Analysis Overview
SHA256
40f9e73c11f71121bee44541f3d9ce54db71387ccdef62bebadc29e1b9f2f843
Threat Level: No (potentially) malicious behavior was detected
The file a22dcca8a6093a00101156882f769301_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:23
Platform
win7-20240221-en
Max time kernel
119s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae137e0c381912458d6bea0683811b8e00000000020000000000106600000001000020000000549eb498887d0106483a7c8a3110d1ec04b5c11e888cd38a7951963d3c0c3117000000000e8000000002000020000000ae931f08419c21329af4c1c530b4f1262d299e1bcc19b94eadfe31b45e9460282000000062300c564465e8b55d4eaf566c36702a12762b73aabd7fac72bb4470fc1b890c40000000ed9993babf2df4e379393c473cdd38caabe5af9fe5385770739b8e0c5ef368508b9072f79791db8970a2e72ef8f8b3c3df34727f300eea9747479922f534d847 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A7470A1-28F9-11EF-8442-DE62917EBCA6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae137e0c381912458d6bea0683811b8e0000000002000000000010660000000100002000000054838f6f9084a60af4b636cb93239e27c44e976d1918be8bbc1f390ca5bbed81000000000e8000000002000020000000f89fd618654c627826c292ad98ec03a757550735d6e811f76df1b7c75bd3208b9000000034ec43fc8b713fc2b94046b1e5901de6e02b01431de82a5a6f25b2da03935b3f615f8d5a5b855194cabc6906ef34a2aaa58bd8ce4c13b2e543b6b8d4b86f845524833d0ac8e2a1c895e7f68aa27799ecd31abb30899f8789232b047e67d2a04cf4342b520e1471521466bc5572b9c7304cefd8d5524170187ec4e36717d73496c6c9a248125de58d6c842e671df0a2e340000000244f83484d7d9c7f16b296cc01672b6fedeadbc5747fd380056fedd326374c8295030360cc7dc5516ea3f624946b9e55056ad4331e3b6f2c11ad47b3dbd3652f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a0150f06bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385504" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2752 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2752 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2752 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2752 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22dcca8a6093a00101156882f769301_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mobilegallery.in | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3B6C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3C8E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 565a90e1ef7af6b42cfd40cac26b53d6 |
| SHA1 | 2f9a094a77ec35a00f43d0a96ccbf1106e6c8b27 |
| SHA256 | 3c08e054ea6af44d5e0cf1d0a7d0080df98c1f182ce844ceb53c68526df8c664 |
| SHA512 | 377e744ff0fdafff25cfbfcd6009a30c8a1b2cd0fdd337cd49937070099298e1bcb80445277b81f37645f6649cf0c210b80c5d26c9e3850e19f07cdf7eb5d4dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 573f6fd80e442cba58423343440328d9 |
| SHA1 | 86372d29785731c791bd7870a514047674b7f588 |
| SHA256 | f64de27fbedd9a71f7af184c0ca4ed20a412243015dfb0e927b9c43eb288688d |
| SHA512 | f47b4fc3a0a1b6dfd79f6186672efc0b1a872683a9af2704420d4f667935d723570214c35053071c7a736ab741e8c8fbd3eb2ff13bf5b00ea382e32b04ceb135 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0343f1e992e0e0841f9b1fff665123c |
| SHA1 | bde18770a25c16166cc8d209b83edbe6b9dddb40 |
| SHA256 | 432346891b8863bbe7eb89ed529665738786ac18211a7caf1f4f4bb975ed2794 |
| SHA512 | 0fcd56d405b5acc561aa0ab1753f46e855bbcf0e7a0b26de34a780bd5d66e11bd7cacbf03ba660d648b1d5169f42cf7d63e29c868b775f65cfb2571bc588a0c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3ac816a8dae4eb049247fa807db1bcb |
| SHA1 | 8bbbb960f4447ae61171728ce4c33ac0550bf9e3 |
| SHA256 | 935fc88589c93ff0e0eaa30facd56af37bb5ea2343ba00035d73e092a216ccce |
| SHA512 | 0a93bc236e24c0398a4ab82cfc4b131e7f10cb22694ece40f0326c3f3c77403c86250f203ad649197b98fe448165b78122c59ab7da44c1bfd6abd569a5331c98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d981771d163af48e4100d5c357ff12da |
| SHA1 | b836741ac7b53bf921813d14e0b25b537f125eea |
| SHA256 | 69b796ef1e47d21e98d5534753e0ad90129043984a1b389913ee603b3aecf2b3 |
| SHA512 | 497fda773ac03dd7cefe0044b62179aef9f952b03ec9888821dd26537bc6c73447ec40b0cf5e447fd2c61dd60a1e77f2cb183560eb4c7882e1d403c1e4c92b9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 043a8f149084dc59fd40881ce38fa961 |
| SHA1 | 25eb0f30ca141eae09a858b4312a14670d30d816 |
| SHA256 | 1ce21718e28373928fbaee017deb2f0e5965848e390b3d224e810babc120aad7 |
| SHA512 | eca0cf931628413a6711c9bcc7b03c14add38b25f783ec9866b9edc424e81fabe82199a9fcc6a116531994cb62297abbdfbf4e60a37f809ff2057b49249d6d33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 834552ae16617a5d436b134d346c0495 |
| SHA1 | 135a0fdb083e10ff811dc679856b3fd877700fdc |
| SHA256 | 178b295998483ff35f225e9b6faa3cb3f35531e3324186feb6f4bdac86e80aae |
| SHA512 | 36b1446dd3964b60e8eb5805b64251114c879f0816c9ba835cff58539eaa9f66e0584b4b5f3ebf7cf37f5603a3c09bb38c7d7f2ffa57edcd727d0ba72ceae48c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2df29259744ae5147c4115d3fbabda2 |
| SHA1 | 58505a66a798c82a8560f3f39199da843bbb771f |
| SHA256 | 053039c554bc44a0f6f5d792c8784b9ef78672e140261e449e4beebf0c8594f5 |
| SHA512 | 8a3d642a513a17c57f5ed929f12a2bb28ec29e9b652742824124e62d9d97693390bea27f278555e31cbfe694447aa2db5abb22d1f69a7a5de5462e2205453e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6df310613e544f5c9906f10481c61349 |
| SHA1 | cd482b84f8056fe2c019c01e38d831bf6a8df6f8 |
| SHA256 | 35e49af290a6c6121cd78b52d0996f9ff977781e7e7b8cf39d8fe7a389617cec |
| SHA512 | 86db2637fd7c81de0be7bfce0ea99a6ff5bcc0285dd9e2c0696fb4c3dd237d7381ff24804ac01e2a8f457a4f51d6fb9607b6e5c13e2cb7a33c5f14455fa8a6d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f9209c103704645e078de25ac59bf4a |
| SHA1 | 29faa2629cb19bcc69335c43f4fe4bb73eb4a1d9 |
| SHA256 | 67807996c64a87a51d00b07a90e885caccdcff4c2d85af2ecae864b25b094a96 |
| SHA512 | df14f3b76fecd9efa0952d48f751da5e66bd8af7758de01d52ae3b02b7c8f698e5e7161588728e0543f5d54f667dc58a861bb8ea354af36b3ef90902775af0be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f65950a3ece1cfbd6c12c85cd636255 |
| SHA1 | e9a5df6beb5b649315695447f4842acb19f547db |
| SHA256 | 3481b0e7b544326fed29c7a13e63ca9f378c735896c191ca4e845d811782c501 |
| SHA512 | ebbc4ed2aea4eb85eefcecd70d2c6910077d3e59910dc87f50528658cc48062b833ff7a661bea5ec1ed34ff4317a88f2510514bd4dc5bc7911e71454556cc980 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76cfa49e4bd4b212b09f91b43fd027ad |
| SHA1 | f3377e1bd44a4063430140499e4c65ea83352c65 |
| SHA256 | b859993c73fb874766fb116942d2d5beabe1edc335854f5b931b0f51f18239ac |
| SHA512 | 4acb54717e09b19cfe69e9885c4716fa687d26cd5ce19ccec87d475a5ae6415b61ddcc1cae281bcf2af930bba9b54e8ab6c98bd6caf7ca55b3b24720dd1b350c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b7c63af5626d9c18a66c36edddb0424 |
| SHA1 | 32d6dbdcb9bff7faefed48454ba58d5f068f1b3a |
| SHA256 | ff984db0af66e68a8a9f78006a898ee50a36ed7d5e81a1ff60a081caf2daa60e |
| SHA512 | 2e3352c8063be7efb9440972df008f6d7b4da5fc72ada49aa6e3a67fa4fb96b7d8f8591ab44ae84743ca4ee95c8313e69fae111565efbbd4ad93e29a8047f620 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98401b88259f7b32467ced73635bf311 |
| SHA1 | 1dbea7e10c4e300c8671d44cc374e3bf22ca2bd4 |
| SHA256 | f741668afb97bb762eebc8441edc183c572e758e5f09ff28f0efcd279fa00b79 |
| SHA512 | 23156f18d0e3e920384e59707d9dd6719306a0de68d4783796fe1ef1db0a4220521de94856f6448ddf821059a6fbdeeb048a568a78407afd6e0eb9ac3e4796a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed1141a6a1093bc194930a2f7b9155d4 |
| SHA1 | 112fab51b2e33fdc5ad60a0e60e4ffb4e27ce8e8 |
| SHA256 | 6fa4f53d286defe7a6f4eb0ff5764e6675c406eb4d4879caec1a259e833e669d |
| SHA512 | 4e1eca7b5e8a82b098809e9447f8f93825526756a84607d9f307d06c965ac3f2460ca8eab733490a8017fe59f6e58eae17dab4d7a3cf9b782f2f0582207cb289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b682fb5075a2eb15c5af04fb6e3aeb0b |
| SHA1 | 804386666c2faa7d87af39e8349d027ba1e60adc |
| SHA256 | 49c22889a1485f1988030e23cd83cfd93d5e0e98a8a8ca400ce8a289cae01b18 |
| SHA512 | 1259234a8b485a61388c63a465f7f00f8fa310ead5b94efeb66644491aa8d6d77559541246fabec3a625952d40e3f924850f0e8a878dd1deb96b18f8fd484489 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1c61e3e428e47e48ea69b8e7c6df474 |
| SHA1 | 08d646b8d0a22506460aa0807b4cc864315986d1 |
| SHA256 | f4adbc2aef3c57ecb5e9131e097bab0cf37ed58077417e066b62249c0fd56958 |
| SHA512 | a18164b87bfbd4cc3c61ac110789fd7f1c4ffe100932d1fd3cc1b427a158706c2e1d46dae25cd7c74fb21a58398f55e59b27fd5d12461e14ad6f1b73eef0333f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d90a72d81c66ec909ee1769454aede36 |
| SHA1 | 4747cf5360c98ef59368f01b1b0dccd5226d4ee3 |
| SHA256 | 4d6edcd990caac0c7e612a4489850c06ff88ed146f839084f16515d066b091e3 |
| SHA512 | 1008f450c73205ffc335f612df20f850d5e4ff59a11e2f4e30045385e75e160d662affee9267fbbed01e7cec163bc4b50e34716268e992200a996949ad6d0367 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:23
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22dcca8a6093a00101156882f769301_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4949021161810494004,7245645390406919238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4368 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mobilegallery.in | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.mobilegallery.in | udp |
| US | 8.8.8.8:53 | www.mobilegallery.in | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1376_OKRHQJUQUWHRFBQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7a706280ec462ad02791df45f248cae |
| SHA1 | 30767182cd7baca06fabb1670bbc5ac733e65bd7 |
| SHA256 | b34d4040f5755da5b83d9e00d8bde002d3a2dadf5912b14b3a0f52d0e3b6d82f |
| SHA512 | c3f6d0a5db1ca6967bd9e5a7c359507dcb7cd2370cc6f6e3b88ec88c10fecb34eb65692294ad5cf74111a47e96913497f586ccb2d5c5073c9f010b41cdf35e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16b17ce28c2845670d77c223cd736b2d |
| SHA1 | 4a12274a33c0bb7d847fb927fb7d61ae512765db |
| SHA256 | 5e757e213d076d5bf7f3d70b911c9e80e95dea229f9f282c5396e5d58e861320 |
| SHA512 | c683b3e7426b37a4357ad7339822f9902bf2c4055a3b40aebe31dd9ec1be0576f36148cbccedc818454318f6baeb2a92c3e434ba61f7a1c959aead567857d845 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06d93e037afc5f73fc91aa567d2180da |
| SHA1 | a3f253652933add6243b593b50e85ee81802bf99 |
| SHA256 | bf544124f2a940050716b0cbb16fd2e94349b8202ff6f879bb5160f98ce9812c |
| SHA512 | 1c4c9abf145bc614560a19f7c1bcd856c4b571bd97d5be07ad81595e836c13fd5c0d92d82567fe12bcff40605efc5959f9925fdbba478c26e0c6034f58220eef |