Analysis Overview
SHA256
4656f0aa576bd77a36faaa4770260b4f81eb17de6a88b78c2525e9a2ecef5e7c
Threat Level: No (potentially) malicious behavior was detected
The file a6aa17ffdb6acf73eebac79bcde1e030_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40ae3a68d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A52F151-29CC-11EF-8414-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000032e428c08ba93d4fb087e6375c080d0f00000000020000000000106600000001000020000000f9a48797fdd16739d8eec199ad424980823b3de2c5e127e4f0811c6b44d47202000000000e8000000002000020000000ab64e7ffb7b9a9bc7981593b30578de56f09cd1fcfcfec41a8af26d8beba8aef2000000091f2a67449a7dae33058f308066ac5cf86a9f5b956c66b7d682aeea24bbc581d40000000aed7e91f2dff99313b7a654df72c53329f44b3ca20ff8bdb52c7384f7f87f98e5d02634a965f02e076893b4c91d40553fa52583982375e2d7717b2b282a289ae | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476235" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000032e428c08ba93d4fb087e6375c080d0f00000000020000000000106600000001000020000000161f11eddec976250b1d1ecb55871844bc49bc535800318ef63c7c8c71737209000000000e80000000020000200000000426511b7dd09753463f0638f59562f74bfd718589c98aa44a0084e94686553c90000000475a8d5b93f2d653c9f7c7019400e10f311363995fa681ba20e08c38144aa1203eec9b2bfcabee14a947314c922c16dec9656e31c5b7bd23d7050476e93b8f1a50f7d763e4a71697062310bdd3ecfa5748ec5aebadf591402e30ff0bc83c85fa1e3318082b510cda82873d80b8f4bfdf4907bedbdeab6173afc52ee0653422a3c03d87973773aeb7da8c73904f9384574000000096e4f18b2755067cc147d27668da019b5c61cb86a998241a72a4b46fe4a556a9bdba603491f6ebd8b7f7546606873735d578299d600d099d0262eca7deb8fe6b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3000 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa17ffdb6acf73eebac79bcde1e030_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rx.025fukew.com | udp |
| US | 8.8.8.8:53 | www.xjxrnet.com | udp |
| US | 8.8.8.8:53 | www.njxysp.com | udp |
| US | 8.8.8.8:53 | www.jftbj.com | udp |
| HK | 129.226.118.148:80 | www.jftbj.com | tcp |
| HK | 103.113.8.249:80 | rx.025fukew.com | tcp |
| HK | 103.113.8.249:80 | rx.025fukew.com | tcp |
| HK | 129.226.118.148:80 | www.jftbj.com | tcp |
| US | 155.94.204.215:80 | www.njxysp.com | tcp |
| US | 155.94.204.215:80 | www.njxysp.com | tcp |
| HK | 129.226.118.148:80 | www.jftbj.com | tcp |
| HK | 129.226.118.148:80 | www.jftbj.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDECD.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDFDE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20aa2c1182bc3383116819d301ebc5e1 |
| SHA1 | 801618ebd123e5149559803f75826f56a3d4b5e4 |
| SHA256 | 25d5c29c012bceecc11055b147e843e645eef55e6461c0cd6018791a1d7274ec |
| SHA512 | 7a4b433f2c324de708fc37080875ae7140a9370aca6e6ff2dffb3178a8368208d9fd5c74ac05e7a264f86cd788f42147f2f4b63dee9768599730868976acbf35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9845d9eda85d6e6a9225d50db5138027 |
| SHA1 | ed17b2a6edeaa6ae180503a81b2ba17160a090c1 |
| SHA256 | 0ca9848241030deff459704382e5b114ca19774cdd171428be7b7f139a8cf29f |
| SHA512 | 0e39422d9907f31ba12a319a10157185a38fecc69e191376b038a9ebaf042b8971f0d4cf0bd316b40b93805fc2b3069ddf4dfc1a40011d314a4bb9eba8ceffd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f75008214ac5229eeb5c2488a609cda |
| SHA1 | 9fd84c3b492607778e0d10c80f71e607fefc7abb |
| SHA256 | 14bbb53a4e82393c186c3a68daaa98bacf4dcddc1797e5ed8bbf092e5ca30f22 |
| SHA512 | c5f30b6e1d4bfe7b2a74da5e4c87143307e1bccb07dcee3ea09ca73852564dcc69f0f3dcc6fe5dd485d03de03c8919aca6db2db81e9ffadff9a8297e53da45a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6637939c64eaee9bd6fccc80b932fdd0 |
| SHA1 | 63ef437a9218caa1cf80b4353398e0090a5c19b0 |
| SHA256 | e73ddd4caafff1d46682c159313554bd07e8e6e22ebdae4d83062caff66fa297 |
| SHA512 | 9196b2d293bee73e0f67b28bc6f1f9797eb52ce034319e9dbc49cc5c40454869f5568de9c7a2202ed83ab1dfa1ae36f586f8a4d8dc28037390c66140375b188b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d08d251b9ab06b0ccf2655963a0f08f6 |
| SHA1 | 09bebd099fd801fa36e2b1ee93420850544b2218 |
| SHA256 | 81802dfa646988e6d827576e98b32298bbd8a5cca26d266573174ac3261a16c9 |
| SHA512 | 1b2b1b50ecd666dbc6a7ba1ee7a0e68363536bd1805019adee052ba2df5963cebefffcadaa9ca8eba0766fca0292fadcecba6c14757a3293bdb651fc9a505a80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eda592a663675f74d46faecdb7a5d77 |
| SHA1 | 6a0a2f13bc75d4c46cf60f66877b4af395021334 |
| SHA256 | 8094b828748381805c087faac1857230c303cb71eb614479adb7cdc052ff1344 |
| SHA512 | 5898213dec2e7d3c2af93c79f05c18d326eef6a4c76d57451377b3d4a41a7fb7cb4877819c981d0f1af3235d4128cb6dc6fd74e7d911367fae5d64f00da46db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 203b84a23fe43f265597fcf3ee7effb4 |
| SHA1 | c02ed3d39928730b4a97587d08be8b3ea39e0582 |
| SHA256 | 502a7009299c20f999bc9839b410da7f4cd08d119c948d4362bf546810d9aa8d |
| SHA512 | f65261f6b5c1b501e68941a5891a330c5ff0ed5a9e2cb586d5478dd828bf816f12b131fdedce5696c9c08c2b11894229ab59732b2105618494a96e49ef3adece |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65c2e194990a67ed0d8e5ab2086e4048 |
| SHA1 | 863e37013bdd8409c6c6e07c5f73da7a2bb0fc50 |
| SHA256 | d76ec3fcc061e6972abf96e5923b65beababe91927c2d2b0641c3941eed67a1d |
| SHA512 | 6635b74560c1cacdc4064ac77797bfa8fd1fcfe53394c86dec57ebb8d9d836bc03444f39ded269633a9fa150a60776dbdbe10e46ae0cb1b9f26d9972ef6395ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a0a028599a6cf7c1b3e32c815e7755d |
| SHA1 | 9f5c6765f0af3a9d5be7c709fa11ecd7f804ec62 |
| SHA256 | f56b029fdfa426a9bded6f498baa1a6ae72cb4ccada1981b2a353ce4a623daae |
| SHA512 | 3196097fc658a33e6dff3eb597c28cddc4de5318308e89f779175548062e1ef37fee1fce30439d7197e7bd2a190186b81f162211a59849b2173e3cb6c037a3b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52d769c1b6f8b51a0d6bd61d954ea5d7 |
| SHA1 | f79121d087b4c073fd551ddfc2e10b2e87672a5d |
| SHA256 | fb932fa7169ade1866ee0f8d158b19174381e51eea14b0860fd8ad341863a6db |
| SHA512 | cd00507288e9027704339983d8d1839f0f602a74c8984cc67b611c4479cb7e088bb8cd6ab2f582f1a2ae248e9aef0c8c0bbfa134fa733392d420d0e64f1e2922 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d3b7e51a4784f946819326d3d9bb4b4 |
| SHA1 | 7933c72e187e352ffdea6062451a55308f8df685 |
| SHA256 | b7f8659179d4beddcbe1231025e4004a3189827846f36051dc2e593b088f130b |
| SHA512 | 7b57b4c02d20dfbf1dd144c203a5d1a7cda7d682b09a6a1e8090f5e670ddde88f7b443c08de97ec0d7e059559e9335689194aa5fba165002fb4a1fa14e6b3731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c4edc524139cdad8c7c2ff91d7ceb16 |
| SHA1 | 83c6fe14638d1f868cca5c02408eb81e5e33270e |
| SHA256 | 0bc05f9799a456a417269d8704af76bc68113acd3eb1acc881538379921cadfb |
| SHA512 | 67ead097043fdf2708f09b8c0674afa95357d825160f37cbc6dabb20812cd285e80ad48c9dc2488d00d6ac100722abc44be39b31415e7fd4b9ea0f1e2e67f40f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50f9c2700c2e5f939fc2098dcdd23716 |
| SHA1 | 1d909c949ffad826a5d31b88555ee8c19985776c |
| SHA256 | 0d2b84eea6e47d010c15cf95f670ce17f3515f063088bd0a0d30b4b425a8f232 |
| SHA512 | 087ff6fb23cd549e274acde0f72ff6210df2327079b13427fd8fb12ec34645fcecacc708b3bfc8a9f5426650ca6a86c6618f7b0ac438a3af52c9e875a54e7ffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 284ce561deb24f1626da4cec64c1ed14 |
| SHA1 | 14d685b0f8821745bce00fedfa4900cf56635b47 |
| SHA256 | 70686257438abe9b2b1da45546ef2647f5a2528534ce79e2058deef0b33480ec |
| SHA512 | 7c53abe810b6d8663ebfa738b46c3f9b48cc7920f35172d4e28408b05e19f5459e43ab422723f2f3198e75957ef46bd48856421b5a17a2a7e226fd76d084cc69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0003f2e2a868aac05d58993e45f08ad4 |
| SHA1 | 677eb0a3a3752c221fc1d54dbfbc94166506d182 |
| SHA256 | 519b817086639f542236858ed33ae795b2387fae83576ec4c27b963cb2fd62a9 |
| SHA512 | a5258d5861dd35c52115c56c3ac19ba13747a4f2a4445e7bdc830b2d86a52ef10564cddf3cb4dca8103883cf3d8f70a0089a19b7af7ef6541ffcc7f33620d388 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 897369a22672eb5171ed08e815e43973 |
| SHA1 | bd0df5c5040499e5d66bd9a2d31e443c2d35beb2 |
| SHA256 | 05e6904d673163d010ef80a9c1df076fcc8bc01ff155f442df39a0c9bdc86d8a |
| SHA512 | 84f7088f84bc664628d685187833cdb31f6ac5bcf4a58bed10ef4c6c8af8f24a969eab604e0036a2801176def6e31357514519653e5c370f260ab80056f0a519 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a804acf7b1cc7d890799327898036a7c |
| SHA1 | 57069fcd43053a537e39b8f820ccb369246ed2d5 |
| SHA256 | 8f2823d1c60c6735fda0f347e4b927d3afd1fd845b70b5235f24d6a6154085c3 |
| SHA512 | 9d06c16cb2050f3fbeb07801801cf51871041d0a19bba4bfe807bd05893d289487527c5f530cbc5ab24fabe76be9ffe9c49d05fd6bcaefab6dfd216488a59ac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdbf4c9a2fcddcb705e3a42c6be57a90 |
| SHA1 | 11ff2d9890ea62d6707d516dcc52cd095ef8a7cb |
| SHA256 | 755d7a3c08f27e9a60dd685d27773d306202d5d5022de8d1d05bfba681412cb2 |
| SHA512 | 84f6f33bc949af419903a69601c168000e7defa3077ab2daf6a6f79a014a5221997c2b37ada3c3bd1628865e083d8b5101fe9a9a8eae88e7f92f213932a3dbf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdd4795c0f313884d4a709bfb2aeaa7e |
| SHA1 | e02bf6130c5f6910354ae2a3c9f1c4efdc2e3e7c |
| SHA256 | d457806ce08af14f1c1e2df855e2868973debb1bcf25ba8b7b9bc4099f734236 |
| SHA512 | 237d6e930ed6123ebd93d9977d296c4f9ac09e6087b5fe2bb043f35039175bac7f77f29e3ec9a36ede27931777a14f2c3254ab0ef3df6547ebfb079d46ae1d7e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa17ffdb6acf73eebac79bcde1e030_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2243202754367420406,11394269989543770419,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.xjxrnet.com | udp |
| US | 8.8.8.8:53 | rx.025fukew.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.jftbj.com | udp |
| US | 8.8.8.8:53 | www.njxysp.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3552_QROXKRNACEWGKPCX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 231d1efe50b13159bbc29c3046b2fca1 |
| SHA1 | 4f11bcaed8480061bc67f47aa416ccdcbe682066 |
| SHA256 | 25c65ff48842790204a79a020f63b484ff8598a8cdf6bdc14d4c6832021270b8 |
| SHA512 | 2094f171d324ed91136cd172aebbf603eba1809cf539d5d2132efb779a5d06dce8da605cfd857eca6d80f5961b7040fe16d2fcf1b4dadd8c69996053ca4e46fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b8a0b44cb4def235a780621a1a22e16f |
| SHA1 | 602c384f5a8ed399125bcea0698b4b149c44ef59 |
| SHA256 | 6829504f88654433870719e43f2dbd43ae37cd221ac28f7c7354bf3ce98f1650 |
| SHA512 | 7b32458bc1b3de3e7f7feab1ab836183da2c79ec47910b26f2eb65ad0bc395beccc02541cd519f33b960a458740d494ff8816ae596e196680fb875b43d31d415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0946a2d849e7d10cd0fd230f2e353a62 |
| SHA1 | eb5674f735634dfd9568781b41fc60352231f146 |
| SHA256 | 0b334c062e1e257f994fb430aa8a1d25ca65a949a305e8be9f41830480ad7bab |
| SHA512 | 2f40b96120dea6d4c05f3f20178292134d778463703ef7f94bc44c7290c794cfdda6f152b17ba0ced582724b1496cde6faef01fa26bc44bb1ac10321956d8f8e |