Analysis Overview
SHA256
5ce3fa670a2908f580b163c4b1e80a5664862f0464ae6925f4bc22266184f231
Threat Level: No (potentially) malicious behavior was detected
The file a1cc13048886426ba613cad47d71cd83_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:42
Reported
2024-06-12 18:45
Platform
win7-20240221-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc5000d1a4713b45a5dd7b610203786400000000020000000000106600000001000020000000b0113065bb3b1a5bc8fbb21961f37fa3985384255bb7bc28995917c40b77f14e000000000e8000000002000020000000e263e7ccdfa6067a9a46fb75200f081dcbcda3123578ce54670ae8eed747ce3e900000002eb57e1c51bf13f4695de6084a7075df90f1f9c85d1e9804c32d31ea7ddf577ee7ef9e9d76a8442bc765fffca8bc2dbf389cf46bfc48bd17c8f0c2da23d28b848a6c39b5d6e9797bdf01356c17fd505ef50d07ca655e56ea254279cd112e332495cd5da0e4b594278ca05283ba91158cbdc73d06fdde1b44185ca3330d82a1aa705068a08684d5af9fa24c71dbadd624400000008853548df19949be52803bd86639a73bf75d1d87b307629a646e141a074f281e03a2fc893e996a2593e2b59f6754c2a84b95227f55336941ea9c22552903ac76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc5000d1a4713b45a5dd7b6102037864000000000200000000001066000000010000200000002fcf1f71a64f52c6395358bd3e187768044b2f7272730bc86ae3d4acc59e6993000000000e8000000002000020000000fdd5efeebd912e7ebfcb5db47212293a46c909b47c02aa2ecb6f32209ee2893220000000abbdc91ce1c2f0d1d149051322ab890b701293d7e36af8c7e959cb49858ff83040000000197003d075a889612a0ea7c64fadf6eb170f8f4258f24928f84e1b4109881c4f3d69dcab79e95b3680398942dee9443d57678f91d8933282d6e39527f4b5ca27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379622" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{886A82D1-28EB-11EF-97AC-52C7B7C5B073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c014f260f8bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 856 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 856 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 856 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 856 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1cc13048886426ba613cad47d71cd83_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab433B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab4417.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar442C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd51b158e77f9384f5f49d0f002f1602 |
| SHA1 | 87bb65e6320e7ed70d0a86496cf52b5ce05b2617 |
| SHA256 | 8b3fd8cc271f25152b2dcef690e53bf1953e507c853bfdf991e2e2e618ccc9ae |
| SHA512 | 86a6c9c836358ad1462d156a7afadb7ae817c32506afc6023c099544d1e59d554c9b80eaa2d43fe8ef4932814674ae75b9c69d4cc8c5aa2711db7f0bf7d18715 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8f4fe9325bcdaed2e1d5e5eceedc349 |
| SHA1 | c9c53a89577dc9f147521fa12444272482f6b8a9 |
| SHA256 | 4df1e2d45efb54114f63bc70c9b0e72ee53bf65ce283c2220d3f9893fee7cc4a |
| SHA512 | 45e55c76d59caa350cfc96dc96a6a37c517ee656f06215965bdb6b09f39af8b05a998fe9e11834ec6fa1db18cc8e817f30c04b02a5511e5663eb7b13fd28c33e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 627274b85e57e208c136372a9605ef65 |
| SHA1 | ba4d37311a72a21a90e9da3e7b5e8b02bb7cecce |
| SHA256 | 8ffd5567d1bfc613d7f96a2da92e9b750b14584b8a7fed28ca2b2a10b4fafc44 |
| SHA512 | 4101ba6b76b02b1872d2c63f6ca6253d9179b9aed927ffa39ff42145171b261dbc50f05438fbe86589cde0884a029bcd2af1b700cdd4707ea7cc50af48a657f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f5c99db42faaed1205aedaf1e937088 |
| SHA1 | c4210e943479194beafa7dd631eaf4c357b03f4d |
| SHA256 | b529af5f65d99395e698c1ce41417756bb3d6d8239129b3b3661f22320a9d79a |
| SHA512 | 3aaef80b7163245bdaaf01a2231f4575740a7cb40786a3528c1e3c3ab828495f2baf8a1e1a330a937b8412d5f5193183a46f17cb790277bedb6aa291000c74a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67bee9063d1b85ae1087be0b9bd624c7 |
| SHA1 | 3c9fc5c87dbd0fa571a64d9661bfa10e6b90e1b6 |
| SHA256 | 831b949ec9912ee3bb087fc038b1fd43ba166e69cbf3ca838d905af45ee27862 |
| SHA512 | 0e9f1f63b5657f9551a0981cb42d668e43c4ea961f86a18d03f196bb3ec6aa25dfa0379154a9747edfb2e0bf0f6c60b9f575789a26c1e1cecea42c940a447845 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37e5152658b901ec369ecb46fab620ff |
| SHA1 | ce9979030555ce1f34106b36abc4ac594c454936 |
| SHA256 | 9ade2eb630e0bb951b4abedb4f24e9c035faa21c3d47fac5bd82ede7192f5131 |
| SHA512 | 6ccebdcfd9134b2c5cb0a2446293ee556b81bf28c487efdfaf4cf8c46d429855c227c3dfdbab4f646e41a38ab2e76c46de90218a27bf23f46dc5d51bd2835adb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7280107d6913d3b0afca76ec71aa87c |
| SHA1 | f7dacdfe559749bdc02cca1ebc47a2f39bb4fa2e |
| SHA256 | a5739be76713698b081912790331991595eaaff1cad7c20151679c0e13250eb6 |
| SHA512 | 755e905c77da0ede6b1fad86d674f8164cc41b1b32ac97d7409c8083a5e8d65c0af45e97d4d1101d9958b4b6637345d40701de393eb641cdc4651c7d891a90b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b206ac22f1a1de79d769506680de7a2 |
| SHA1 | cb5da7ff0cdadb5a30f8c0ed684b9f2cd1578289 |
| SHA256 | e33df27628b6464738620150ea7ca6f263e2b2920765d2c7fd59ca82bea8c825 |
| SHA512 | 05232ad3db201e2ea6ea65ec77e655d1dc12c5d5f70306b6f6ba639085fe8c00c1ebff1fac2e8b0a0723550706377a043b3e8e375c19118a8459070bfbc67f48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 996c85fcc629e8e016c59d71c3836d86 |
| SHA1 | 7f525cc03913135ed48e0d4b7b3719d844489f08 |
| SHA256 | 94c00aacdaced57d87a9fd4772ed7407332e892847b621a8636e4678dda835c8 |
| SHA512 | 85ac38863646b5e470131333aa3564b9e3a93807f91ab129789e2ce10d75c10ac9c14a08ba00729c90499b313b2014da2d1942a0ce47d8a37bc767070b4f71f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68e6205b0a27371f24796e630742935f |
| SHA1 | 4f310abbaf7b3cd797fca06c4d033accb6b755d3 |
| SHA256 | 8c94b31a2bb4b0dea6b0faadd4be9e68bc2bdd2b5fc1d98d2b8f99180fded6d0 |
| SHA512 | a448c85345030c59878e4d9c2c30beb6efd5abec17be705c4633141ebb701c81d2c65d864e86a7e73af3e6943fc8e445ae95bd06fcb2645c29662af15b729163 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bf37a5355aa32b643e21a85a32ed3e6 |
| SHA1 | e3d8909dce3fbe9faeafe098dd8ed6e3abfd2d63 |
| SHA256 | f9ef64c67a0792b4e9d645a1ab0af4c86b4f1aced2a759a9ed2848efe4ff61bd |
| SHA512 | 0e5986d5ed3427710f3df53558a21836c0748cefdf93af42c3ed13093b2edfe808fadea20ec24e243305aa06cba2e08ac6230048a3c426777c10e1b932c5805a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdd1a86f4b5a305c557bd41b288a89f2 |
| SHA1 | ef44bf9750c179fc101e83af0aa8d3d1973afaf9 |
| SHA256 | c0b96fd3fbe0aba5bbf3c72ab4933b2004cbd1ff168ce587be85a4e68dde7043 |
| SHA512 | 0612eb1ca898ca760e1cb062e6bb9db3ad011980190f883ba87692ee98e661ce636b3e9db6d1398998686e1518703650e885e1ed0ba37e3e7dc0fd8e1fc1e7bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f84ed1827756626b5729789c57d9aac3 |
| SHA1 | d89ed89102475813b106821156e25d8ebcfd70cb |
| SHA256 | 8174d3c5bc60b70d10d6607ebaf2c49ae138e4c4aee4692b25320ef23001913a |
| SHA512 | 5c423bb3ee6a0f3af62f5a50d0b2e20982307ccc24d78a6eee0dad1744c03aa121ed36e59759ee75310785e7f7967eca5794358593a244e1d6879f88415458b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c066e4c1b058f5b121533c2c352767f |
| SHA1 | 6586588b8546aec0c4f74299a0e6b90f2151ac8a |
| SHA256 | 3e6a83f51279db65ea1c956253d869fe7de87f504ae72711e0b00365fea2608c |
| SHA512 | 509ad695ff55c3498ef0e078a59f300958b13be87b94b8d78d92eb64bc4d17c1b0b5238cd8a5a1d50eafee48df56b8c30a9ec4d81e23682296bd40e89a6c3e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bded84ad5cadeeeb5e7ca229b64d6756 |
| SHA1 | b13589aa31369fe7a5b586668ad655ca741663b9 |
| SHA256 | ffd582d69668c013e23aa8da86c8dcd4fdff2c12defbc4b835d25fae56277983 |
| SHA512 | 5ad981267eb59a65b16e7cd01cdb3401f196e8af1e78df064ff0c61687ea023812cfe537944a9b9f07bcb0f7bdda45d2c0c802e048f7032a878823393de04443 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053b7f9a6c24d75111ef39d4f4e82f96 |
| SHA1 | 512217538a8c69f5aa0e2087aa86f1197b411dfd |
| SHA256 | 397097f876b32c96a84f7fa6468e4066ba4e7e8e296a36e36324c7b0655ace87 |
| SHA512 | 25bd3d8a299cf9fb11823cc3e3da07a74d7a83b87f4bfe769b71b77b2df0f548e9a60ef94e1fafd182ba376fc9630f4aec2c50b5838d145bb428a1e072fcf647 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f444ce9c932022ccec6dc156a48ee94 |
| SHA1 | 0898978860f5784cdf54e6c6f00c010800daaae5 |
| SHA256 | feca80f15f7a1983a5e45654fda2de56fbbd5baf3025ef37fd8ffa210dcc844d |
| SHA512 | e1b85e791eaf7fad9e76ba086a1a578dc16a3f384b78b8da2f4283b29056a00f93d31ab92386258317e889659b265a6f966a55973322eed6a362714ebb1b4540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f85fe606de607937f422e68bb49149a |
| SHA1 | 7aacb65718f661e90b4b46ec255e93f54338ca35 |
| SHA256 | 97c47bbaf11ed6fb2d80563615b5b3078d92befda4be6c4db03080b0b0719728 |
| SHA512 | 5c6a1b98bc57502510bbb7b4c6ee5e605a88e080504c92bd117524da7fcf0b58cce395525dfade0ff110c1a8374a5e22c1e3cb869605508f7df464e7f916822e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:42
Reported
2024-06-12 18:45
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1cc13048886426ba613cad47d71cd83_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3079456264729949656,2774209488508718176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_868_CGCURGMDMKQIYBIX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8184c43cfe4f4e16d639363725a21067 |
| SHA1 | e2c2bd30b79e6c6985854a6370e34d9f3fb0d337 |
| SHA256 | 681bedc9b964d74e7357af90054d0ba6d5d4b0c74cdabf33bbda464f340446cf |
| SHA512 | 2d4951aebe4b71cef4a97ab8e6535eabeee2b55e5a64ccffcf9e6f227fac92fa72ab03cf3f445c57d17ac0f1176daf6d76943b532dea80bfde0038f6b96e42e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 167d4d64bd79b165852ee3daad848923 |
| SHA1 | 2245b6788981ae22424803472b4170f6d4d1f905 |
| SHA256 | 5cc448da665450dab0a3bf390a0bb7a2a3b0be788b803d581bad09e1fca8c1ca |
| SHA512 | 5b8068683388d8531bade17d9da24842f8476ba1beabc7e4189d3b5e6c052c48fab53abaa0fc95ebd395eabcb178c239c16267b4d1f4fd51c26e2254d7e0e4d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0062700ea351224ac685414f507fa1c |
| SHA1 | 0d02159d0bba958297338c1905e488e69196c8e0 |
| SHA256 | 399657b68f0ffe8d20bfb8dff822c3d6882465fdacee42c64b03938b9995ec5f |
| SHA512 | 2f4b9e37ec90a80ebcb09e7360c203c2c35327c0d96a5d38aed5a7180f50ccf902ff50e45b0a9b02c08a29ee23c53b9047528b733002c171853fa00fd65049e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |