Analysis Overview
SHA256
e4e1cb11821bc30abc09de6b34e10477555ed6d1578215b6b99bea019709e42d
Threat Level: No (potentially) malicious behavior was detected
The file a22d7decc81eaab51746b39e7752cff4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:22
Platform
win7-20240611-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385494" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000047ba048956f3b866a103a9f85838fc0d8af995b0f0557b9306e5d3e767b825f9000000000e8000000002000020000000d903ebeaed075b7b91db78ef5fe03235eb5dc622616f453155339f05f8f165d820000000991a60313499bac708dac48005a6a16e9100a236183bb39cf0eb9abf8b9b2de5400000006eec957c112183088dd190833d84ecf2a387376f1b3ad2371eeaf5d505d9e709fe48345f127a8a80041f1fb3a5d6363976ec378e13c70ce7efca68c247848e8a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20443e0906bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32D92CA1-28F9-11EF-AAC6-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c9eeffd24dd5d3e97df8d3a3904951011c83b2612501cd155eb2a552e16aa6aa000000000e8000000002000020000000821224d1b4e0d6e32d18f277a0ba0f891948fd80433f05ded71b564f2fa4976b90000000b9fe6240341b90d49e2a45a674f4c8cc05c74d19160033dc9c4e233dec29cf98a1e25fd452caca43a3e160193c25cb2e179c06ec4257e2a7f4aedb59689e60c82fb820d30c3d14c11df65c362332c11120cd204aa60124dfeb4aabf5d3ed2610d47a8f688a85e50e2479bec237820a4934101a68e8d80639149c49fa7940d16430b16e0bacf33076d762d59068e3e6c840000000c32b9cc06eff0597d28a37cff5eb29c79607090922cde198ca575cba98f92dc58ff5c4cfc3e7a580c4ba44b7f8a7786535eed5754cc69f99ad4e1a7ad5cee54a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2352 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d7decc81eaab51746b39e7752cff4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | shop14.512designs.com | udp |
| US | 8.8.8.8:53 | www.fuchs-heizung.de | udp |
| DE | 193.141.3.71:80 | www.fuchs-heizung.de | tcp |
| DE | 193.141.3.71:80 | www.fuchs-heizung.de | tcp |
| US | 8.8.8.8:53 | superheroinelinks.com | udp |
| LT | 93.115.28.104:80 | superheroinelinks.com | tcp |
| LT | 93.115.28.104:80 | superheroinelinks.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab845D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar859B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ccbe74fccae119e5959923196e23e06 |
| SHA1 | de96dd0da25173faacee1e8a5746d64251e591b3 |
| SHA256 | 4910005d5cbd36d4310cccfd5088c263f8b12109cc0ca48127b94093323420c2 |
| SHA512 | bf10f39ff364b96980e25f5168320f7d2e8ba121cf9d533a4a56c2c339854540e934cf52a2e9aacbff388898413a83decc9cccc080391055fd1125def845e283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f0b3c30ec0311dfd60025dcd50770a3 |
| SHA1 | 320059800ca72c56d152c3183850290c2c114550 |
| SHA256 | f33c335d2dcd6af14940f39faa3e8264541f9236283e15d5243a85530354d5e2 |
| SHA512 | e45f95b001c37310fde61dedb3ba0554f25579622d48f341948b96cc78c82fa5701c7953aaf6e2917f4aa6de8aebdf298a5f75c9844e8adef2ae4f532c15b16b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d07b737344e1ca13edf02af897713c5a |
| SHA1 | 37253767ba680663c99a0202a606ac21ef199644 |
| SHA256 | dc469fa4dac88e9eefa4f884587e826a0586146e36e782d9c47479e35fca3973 |
| SHA512 | 18fb1d53f9243cf908709a09db2e0fa5b718ff0ab4cfb113b7ac22ee436622fa3d2d6f1f996521d0a7537b2cad543e0b5a5c29371af55f99ec8220188f367bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eefe8479a8b4f75d9cda09bc91ce76e3 |
| SHA1 | 7e2817e03cf3750aaf6328a65b8eeebd4d40d85c |
| SHA256 | 0a15e55e01c14d7c4a3d57b75bf6c71ef9839631461797342330da59c87c4721 |
| SHA512 | 859bbfdc54a77b53497a032e6a157bc5de37fd325e3dbc107e42a2eec2c06ac5406ea0e606ffafa3ef0b9fcee5b5249a0f9a6ef58969d61710f9d24394ab8475 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9976844a3ba1d47edb7e94d83c71dae |
| SHA1 | bec654195307e8ff44e129ee7f0b90420a8a7d8b |
| SHA256 | 733c1c9fb0ea656cd640f3ef9449c7e0f802e2bb80d3d743751586ac3fefe37f |
| SHA512 | 506c09384daaa94644c8d16743910990b8443ec3efa559394558996d50d70cdf9ea5b8572a08947a5a4e770df1018d77731cccae04c0a4fdbc9f5a0576201b60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e10e1b43449d62e9da680bb4309e6084 |
| SHA1 | b9e9b8b46c4c77468bdb5d6e6ef874a0444e7f3b |
| SHA256 | 9af3ecdadad7aee44562bd4288702e2fe4d9f1c602289f0782277725de80e673 |
| SHA512 | 86d64aa557853ad9bdc4030eecde343d816de079f9ff03e2467b45d874c3c9e815d3fa3e79323c21bfc13bff2e0ea96c8756f2d57e333df560928067b169b195 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a2413a92881193e27e6e4613df1a853 |
| SHA1 | 2f26973908e642011621d8182ff294f6aab95d87 |
| SHA256 | 7d7f0ad2973bc35a56185f376db619d70c138c2bc242c00015125b8f4d0a2430 |
| SHA512 | 3b1b37d41257c10b3f5756e4131108ab44727299cd25ce48968cf5855461fdfbed17ab05a0372e8c3c7c3ed86627054888342ff8ff131ab9315465c94340f6e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9a98157b96a2799792cf102df75e972 |
| SHA1 | b702cd52f4c9f406c01ee9165df3467a469d2b6a |
| SHA256 | 8cbf70a9442da0b4f4bc06b40bacb615c87a0626aed11896b256b8e49651be95 |
| SHA512 | a9e09b0e9d3b7cf87c39b5acafe2b2fab5270b6485b46ab2594b76a8f8f38d295d58c538843516e5808718af7328d51f1875cde1baa6187514274c67a2f52336 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854e2352a907abc53b85290fb11473bf |
| SHA1 | f835c6842e935021655e98158c989a5710371750 |
| SHA256 | 50d5c14ae94b915cd694e3b41f532f12a0d8f32afbfedac045057c04435e4be7 |
| SHA512 | 9d0e796866f08393ae4c8fe5e2ca651aa335b325129eae091d7c68d603879ff7897e4946523b29487376cb3773707d87ef9de8d23cc7011a9a40ab9f2278b112 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b39a6b4ac0cd90dcd6a0eef12302b3c |
| SHA1 | f2e4b63a2286bcc4b169e3998b782a29405b80cc |
| SHA256 | 69354a7b1fc44a0d55983c06d8f6427c7eda369d4006483ed9941efe1b8971cf |
| SHA512 | e832a20422c1e8d86afdd5125798c28c86417c81907b162ecc5bcbe1c8a36e40054e6ec0ff387eb1d0ef88ce669f286c8fa474b1686e3107e5e001f93aba45ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9484a81e8425345b6ccf54162c43b8f8 |
| SHA1 | 5a41ea1b5b9398f26847413debda32dbbff8e881 |
| SHA256 | dbc6571a6bb5a4b8ed3f5af04013e1b74ae704b1fbdb554515b2ef06e787b684 |
| SHA512 | 054fe40465a9ec6d80375f7deab5559fe22b82949c609ed437b14680689d14448f8ebb686b5cdac80fba227d2a5ef01106061e1232cb32c4687f1df9417ea6f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e8d156f55305ede6a40e3c151b68ff |
| SHA1 | 56ebb15c0a19a3a4a22debb92253d0a8caf3de34 |
| SHA256 | 4db10e334da59f179801c1af49d524aa3d048b142a2d89de4802a7a4f2cf8be5 |
| SHA512 | 23fc2631875985d1248510c0d8736e135c45929b0ff8fb656436077269c0362e2d41a917b546a6352eac944e507c51c02a1552ea34ad27f54542312b8cc3378f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a1a3f1c11ac1063c9e8d30bc6c7f023 |
| SHA1 | e8617b1eb6c661e038d0c0a4371c18491c590fb1 |
| SHA256 | fe1b0d5c826e6f94770945753084bf62d64c7b0742944129f5fd2825628615b0 |
| SHA512 | 37472f062f8cc4ed2d8f197f8dfa4e46ec7b3023f23f3a5d3e67741e6d595fcc446bf4c67a7196acd05b3e4067114a77ad928243ec470feff8f8b0a1a2894dca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f128567ab882fd0a13ad96cba91b704 |
| SHA1 | 3f66b6c22d5ca1162570a2e004e2fd82e4a54d80 |
| SHA256 | ee62fda8313d3f2805caa006bd9dbb62901ef1dd1afdb293a64901b7940fecf2 |
| SHA512 | 2028d93c2bdd82c7ab71ec7ab6124aa60c0485855b9ffc17ca7419c11b8e2efb2befccbc02a24ce4cb9b26e47fff56cf9571513eab8dadc1e353bfebd61dd2f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b684ffa91113c117ccade58d97dd15 |
| SHA1 | d63d9e594adb5c044f3b68b447c247a0a0aa1ec5 |
| SHA256 | 993623efa9340a864d0085be8ba56cfdc7ecb5b21f88a1047d47539b5656cb60 |
| SHA512 | c251520f6ffe346aff34f0813dbed2b3719d19ac9e6d61b467a32b894445c45d7b2201806b5c8b2c439fbe939f6551d640132948565452535cf5f83694e3982a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52e481bf091c243cc23132e5944a965a |
| SHA1 | d9db03b52cf8db27ab4cbbddfb9279c4e66591a0 |
| SHA256 | d839b76da785a640ca094c8dbe8d021e7ce71a4add32e3d287d33578c1fc5b17 |
| SHA512 | 1f0ec56a1eb47b8771643192e6b2c0326aa04ced148d620546a9f72202ca13fbb3dc3bf9f2b9c7932480625e234f7f6905a3389abb70dbc840ce721fbf81ea3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32864ac8d7a6b5d38781397d01d34c90 |
| SHA1 | 3b844d78aef6fba7c4b2aae4e44219d680233922 |
| SHA256 | 21143f5b768493197207fa3ca1e0f6c61a50b5879b95f2fb6e5b756f8ecf7173 |
| SHA512 | c09a29a4316a86692140133829d4f928526932f301f26f90466b8d3582742d0b9287bb5a9c3a67eabacab40e37647a230a0a04220120b314857faa224df64728 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:22
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d7decc81eaab51746b39e7752cff4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a8ac46f8,0x7ff9a8ac4708,0x7ff9a8ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3178402014022448583,14941106726436030967,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3456 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | shop14.512designs.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | shop14.512designs.com | udp |
| US | 8.8.8.8:53 | shop14.512designs.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4952_XAXHLVARTTKXSSHQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5dfba1c954a9727d3c44f341b6ba3fc2 |
| SHA1 | f999bbf6fbc171606c5f783987e3fad4652998c7 |
| SHA256 | fd1eb303ab997a471b06c8118b441baf6af6e3211e24950ad075fc192ef4e596 |
| SHA512 | d1ef9519600bca59413f075b7c07605f4718d63e4ad3a77d4d92c79f8afdba9856c4c0569d4149bf349dfb9923eb28b040c362fd5f55c5bd2e2cd47ae1f8eb3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3239971b0bfa019711bc423e727cd5c9 |
| SHA1 | 6bf67818246d2ff24011ac39f90506697cfb1f50 |
| SHA256 | f2f02e80d772acdb90fb3a423bb6f5c87ccd691da143f2f8c00cf87cf8727790 |
| SHA512 | 6d4fa4bd29e6877d99383d61a96f20729ac311099f1bbff580f08dfeefab449e62de697dc546d2da0ca700a5f85aed42523981bb35f760be474c809fa6fa2296 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38529baf08560e4ee1687aa4278b0114 |
| SHA1 | ec453378cb85163ae288b3420e0300d05a2012dc |
| SHA256 | f746bec02291ed41ca41174d9c0688922ddcff5d800641b9c3690efc0041ef49 |
| SHA512 | 6113e273a1319e98ee03bfe5ddfc9caf4e8bd73cd821567f2da1411640f5f81cdd24cdd7ff7e46ac0bf0f611719bd6dc3fc6fb3fcba09fa95170cec9a0f759db |