Analysis Overview
SHA256
2600b7a577bbc97b1c3138f2d456f169e5dbbcb59c7da8bb178df8ccad1a1c4e
Threat Level: No (potentially) malicious behavior was detected
The file a22cf3dacc36a3952a1b174ce90ca618_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win7-20240611-en
Max time kernel
136s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007248f605bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{157FA7B1-28F9-11EF-A155-FAD28091DCF5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385444" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d1911bc18542ba4e966a8a303d324310f9109efe17f3ac4130d353ca121aa4cb000000000e800000000200002000000070bcf832535c2d15c4dfd2f0c18ab857ef66d64c2f3a002dbe52a448b02a4dfc900000000a64018776273d69b102da87fb6fbe0da75a763aa73a9fef65c7bb098e470e44b3eed7b5d3df526a33af16152d4eab7583c16c19ccb4f2ee11bc0be3b70ef77d98b668df9903a024198652a8b3f5bc1038595851e2ac8399a7dd392974588878f110b81564a53d0835cb676176054e03504780820dad6295ea0956bc220b89fa8a0d1f8260ff1f769beebe9a7205a1444000000038d159704afc56f0ab90999bb6dd1dda3f764ba30ee137043eaa9d953cfd9bff850f4be36f0cf654eac8c41483f8444e81a717894872052a9feefc56c0327464 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b518022b364c33d664d4bf587889498d88c0dd76d9805759856475633ac7b163000000000e8000000002000020000000c9ad1dbf31423ef1a005b8900551f95360aa27b0a0c4ed1fd1671951afaabeba20000000aaa1d63d03c2d9b02bf4c7f559cfd0fc2922ad805c238d305601a35763fdc25240000000b1b60f9e8d7a5ab116e029ed41ce66d45991e68b8277bbd0619927d15b1b2f7b0de9fddbac1a244df4c50ba98ef80425597331d36f87e4e81802234d3832a121 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2316 wrote to memory of 2664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2316 wrote to memory of 2664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2316 wrote to memory of 2664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2316 wrote to memory of 2664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22cf3dacc36a3952a1b174ce90ca618_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.mobileoffers-a-download.com | udp |
| US | 8.8.8.8:53 | dlapk4all.com | udp |
| US | 8.8.8.8:53 | api.qrserver.com | udp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| US | 172.67.149.93:443 | dlapk4all.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| US | 172.67.149.93:443 | dlapk4all.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| DE | 159.69.246.187:443 | api.qrserver.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TarD54D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabD54B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39a6756e1ce8cc16f8b99fb6ca22fcc6 |
| SHA1 | 19cfb4bacca423eb1a80492cc9f8e6a95346a5c7 |
| SHA256 | 8189faa1a2422ed80746f96d36bc0216cb3fb797b356b6b45769814c0b6b4485 |
| SHA512 | be369cb852fa35bdd00612b0917fe87f117046b874a422cfc26240f1a894bad27b6882c8932c0e94d904ff12d72cd4ee8b07044f199b207880ffb3957a516248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4571b7eed6e748a1ff8c57225b80b604 |
| SHA1 | 06842580fcad24d071f5e2a0e6419114fb9e1118 |
| SHA256 | 6969c500b4cf243d2e22df86dd41baa663eb87069607a17302579ec15b045942 |
| SHA512 | b509cf7eb90d08ee2adb7f27a997f55f1b36936637b5e8a1d9d48fc59f53352ee92c6dc3f59f0cb33f60355f240d059719b3a1875046ab53e993b6b9bf4c0d1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 732494d74be4a61e2d9054d3ea2370d0 |
| SHA1 | 224e9cbe94a00b98c050215db1501e81bd104e95 |
| SHA256 | e3a32d09413ed302d28a38f9132e8714953291c7e608abfd08c9e2c382da0d5d |
| SHA512 | 03a0d3469752fb18199e9f7310d128f42820ad261cbb80450771ec4713975f03012fdd9636490563df1062194f86757c5d978ffb02b73bf972b974510c28909b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d976f928f2372ad17dc2ab498ff08c18 |
| SHA1 | c9022bd300a224bc88df806f7cba0194839fd762 |
| SHA256 | adcd97f429a6bb98559abfe5add38deea99da157f07e9fa13fe4b6bd4f8c31a8 |
| SHA512 | 0b543d8d13688b83fc6a5e520d52253c828bb7138b65de30d9e6fb12057a3f099af043dcae1a1ac66b604cce9798baaa9ffaf17069ec64d769e216b953f08e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07abbb3ec9a473cf6bc25d46e8e4ee15 |
| SHA1 | f2df179aaf98b5d65fc4bfa3ed4a5fccc68770b7 |
| SHA256 | 6541ac2d02afd5a967860df88fe1054ae0c1b8441994a15b338869b1039be71f |
| SHA512 | 682647b7bd395e9d8a766aa298ad7a3bc416cdc6f90a2dd4a235c15baf3b53d02c01b68480d0baf586b8a8dc4e3e6dd7e1a381b0f76a9c29407ed6c919892629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc90edfbce411736b76ea89e8ddd308b |
| SHA1 | 02eadad9fe52878d8ab98c4b74b4419d8a5eeecd |
| SHA256 | 94eb7f39a92a1a50b23fe7befe9fca6319e82bcf02496658340c50eacbc7cb22 |
| SHA512 | b7f3a1746d2f8472b6b4d917abe677fc736df66f83200a10fb9f459df22d46ca716365313bbc4e9f7ffbc6353676de99bcb5f2491107260045ff865f80952383 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d92228b05cd4fd693c0b7effd2a63af |
| SHA1 | c16a02887c3982e3a856bd4591e07c39d772b0dd |
| SHA256 | e878289c98b2dd12b4be8594c31f10f7b6b8ade5141632c9326158a36d57b41a |
| SHA512 | 70a1c38f9d79b96fcb4e1e22058e5b21a549be4da602fcd4b818019518c40d3e0b148c10d3c33d51d80af0e74652cf4a3f8f8cb22f52e2aebc5633f2379e0059 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54f1481ed301c9e6bc6b4dd052f887a1 |
| SHA1 | 21dbc29b480b6d32402f1ea74451a53d247a02ef |
| SHA256 | cd36a65a22fe9eb3cadb5106aa2d4a1bed58bab8600ffffebf255160e715360e |
| SHA512 | eeb1345fca57be9daab3099a24dbeeae8350ace9bc9101541f6948a9b6c4c092bf546b1a384f196f6f385183e7ec70360e77752fdaeb4787ceafbf3334a92206 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a57fef3cf53139cf760cdf2a7db7d934 |
| SHA1 | 50a9f594d616d54c19ec1663ff6a62d418d0b744 |
| SHA256 | 0dd57e7ea0ced8f70ff83bf0912ceb00644cc46e717a29f965d2739f626bb5d8 |
| SHA512 | ecdf5f02466a142d3153847a157261288968335d3380802e367e47916006244723abae6265f48d8d299f925675b9597d8b6f314485f000c8c063d1c9097c6c86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9127d20f21e56bf8cad6e37ccf420d92 |
| SHA1 | cd1c89b65fd3bde91c1dad07a7ee7ab24514be1a |
| SHA256 | 3aa37d1201b950f505c9f80317807c51d4d29a60f7a708315d9ce0081b75f486 |
| SHA512 | 9ed2474c6584288c79462d7e648cda5a641a38bef3749fda0bf8997658901dff54cf729938d05f238b5c2609c2b13da35fb64f5258690df6b48675cf8c43763d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cc9321ad0a89d8f9a74f86c0973bdd2 |
| SHA1 | 9012726a43468b2e62fa28cc328d0e797d078bbe |
| SHA256 | 2830ea027a8c439463e14b45e060ef083e7c1ddcdf064186f1f2694bf7114fbc |
| SHA512 | 1adbe3adcadb8cbf8075cc2dcff11c41236e750562cce972efc6a15953789f7dfe0511171249ada7cc5a52fb2099e63232d7a1ad809c311285ecedbca5929ff6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6215f23354189bc81321af62b1b7bf9c |
| SHA1 | 3afdda188f9158d25ec8b770ac92743af9d8d1f4 |
| SHA256 | d58e93bfb012a867d26c0a28745c4feb86dd5032cd62981e6fa5d7fb8682e6e1 |
| SHA512 | a9e625afc70acd9d860890608a7d7b47edbff71e605e5a8f4cb26f37232eba51ca1f3d07d004c370008dc13b3f7f0abfa8f18fe304f0a5d19e85488a74418efb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 884cd495bcd2b7c2f0c7ba30dfa86fd2 |
| SHA1 | e1f6a9c30c3d75c199997febb7f0742a520c83cf |
| SHA256 | 75173e215252061c1caca831e6734df8fd59656a979c082daf78995e6ff4edc8 |
| SHA512 | 4b468fe8102bbf01f06e0a05a4638c3fd5eb5eb8c6fea13f757a48529168be0ef0d7877e150257aac41716a5fd2628a804376d5239a426f26b58831553fb3144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a40fc9cac9edc8b73969688bdba8a944 |
| SHA1 | 02018d8c09e19729bf142d66a160b733274c2346 |
| SHA256 | bdfc05153107c08ac60586d17d356852276b154f5751af15022e5a3b1ebcf22a |
| SHA512 | 1f2d00ea1f5a62b84ad3d85bbc0873f003af8266fd1c1d56d196a4ee4c36d16b4a3d460f9e8d9a37df7bbb0b608b27471fd7a23354e8c51d11f5da30697c0235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d36a791693c7a34346a655c84845f40b |
| SHA1 | 922f6934b882aaa1774f06bc42b824cc6d98b644 |
| SHA256 | be3e36e43e6dad604eb7ad3628dee4f361c17faa0fd2b2610e8fd80b98858923 |
| SHA512 | 8ccccd781d8bfdc79d218069720fb9443bb631a955dd21eb9d0082339a15edb448446c09d6d83cc20a3128112a5ea72c9c6bc87ebbcfd9a6c5f52a8e9fb06696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c252b8f96bb9c7722c865a5529b1364f |
| SHA1 | 257bfce1b006ef1f19679fd580d2da06b7f856bd |
| SHA256 | e4feee6b525d648289af95c2ea1789b78ddf9974507e3619f7231d77607fcf14 |
| SHA512 | bee5dda07e64b1daf0cd48b270d479bcf89fdca96da2f8319ed73bec54ce8dd253e0710099877698ee875529be21412f2f88a67cc888572b155fd3b1112de816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0b48e3bc200cd71242b254711b003a9 |
| SHA1 | 5f3c581fbeb50ef4087847414c2233775771bb8e |
| SHA256 | 9116f96ae13267d0381f8b4c0027276f9e7c370bd21de608887ab5362fdf949f |
| SHA512 | 702c88b14e0856349c37ca0a57fbf1c73305c3952b6c745f88c8670dbe3d84debd27a7f8e10395040235a16ef291817d823f2edcec07243f41bc4f1b3c6a3c8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec75c3d5e2e6de0fdd20045563ec9118 |
| SHA1 | 16e428955068312580212dfeb04aeb476227576d |
| SHA256 | 31b3a4014db659349bb06d7b6510b65df69ef23e3b60c166a4346ea18a2d7ae6 |
| SHA512 | 34028cc18c7d6fe691eb29accbac2ca912ed7ea57a18be037b5c4c6f6bdbc51d0ffc5d038386bcda4f6054a559b662a808534424c96765e7817cb0c73a9ab11f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b950c2a193a1741c7c61c44117a48283 |
| SHA1 | 7e402128281468bf18be3d32c0dc5c8747cff1dc |
| SHA256 | 1cd6428cc84ed36017195c5c35302fad3f31adbfc2fdc44dd8f4627725baca5e |
| SHA512 | 41e55cc443c1a507cbde8c6b9002e089aef97cedba6dc9b2ca36f3fb9118d7809da7275fb82efd04de8699ac3449a1292b18633a1491a4c2e3becbf2767ae1d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a251dc510a606f3675a3364916f34c64 |
| SHA1 | 7914869334e4e63ab3eb1d94bf2cf5769f22d2b1 |
| SHA256 | d866e39e0ec4827ad90aee02269c70ec1ac3e779acc55f01fa93b98397afc480 |
| SHA512 | 15ddc6a24cd7ed5558f549bf6e83b175ecdfbe287011fdd654cabc614ec80a3f5396a057c00506a045d0dfcd2170727f5f6a905330c8f5c4169549012a27fb83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9f67d8021ca24aef01c1fc37d8cae43 |
| SHA1 | 4c74267599fe2a8b72e098524db95918926b05f6 |
| SHA256 | 42720b5efc8c4ff1e2095d632e4811bd76a169a33fe62c280fd31c07838cb3c7 |
| SHA512 | 7a518747f5ccaba9d19c77a644aa1d72bf86778ca7ca69a7cac189430c80d577c09f3370046012667cf2f5064849f168269a2aafd1a7dafbdd6f0d38016f06ea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22cf3dacc36a3952a1b174ce90ca618_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82ad46f8,0x7ffa82ad4708,0x7ffa82ad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,3684624258233133988,17840430553664295324,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.qrserver.com | udp |
| US | 8.8.8.8:53 | js.mobileoffers-a-download.com | udp |
| US | 8.8.8.8:53 | dlapk4all.com | udp |
| US | 8.8.8.8:53 | padsabz.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dostophog.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4696_SRBPKFWDIQGXZOSY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8ffeebac95f10d71d5ecd69f10ced02 |
| SHA1 | c8e62d86baf2599de738bdc0ea3340731e214c4d |
| SHA256 | d7280d4456b987ae954e8021e99b02220a45e117b85ddd0fb89b2c1709bed9c8 |
| SHA512 | c538f7147156246e76f29548092ad47aa2cd4d67eea1eedcbd5a62d8c8ab564b7e64bfce4a52bf76039d0936422822bc315ac4ea434021ff2b78ae3fe9ed7b0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16bb38755e2021cbc9c34568d48c492e |
| SHA1 | 2c3d1646a3f44ddd7bd2bf0b1df189f1496ef725 |
| SHA256 | a7f1ecaef412b2888d44b3e438fc8a8d5dff3dcd457515cba1447d8a1d02b30b |
| SHA512 | 4575cf3c8ac1b1013f76b7cca5264ea10fc66b5e2dd7bf7af37181a4c1bb8a15dbe3e8ca8a13345bbe557f4bd9dc408576377591217c2aa21b29743eadc490ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |