Analysis Overview
SHA256
8d5e642b8f29e50ea7dda2fba8fe4aa680725f32155e55d61c2f5e2477316d29
Threat Level: No (potentially) malicious behavior was detected
The file a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win7-20240611-en
Max time kernel
140s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1FA0D341-28F9-11EF-B477-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700f311906bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385459" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000454077409e47af9bf22ed11972aa167cac8aa1ff1aba3040c0893bc65fa55870000000000e8000000002000020000000b8ab7b89dc4b929844d4846cf68c32b60e9fbcc9b69ca46b29e3e8a82a4f104b2000000024a725c08ccd81040d6ae2dd777dba621716cf284d5f5fe720cdd77d45013de440000000a4f4df641feca35372312bf8ab97e06cf88e631b8bb5a54b61434f79777ad7622e627bfab20522b40d61f1c9b88aa730853063a42b54cd54ab659e6dcac0ee39 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e796e0b3e5ea944da03fe762835193a6d55d191c4479eb5ffd1c9d2b3dddeca1000000000e80000000020000200000002c261c51071f1b642950636f911ac9c9a57bc76a2506ec6dc6bbbdc1120349fb9000000042e11681796e154c4e2fd7ae103252626613499a779f412f99b8386d14aecf930fb8ac55632087e8148f13dbf8c20410f13edee293aa17e0bbc9053502f723ca7eefba9a9362ea082df7786b37534589e84fcc61b7d6230f88914cda6b1c6500405cdbc67888bd99d334ec7df9bd6c5588f1732d364e2da3f3d78cf8e6a6cd33cdc0b6acdc6bae21e19082f4221ea6b2400000004e5f0c1a050c37fad8985c750be310119cb83f7598726f81d328111207d08cada3a0c60cf05db30ac0a628d6c836029e941ed2bfd8a73297e067ef5db46c5757 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1244 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ford-klub.eu | udp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| US | 8.8.8.8:53 | 1977966.sites.myregisteredsite.com | udp |
| US | 209.237.151.16:80 | 1977966.sites.myregisteredsite.com | tcp |
| US | 209.237.151.16:80 | 1977966.sites.myregisteredsite.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD88.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a46c3fff8c337d4bfcdc0a0415a8103 |
| SHA1 | 1246496d8aedfe4d3fff519fd17ac7932fb90902 |
| SHA256 | ac938d91d3a7a737a761c0316fc6c8964d152363078240cd7cd54b506e487f0e |
| SHA512 | 3bbb07bbc7746b7483cc14b50908da8f808dc3ea0c57a27aee6c393cf2e7425653c8b42150a79243d511dd638e086645d6b3c780d24af2086fb8184d80359167 |
C:\Users\Admin\AppData\Local\Temp\TarE4C.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae056e0627235221eb2814a3a0dfe5f6 |
| SHA1 | 4f2c512f265ecaf9660344c79a92afabf3d03cbc |
| SHA256 | e685980db8ed1525c6b7b059940c08829889bdc6ad80a48549d960ea0fddfe8b |
| SHA512 | 4e1dd4f7028b8f9fbf02ddac91d00a4f9760c17ed0b19aeebb5ea67189f500c6a429d57164fc9c3d3b2aeafb76f5cc907a03611af1a980ec7b6e1e47c04b42e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d4ce09f225c51c613966371ac12c11d |
| SHA1 | ba363b9e792e622314ff30dc1d26e853c83508cd |
| SHA256 | 912bc92f9f80a626b98eaa51124e197b2468c646558b2a057cc1c09e906497aa |
| SHA512 | 47584fcd9007a3388891f32307f6b16b77b0186f0e7608d1cb12e2366107d0abaa298b2f6189880c30f0021623098b642a31e6efc65cc7d045a3ffc4033efeec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fc22ee8dda8be30ba0af20c1d2e756d |
| SHA1 | a619d10e009746db0f6ac54030b649fe20ab765a |
| SHA256 | beae6c31d2fd86b57d587962138b2b192fd37cf1f3695ce643ce6b9f7ab4cb4f |
| SHA512 | 6f88f1b52fccd390bd607b9ced0c65c228bb851c18afa2bca3670db439828b502f67631d52664669934e2a07ff8a9ebefb79ea9030e46cf0e1a03ed1c4cc41bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7b311bfb0ccf3a16c3fedda7c4a285c |
| SHA1 | 45782b9cad216e1b67842250e39aa04ddc98da80 |
| SHA256 | 473f3ef3b580fe6e98aabc99485c93571de4f4484003df19a3bfe049d3d0713f |
| SHA512 | 549a65e0c52ae30b3944f9d595f9b850f82da87b472ea9792b08c9fffc138dbe09efc5c63528ff760d03a91e0d5745cebeeb3f3af6b1d500cb1a1c9f7c205173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 823633f7033ea984cbcd823fdbc934b2 |
| SHA1 | 0b4a594d2df2f6aafda6f5415e78e64267b3d86d |
| SHA256 | 0c77a926ff9405badb2f72e3d2116c74b41b0db43af744c9b61a89a8499fbf50 |
| SHA512 | 72ab1690ffac5de6bc2f38c92e62f27e33f68b738480af436e5b737596112720592e00bf3bb874bf620ac76e08aa5158e6b4bf35faee11bf00049a6fabceac7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4575fd2ac42e7ba5af945782b8a98736 |
| SHA1 | 10828b7eff7b1c61d3e59c9ca928a6e12a776939 |
| SHA256 | 820d2d7a9bbdbff8d5ae7a15c30c03ffaf9f60814ff4cf526e8a8df4d76b43bd |
| SHA512 | fb2ec4464ce3ba284ebbb5501c1a4a818b62a38172cfcd2009b07f4c80d78c4c97b07a28f46e3d03292a6dad36f06dfb9d1a7a2b1f669c6f6012f52c6b4c4a90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a08cf284b0f1779f5d875cecb06d3669 |
| SHA1 | bb4594b28e4a252a5e3caa32150cb8998750bc82 |
| SHA256 | 6fb6888bdb8d9b2b7438d4c013e105c67b663fb7d644efdf781551bc5ccc80fa |
| SHA512 | 037ca1c24c12adac3e98c49e9a6fb1f013377072fb886d2863f98c7ae5baebe6f9d8b49a0ab8654850af5e2193b7bb4aeb0387a32ece2d836b00ddfa1bc2376b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e32af4af9be19facef369772dbcd994 |
| SHA1 | baab760097ccac9c9557283d9c37a80cd7bc7da0 |
| SHA256 | b9494aaeeecd783bd0bcb445d3df245bf0672023acbd5ffe05f7f42d6056df0f |
| SHA512 | f4e9284db62fde029d89d82d934e55664722782718d3f1c086efd6c04b7b0456be322ffe74fb3a5a72ad7150e22295adb82740aad7175a7341b16928d68318f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9249289d88f09c0b4a2a3119c2ed295 |
| SHA1 | 7da1eb2b26030295c5cca7ae3dd5b21bcd8bb5d8 |
| SHA256 | f1d0dfd7e5227482aedc188a8a92db7c37b8cbd9bed1fb326355d73cfb7c50f5 |
| SHA512 | f249faa1b728748a86e14c4992221f96601e1825b040b13619ed42631bdae2c73e90298c0b58726ad4a1c921d044e3ebd4702913b1c7fd429a2a19b679f7f500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d0fca8f0043726ff03a3fde54979f4f |
| SHA1 | 6924d12f4cb8124005febeac39dcd6df1e99024a |
| SHA256 | 5bdfe17a96255fd7f0635a93e6592c2e8f58f16f3e5758db5ab4664593e32234 |
| SHA512 | c88cd7a7aa9d1fc83c44d3826075c11267c8d7c719d4c76fd0994b3c3e9b103a402abdbc70db5b2b0ed2b76fc6428767ea52a5190ec51590429b467c7e0c76b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f1dcb2ba23bcb509f0e94191ce66795 |
| SHA1 | 5a83f9c5a1a531649655c45ddfdfdeafb2c34ef4 |
| SHA256 | 3f9417dd243ae4a7752e29c452596e134fdf914323d68c0ca29843b2f5985d21 |
| SHA512 | 6ba658dd182cf8b02382f2991e190431102f35e22c049095a227f32518af6a827197abc8d40948ac7c16f8d7efb48e6fbe4d08b6683ace97d835eaaf54625d1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7079843982a4b1fc10e46293437da99c |
| SHA1 | 03d6ecdad9b502e81df0bdfcd41bf1cbf6767d75 |
| SHA256 | bb451f1ad77e9b9ad3b75da26186051c5ad7d2d7b324e73bdaa886a468b5dcea |
| SHA512 | 0d63bad68d0280716e12c660df17565ed0de394b282d9feaadeb5e224988b344aca7c7aef3066a9c95fd46fd485eca0b5251b64026d7363f00704e5fcd17da9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3a5c57f6580de8708e229db64a66c58 |
| SHA1 | 87d7572e3fa5faeb34efae3eca205c3132516055 |
| SHA256 | d4e9bd9ae6679f614699b2e7f5ba4f6778bf7248d8d6f99100944057c1d2ff89 |
| SHA512 | 80c2ca83c6695e46d5cdc3dd9c71f07686c59f7dbb87bc979de4f2ffc95157e501747448e1633fcec0810c5318532526755503e03d53252bafe45cd4eb999104 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 468c41da4361f878a3df8e13e9859a45 |
| SHA1 | 6f66a427aa9c62b1baf553914304954d340c5272 |
| SHA256 | 5372f682095c2867a4820b2e30f841ee58a6ff318e80f6d6be980c63e16b2609 |
| SHA512 | 71e1fb220ab36282921ca46fe7d3845c410417a85c8aea1543f7854c8bde66de4dd17e5a3ef64517c6504fe5c129e91803f3b89c826ea3ddde9437173fa8a3fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ae60169994c2eaf4cdbbe679d301dac |
| SHA1 | 42501df17ace5042e20218f6ddb83fe5249ba48e |
| SHA256 | 355e0283246302dcac2a956d9a5f554761ed24910a5c539978d892e3bbe5b049 |
| SHA512 | 62265a36061343f7fcc0aea649f26aa2e9da89a15be4b0314251491f5fbab57613cb41df65e630a7534b35bcb3c32b72def485645f4ca6e07e3466c7e5e134cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fef2d8b57fb71d42e87e431d5fe3d41 |
| SHA1 | 2980d28c05f8f7bc44f51e63d4cdeb04095d8c67 |
| SHA256 | 405a21aa3c79ca1bb14cd845b77c41bae21da8330ae735a01eac23baf8256d3a |
| SHA512 | c8bea46f59e3cca2d5aff24aef8b6049567a52586eff87085874119d86e5a43054e689fa7b4f40030623d0247ee230b21ea7a3841ed8d299b9a8a946755eb2cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8d8c64862893d16bf1b02164acf0dc4 |
| SHA1 | 8ee199d381c901d4952dc1a1237f838dbf9365df |
| SHA256 | f54b0504d53f467ecb4aa8d5450719abea956cae0ccfdb5fc55ed7d2fdaaface |
| SHA512 | 0e34b1f296e0410c5ba51a196db20b6a7a0ae80f9472478d0a96a98bd8f668911eefb4d680b4bdea7b9b2283ec17c64d23419d828c66def84e7b504f701cf89a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b29a969f92b51dc86cda8db2a38b221e |
| SHA1 | 4e00e458c03193c0f821d7fe5256b56289d01e2f |
| SHA256 | 56943c3c3897f156ba84238761b3187def6b425a9e0e03dad72d5f9e59c779f1 |
| SHA512 | 31d05164a26e7a2cde9519b478ec837c05b8feb898f65d294a6ccde90f751aea8d29c2e0ca13668194785c5e65f756b598cbb15a217e01ed8816c5dd32b276ab |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6da846f8,0x7ffa6da84708,0x7ffa6da84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,7054869371374974300,3625661838554933680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ford-klub.eu | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.ford-klub.eu | udp |
| US | 8.8.8.8:53 | www.ford-klub.eu | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
\??\pipe\LOCAL\crashpad_3368_IFFQNDAKWUXGOSNI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8e3ac90ce8176b916912bf3b41cee91 |
| SHA1 | 83be2808f4335099a14008459db158223c7a2a16 |
| SHA256 | f2dfa08de1573bf1efec6154eaad72aa656fd2e14997fab34e103871f638b65f |
| SHA512 | 8c7bee400b4b3a51d41000d2f111606e311f5467cbb4fa82cddc64fc4171651d94093884e735292c6b0e367c67997137db8b976d47cdcfde72a683829ea79adc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e0aecd5f5fc7565ecba4ea462b15d138 |
| SHA1 | 44d2daaf497eaeeaf32e9c07f79ae648b22735e4 |
| SHA256 | 36cd495fbad074b4b0347c354e0d8e0f958ef31fa918fc8ef9aed7d89b41bd04 |
| SHA512 | 9e07cecb5ff625dacad2036483c14628e94bd5cf285c3f1e7aeec34e86e60a7485adfeff9babde6f995f7480aa7ed13804d7b470624da40f520aceb8db9d97c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | daab6675500b33fc885fdde62ed265d6 |
| SHA1 | 5bca2223a0b0e906fe7cdad0704c604a10a7bbf7 |
| SHA256 | d0b420cca9832871dd0b2d3fe2f155baf47c3bf89e38437a8727a590a01efadb |
| SHA512 | 12376aa34ab53ebd963b5012c295674d8b9f9072c33fdefc45c4ce8aee18d65f5a72f4aa1d0d6c3d68010c077fa0890cd9afff4b32806b274243bd1d4be38331 |