Analysis Overview
SHA256
1fb3df3d18b1c63a832880ecf0ca04571755435283da2ce91e29763469cca504
Threat Level: No (potentially) malicious behavior was detected
The file a22dc2e05ccd630a903da8ebcd2f2e03_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:23
Platform
win7-20240220-en
Max time kernel
132s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dcef878aa199e64e9e871b6fd9b0b93700000000020000000000106600000001000020000000f9857a2afa0a7c4709c8d66c63c92b1ac0a2feeacbec4b030bad898e01ede473000000000e80000000020000200000003dc865571bb669eb285f272b6fea612827d0c0124021d58691086e6bb1394e042000000089b9993316a43c82e59a1ce625dc6c59620facc1e9108e9f0c295eb720c3566740000000cece90fd8e4130524869bc0b132b77d1a2f24f07e8d56d6b4dffd33d75896019a436b3da723e12f884157fbc0cd7d3e115385eb22138bfd4b84cc58727e260f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39390A71-28F9-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7051eb0d06bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dcef878aa199e64e9e871b6fd9b0b937000000000200000000001066000000010000200000000224444b5ff1c3ce5d6f8ca98c38d24aa54798299dfe9cbf5ee08e2be1c78bf1000000000e800000000200002000000072fa13ad5bb1fe4eae0d13fb171374264f8c4a5bad2208c8b811d2469e4b8704900000001e613b9879580e7e3df0f3c13806aa1ae9d08108c737bbf05174aa514c0fe8f19edcdcccd01ef707f644abfc5603bf143c1afe21534e678f5ea337c58d82f52d356b77c9134e58f56cf07c80afa08a852bb81e1440e7a8bfd0362931d9ff39e8667b8ef4d68015f20c1f37d04defbcc7d80b71a3a7fba1d7e284d31a3e8d6aea6964ed78dc8f0d93a1cc9e2a3db1d5c340000000ea653ec1272244a73be61a38e14bf768748becbbb8132d779e98f757b8edd4902b28ca5bc238046cb37579e824d21c4e079e7debdc944c3da78adaba29ce54ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385502" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22dc2e05ccd630a903da8ebcd2f2e03_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1893.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1993.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47e60b49eaca14b113d2732c8db7bc7c |
| SHA1 | a96204f3e94ef30ff655c578cb4b51a2799e2a05 |
| SHA256 | e84de4e37ad145209a4d08f992f3f88eb2d76b2aaf30007f566201f533923ae9 |
| SHA512 | 2b843c4e788d0a8420e77e94a4d595b64665f45ce41c1981645e66d88b94a4eb874a2edf77075feb110b057e6439e01d0fccb2d42836dc6e14b1ca75cdb2682a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 888b24fca1790576655afa1a9c253434 |
| SHA1 | 659b5d41669c1686cbd55ca9c0339a40d17f7bcc |
| SHA256 | d7f9add06566edc20172b704b459d960266e3585721e7c435dbce969c86df955 |
| SHA512 | 6825bc39f8db674b699eb37880df9b991949596c20606d422b9715b23aa7d36b2c8c50a44340e5c89ac25e5cde45249887043acc09f0f564e03a9d87bbeec5ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 935840ae8475b3abdbecf8a10fa3d405 |
| SHA1 | 231f51b11343400444cc3f77759926033b4a17a3 |
| SHA256 | 3e3674adb507345bfe08deb940294ea6d109760bfd749db0d6cd4df2f6e4ca91 |
| SHA512 | 89a53d98d67bcc96c626f0bed62c4a21b5e9e6a0ea9482993593d2bdacf2f31212ff13cf9f3aad2d58ab61bb4bdb608899540d826af5fb76d41fd4296816b228 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5a646903423615000675f6aa5b45001 |
| SHA1 | e4cb7be60ad9e995f157446a701ba7aa950ab68f |
| SHA256 | aa52e281b9ba61a0e8113816cec242baf6b71600e0cb037eaf54d40664b16f29 |
| SHA512 | fc0c4e663e457cfb003547219344f0aba60b8051364168d625431dc2059ab4fde655e6dea3130bf1b38bdcdb4d37e4923fd457ef0e0b429b7449fb92e4c7f04d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdc45fab33b98d580c67e86aefb8faa3 |
| SHA1 | 597a4c5becbb9430ebd6986a25d78fa26e137c70 |
| SHA256 | 037cabe4bf7985cd538b1f5d9a5b4b146a3588565aaac7c3d4fcff8dd7c7cba2 |
| SHA512 | 0eca0263e155a2b38e721694d7edc78ed2569d07fc96b9e733b2793069a01d3b1fef697819c8f2c9e70c9f7bc521a7e8bf57a3ada0aff6b6a117d3c2a67f5b9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51feaa89f361f3955f86fd54cb297406 |
| SHA1 | 5e617b3639ac8d03a5067abc8ed92aeb09d0b388 |
| SHA256 | 957d3810ef7ff2ef3e81e01d1d6e28469003a6e2b944a0e638e267419e50aab5 |
| SHA512 | 970d4420d17a8f3868bf74571d3de7714e471aa263c6a45b142fc9e1c9061fac881d4989d9abf7f0f7e8813135cf0f40aa25a8aae9b6db59cae7416d8f0048c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 726ffaf4f2aa06236a5e789be113b966 |
| SHA1 | 0af70115b075bb9a4fc904b1da386acd14a4962e |
| SHA256 | fa7974c839bf0f4e042d817b528ad15f8921b48d5d467e405b61b1da1c478aa1 |
| SHA512 | 99dcb8b88127584067319da38a159bf934bc290e79c15e9306ac741497833208818a94f31ac4377ca42a344f157a7dacd26bbfc75629ca04435bb2fddd891faa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80569543b422d7a8ea8c5cff0244b2e6 |
| SHA1 | 225ab19c0aff22d8cb0359e7d2ed015607b54371 |
| SHA256 | 775a9039d9c0c935bea7c90341646e7e1df3b57bcfdbc7b003c2f5c048100695 |
| SHA512 | 4354307e752b9df1bce6abe195c3b68a13ea66b1938c9bbfa606abc3f539f95e79f386de2dc91a06ac59492630961a7361d0a6b510e88a0ba6f106d448159aba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c28a6a39832d38054f6ddde3b5125c27 |
| SHA1 | bc3ef12e6c065bea59f4f93bedaf1db41beb5615 |
| SHA256 | bb8f37119622ffc3913c937fb33d5a8eae17d9cfcffb4dab18968a349893586f |
| SHA512 | aab252bae496d775d709698192dabd1dedaa1d9376fd207a859074583e36d5ffee3c250087d1965527507d5a9d66308f66ade389e14ea4167d88f03ac1f51d70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79509fb406c2e06f3e70ea478a41e3b3 |
| SHA1 | a1098cf124173fb651bc2964057a96bd5e5ea0ea |
| SHA256 | ca9a60e47435455650b18d779532ca75d5112d230b4a78b1e4a9e6eb3cd5649a |
| SHA512 | 6d7ec395b09cfae363295a352f1260e40f6fbee180a420e25bdd79205bf351ee9f250a2962b594872e2fcc9727d8e8accb23a1318dcacb60505200b5d604e960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea55a40ca002a0f381d816abe20958b7 |
| SHA1 | e937fc99443283e79df0eae48c86499387388602 |
| SHA256 | 42847671383d03970837b8fd925a7c04a46c7da387c6ed28e459150128c644ef |
| SHA512 | 8201f8c50e03da5713400be0c94906ebd91e148a29cc09cbac6ecf25aa2a9fe5f8df30420758142ec89546f3ebdc8458bfe52d78de2f6fcff9d5c0038591155a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2270a82fcb0a0edf32a15036a4ede86 |
| SHA1 | cead062b5259305cd88e566b7efd389980c9d1f6 |
| SHA256 | 109916d1fc792f40ca7132ba259e98f7b787a197bccc572ec581c6e2e393c0d8 |
| SHA512 | 1fe7550898ec7fc5387fbf527d6fec1be2f46ba6e469ad361aa3e587bbd621ec79b938c778beca16bae9c910e25d371dcc2a992a3866f98356309b1f624a9ca4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cc4fe3c1890adf0615b25a20d41fed1 |
| SHA1 | 78a58f91c0934599f6a74d13852e6705ce9172c5 |
| SHA256 | 05f4e65895e90c332511a49e7f6debff4d7d49958a4d6cc7e93f6be71321b839 |
| SHA512 | b55431e3abc6f946ee16080a1e42d390fb5e3f32654ef8cdd94eb298516ecc13f1b1152d06e3ba07f785ef5cb63b0a34a4679e35378ce8243d4c3e7799208ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 537ca9a1ed8985f5b127abac934fb0c1 |
| SHA1 | 7c65906ceab56eb6260734f219004694334d37e7 |
| SHA256 | 949f4654207e0888e200045e95e862496ae16827971dc75ac33bf1a4525151a8 |
| SHA512 | 1fb86aecf61877b26b628254409036d3019c8fc99dca0b6704ecefd272f2aa189b78d57410a3aecf276351ecac5d8bb97b8f875631423f3ec229942498176b72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce78765f62ff5da4519974c726220b40 |
| SHA1 | d493519430a2135a0ae38a4cb1ce218bfd41d95f |
| SHA256 | 1729ca69c0653ba93cbb7c642cbf3fc92d83eded8abff0a237e2d4d7613e9f02 |
| SHA512 | 56258a99f5675e1802c6c6034d6ef087f6fcb294e37f85f7be7b27415fe33d3fd749429efd58bc0220cba3b8a339734d2dc28acb2aa3cbed9f1a66b934d30baa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39dbd99e40661d58ef89bb3f244ce647 |
| SHA1 | 22810da48fe694021a55cefd711264a23650370e |
| SHA256 | 86b430aa5206124b8bda20823f8432a9389cec526ab3b4f19de82525748709d6 |
| SHA512 | 7f5934d0385118e8f4072add07c239cb8b858df41bc00113b7a1c06dfae47cdd133669fc1d15d19473e493a75a0f41748d1b9e2e5c0585b536ec64c3fcaa7477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d210a55bff53921d07cba064ac6e21c |
| SHA1 | ec40a00a08a9efcef7d522b24a97ce2d6362fe3f |
| SHA256 | e2b3905d44b79b47ebfdff486986fe597a5cd04c7ae0f186f7ec9528b4aa3594 |
| SHA512 | 8ff6c25e457d6836f70a7e29e859c7fec84c7e5fb1b5999a594d78f4bce7ee1ca016705e5d5461c2f7322451571fbf63183eabb8c8ec96271e5e7b28ceb94503 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84f419e41b1ceacaa9695626c562f221 |
| SHA1 | d271a7192b1583f530d6b456a7ec529910d8af57 |
| SHA256 | c8397ae025e248d9295109ede140cee18ac45115c993e2c32069bad173f7da51 |
| SHA512 | 6c46c3032d11a49caf0149426b0acef034f708752ba3479ec752748bae3fdf603600cb86d4f53bc5fa1fd7d050a6bc5eff287bedc198fe4015eb0de288bdc964 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b5e75bd623ead85e2ee9919570f7c14 |
| SHA1 | 757f8c241a5c21d8d95d599566ef6cda870f05de |
| SHA256 | 61c870d6992f5989874c31b311e9980a9df364b68e7c75515dc7f0537bb86156 |
| SHA512 | a687d6329d7176310224d0f842010599428cb3e81f404894a34a3e4b932ec1d07fdc2f992bb83d5ce234d56eda51a302e749963cd09b08f0ee5744b1c7853317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d149d6e0b160d6d34d299b45f4eec56c |
| SHA1 | c180ecf3dd12a75c2221e7a25cdc01f7e0afc062 |
| SHA256 | 05e56c596b1e34a6d3651bccfc227a6fab47f8774fbcefaa750714c375d80df0 |
| SHA512 | 96743ca20b5dc17b7348b4e8048e7be82843794752cd26035348a0053f39d95e20b8b3dd4c32105004198f233e45d576b7b01150c6536f905118741f85fef69d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4026ae3f2dbd078ebf93bbd852be7ca3 |
| SHA1 | ee920bfd768afff3ca4d3c614199ce3553fb8d02 |
| SHA256 | 405e4f8cadfb5e7f985d8a468dff6162a448f6cee2ad8d20c26dbef9d9e27070 |
| SHA512 | 33e14b4ad2f7a050a1cc99cc95808fd01f77a75e2b45f4106860b9afc601e604bad54c2b444971e315eefeb45038a459faf1116959f3d04dba13945395af64ec |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:23
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22dc2e05ccd630a903da8ebcd2f2e03_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa02554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13786074129203667325,2517800160886064591,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2968 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| GB | 2.18.66.75:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 75.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4260_GSBDZMFXQTJBNLAA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3452730c817224208c45b7a27399ecd2 |
| SHA1 | c07bc99b7691398e4fb61f7a4c201162bbd1b578 |
| SHA256 | 2c2d9e51599f3394e6686ef3992280804591e89ab8f6ae59d4a829a0cb468666 |
| SHA512 | b6fbb8aa6180ea3e00200457c7fdac837db610db9a2745f80edb7d6e4bc76d3cadddbe886c39435e831f9745d5ba6d8a6d14783eb3cdffa3c497cd068d541b12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cb42d6f99d0a35d22af52805ef4fe027 |
| SHA1 | b6cb7513506394c6bfc73798b9e2b1a74fb8f487 |
| SHA256 | a2fbcc342e10f4a6e6ab42f98632b1ba0311bfe12ef77c9eb8150b8b3a82015d |
| SHA512 | 603de6276d31510c6fedbfef57fbd94479c9a2f2ac69da4df6a64cef30cb3e5e47459b28bd7dfc492262fd5a109f81b0c0a08071cbd33aab8d4c1a9a701c1ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e021ddd2528d36ca1a86938c591b9d82 |
| SHA1 | a758401c35235563a7ccfe486a9204ca16c0c1da |
| SHA256 | 9a6eac0f23cd0c781176b3fcf75a86eae185860b3d370f902ef4ce7edf843b47 |
| SHA512 | bbcef4bfab2d28aba9937e1748a681a407b162fe5d70baf11efc256ce129081ebb983f36353897f24b30c8571926d4f5e77395a79e23720e8c16edddadf905e5 |