212f99768dc4f907402c4f90e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49e225f71a7a42eda71c9fa5775470f2 |
| SHA1 | 4dfb189775c79f4c83166843e0f799c75148e4df |
| SHA256 | 956559650822ab16382b822b67de2995542ba1268da0797f42da294d58efeea1 |
| SHA512 | 80552abf8bb76dc29b93d571f18bee9411840d6f7dc4a313fa55363ddcd2978135bbcf6c62a380148bd57a7e18b32d5a48a689f59e2be9ba1e783af437adb288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9ade302bbfb832d5dd0c4ee271618df |
| SHA1 | 1673c959558b2c1a554fdc3b1d3dbb0ffa53b222 |
| SHA256 | 267aebd5d6f42ef6ae782807371d4fb08972821356650e0127fcf026c262085c |
| SHA512 | 98cd955688985dc77f31b08a32f70864b16cee9df929aaf5c3111dcdc4a0c3fa6d1e0d784c5d445c07b0b9ddae68770740ef523d5bd53a154c0bc739685fa35e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0206c3850e6b55330d7e1b105017a7c |
| SHA1 | d844753493c98ecf026ab8362db1ab7abc7baede |
| SHA256 | b6a95bfb701cffb6038b36447561ff52add4735dd91a6eba0d58ba8791afb844 |
| SHA512 | 541a1981be670078f611fd5087dbee7c00a4303f350720e0dd035a90e3edab523d0c42d1b7093f234e5b5faefc5013439815c98278a8c5c5de975fbeb06695c2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:28
Reported
2024-06-12 18:30
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1bd57e0f14064d324a78fc7873ce539_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17640969040172509322,2977161745827509707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1388 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.buscamais.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.buscamais.net | udp |
| US | 8.8.8.8:53 | ads66019.hotwords.com.br | udp |
| PL | 79.96.168.112:80 | tcp | |
| PL | 79.96.168.112:80 | tcp | |
| US | 8.8.8.8:53 | www.buscamais.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3156_CVCFQNWJNAHJEUBC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5fb7eeda567bfd37c95f88f21a21e5b |
| SHA1 | 73686faf544ee5a9f274d6a7782051a70c5d2d61 |
| SHA256 | 1c3e493e595b1ae6e2bce87be0a86ca9d53c3ebf92d483daf17ca3b588728cf8 |
| SHA512 | 3548090726fe8e6b6ee42acf308cd0f801208c20c28ff0fb336449060b8a021112c3b70f15ab011ea9284f34cdac3fd841085f11a59ba3e44808bb2dbab1d6d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f9cb665e60f2a28a448676417de47c8 |
| SHA1 | d45e5f2d9669df8d10fc65a53db613d4ac2a7386 |
| SHA256 | 0c86c412ef3007bc2b531a7308a29925f14c93607acb45195dcbe00c85090fff |
| SHA512 | 69cce67d34279dc20b1653330632560cdecd8c8ebf16040c5144b6568b181dc91c54338ccf37c3ed79b90ad75f9928a04972e70075d34d5ebcadabfdb46a0e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09935cb02859a0c692554520ab3f80e8 |
| SHA1 | 12388d872bed9460f5800a0ca4c344523aea43bb |
| SHA256 | ef9dc5f0277b2b37dc15cb19b244fd880397aac02a226d73bd6c0a85c816f9f9 |
| SHA512 | 7631391e0178ffbaae25a6b5f4f026fc9bb8224524dd4e270968aee0ec80c36ea4943c6a87455d2fd6e4a6b8bc4fe0584a2146d60145210fd343fb10d9adbba4 |