Analysis Overview
SHA256
9203f83f053f3772dff5e4451eaae1d7400f38b0f805eaabb827bb29f04f056d
Threat Level: No (potentially) malicious behavior was detected
The file a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:34
Reported
2024-06-13 21:36
Platform
win7-20240221-en
Max time kernel
139s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB264571-29CC-11EF-A293-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004588795888659041b8e6a41dac735ffa000000000200000000001066000000010000200000008c1a66453e76811e4122ddb31f13ec527a4736673b548565180ed109978266b7000000000e8000000002000020000000ec7681a8f38c0187a17497e32bf63e7b9bb9b00f3a4789bfb55f741a0e7ad390200000009003f077cf949ea4e95e7f6ffc8271ba97f5f0b85fd5218a1cc5ee2e5c145169400000005cfa83ad1be76e674b2d78a3c165aa570913e8a015a5f04b318286bdb0f8d0d7ef1b2402c6f19be53a03bc303275d6455448ac766b37151f97c7ab106cf0a99b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004588795888659041b8e6a41dac735ffa000000000200000000001066000000010000200000006aa9a3f5db6ce3b2c30c31e8f9fd6499660cefc51ff07ac01e443e05dc1c2ce8000000000e8000000002000020000000f1a29447f9dd953a66fb524ea333024852e4f5a308d9163be9fa1733e0582b5290000000b6ecf25bdcde78a135ff1e219ff27ee06ce29f56b405ddfabbe41dcc21f81163ababd59f11ffb7c0580b0d08660fa5d97eaec08e69cecb2a91104b3f9308ba7af7da15e43dec336e89270b4efd8e717027c4a66e3a32f6bc45c5e2f5f379d6639dca7a7fdafc2d1ce78c8c98928343fbab5f1a226d6b0eb309cd6d9d26c4c838060c7e945aed055f0c7ef99ee224b1ee40000000f88358ec412c1c7abcaf7cd69eff4ea4014eb2ae227d81e3b4a7267ffd00a732beed600f500fbdd39aa21708bdf0cf93fb456164ec90aff110842e57b7e04d52 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905dd87fd9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476317" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2C03.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2D04.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5a38c9f2fc6be09243c1097059f1c65 |
| SHA1 | 525c58f8672862df6b95e65135e5a9ca8dffabbe |
| SHA256 | 158924d85b7be37d1739728ef1fa54d9907ac8d988e15c510764015e9b2e23a3 |
| SHA512 | 579683cd6b50e38f7c607996e6bfb988a40ffa5722fdce7e37e51d8f52f0b7728daf2e727bb287abd59cb2379608d985bd20e036fba36689470b27273d1cb7f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67eb4efdc0f4f0323cef79bda63b2337 |
| SHA1 | d2f0b97558c45add1a5b080582ef08b6ee38e3e5 |
| SHA256 | 85d93f4608daa118f6c494a7a1369595e9daa6ab59d0230147b8c0d892f0c97c |
| SHA512 | 32741fc4bf7e8ecbb6b69151f5f8dd1997fd5f43b9b462ef9dde589cce1b507274e0325082acf9d515b7960a6d8044b2459c099ed3adc1d7d9498f00367b1477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e812fab7fb1b17a79381f1ad8255802 |
| SHA1 | 0eda42544b3a4ea936ee1b3f8f364291ebb4f598 |
| SHA256 | 880b8218ed45a8dddad1fa54c0c62d55fc96326e9e639f988a88745a5d431c65 |
| SHA512 | 59a496f6d4fa626b1fd581d2ca67a12070e0be174e5f52f2d2647270903ed112100607a98675676060368fff048277f6ef3ad60a76c232759ba38fb5af2b52cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2bed2fc5c138fbd4b0483a7ffde2895 |
| SHA1 | 04ef828a719b532520a14f705316fdfe69654179 |
| SHA256 | 0c09a35e14a2210c4a0b1b0e48d9c4b71216a0b8d0e2ecebd4e531c1c0a1ad90 |
| SHA512 | f3b1ad514266d8238241e25958580d68cc3f3562f5f249cd1227845e1b2169ac5147db4cb21c292c5f14cfa6bfb8e64ad70813b545e20ecd9cf7e8e9a1af0e00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a760d97c71e5d1ecf47717e5b0cf2183 |
| SHA1 | aeb1b559790589cadd710ebc8f323e57b045e08f |
| SHA256 | 72909445e28c706463269cf26f7228ad7c80beaea46da77618b29897126ea18c |
| SHA512 | 5ce8f4f86654f4570da835cf4cd5c195e59742ccc5224d749e3127a9f3e923205aa46be68b815fd664c40433ae7d91b349e4956c407f6f4da99666252fed9cc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b943ca2f3237119ed76e67b7929d5f76 |
| SHA1 | 796e14370631c59e3799e80da7a8998f59ccf4ee |
| SHA256 | 469f96d9f58039e26d77ea15aa9f42a1c53b5df02dd281a5f15e5c4db3627c6c |
| SHA512 | 35b9ca8604cf69e789c5678d9b63ba550ccde0b96054af9a6fce82885fef3fe50ab77af064da525fa730fa8981f7d1f4194d5e886e4237810d6c3ab478f58e03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fb95e12b93a0768700471a9beddd6ce |
| SHA1 | 5788f12fd9f8b6333b5c9c09fbd5f03166538359 |
| SHA256 | 7f0d6493dc2c1f169e4e43bf04263ed257e97079da20e989569944d07e99a515 |
| SHA512 | fd49b0acd6e943497c17f9ab94b322464b7ce335a25bccd5ac58a9769ad52bd09778afd0c0a11df70cae034665a032741b0fc2145aca8a6da82a1eade7eb74bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ea1a4df0659e7556ca356d09ab18e5 |
| SHA1 | 99b3f27acbba18757d1786865f466923fc78d839 |
| SHA256 | 7f75347ac5c9171520c1443ba9420b2889d5b60a5dfe32606de1edae902517e7 |
| SHA512 | 4f698f69608a0f8682fe50810ffc288064adcf7a1d8fd1bade398f2f827af9fef9ebaf87d622af5afcc852c912168340b9dfa80b053c8da307ff40bdd68a882b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d04ca72c2d560cf6b7a62392bb3411d4 |
| SHA1 | 572e7f94eb1e6b57a91dc79af8bb2a5c9c487a57 |
| SHA256 | 0cb4e20e2aeb17c5e7259a3f27789c1386197fd9ce617869c8b96c2dd8be6ec5 |
| SHA512 | 58a7044c2ccff94e052df304e4e517453709f809f266c7baae78f1aa5adaccb762915e18547f1e6e251e0dd8aa6ff68a5b0e3aaf7bd904d70965b8a3a519f7ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7be77512a21c0cd30a6bfbbedfe5fada |
| SHA1 | 7956b37e75949b0a9710f17726abf3b164a33044 |
| SHA256 | 8a1ce64493a723f17c37c1387840528f75061668b3e40eb26333ce89cb0337f4 |
| SHA512 | 977328799241d6adfa9982dcaac97990c3840e7f7b7016367e0cc3d3fe39256dfdeb5061edefec11cad3da2e8a8600c6ea07403e67ec020a052e25bbd85820ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22b3c79584d599910c8185eefd3b0acf |
| SHA1 | a352695fc03a72e82dda3303c0759145f99a4570 |
| SHA256 | 63d6f19f04481d31f0983a58958646fa099aa8b4508f23ed82982cbd17a07172 |
| SHA512 | 052edbc4c975c38b983ad589218846b392a7aca41d5eb6459d8235dd9d414148456148bfcc831e5e4f3dd7074b24aaa8c8bbd9dd6f2112808602e3087dab25b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74cc13770ab0f9700f151921d657be1f |
| SHA1 | e21c7189b1d57bae79d6de20f106097157314893 |
| SHA256 | 5eda31b1621d2f218c7a7420acfb0a12c9789cfd122e700db5a63d49ee5627b2 |
| SHA512 | 33850671c4c72fb1b70dfb4b702e702212455053f1e17284d111f401db1062fa95aa67f2e2981266c239dc08cd7fe37209afb3fe5a5ee71558657b84987368aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c3260d688f9db97bf66f8b8c43ca37a |
| SHA1 | 3fd4f7f95d06c62c911de02839d9cc704eeb0cfb |
| SHA256 | ece4656b516f26f5304165750851620ea3c729a8f0ff28ce13d32d1811d7593f |
| SHA512 | e90f766a2d03f74aa40ef67e032995dd46cb7dff89a337da9b4fac4ed655e55dfe61c0d1a9395baf2e63d0428126bbd24dfbd543e11e888d543d98edc1bf126e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fa1c4a6b52557c1e63a6304e3cf9a69 |
| SHA1 | 038af67146940426cc20968bcea6217a2041f9de |
| SHA256 | b438633ffc0a5e939227b5a83456f48b1751b0b74c3fea0d676ba95fb3a2e45b |
| SHA512 | d700ddeeebce8d1a59de1b85ec267400f54639bce56b101db59da2c5c874759e32dfecd8b7963eb55d749e26562f8df663359f596e75b9998d317c16837fd53e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbe3cc1ccca311d20f6c34de427e5e63 |
| SHA1 | 783c860fe73c3c311f8bb0b75c40fd9895c4cba5 |
| SHA256 | b7c1ae58dbfccf466d24e4ca02f7d16afcde1c7fa35becfa71497d6abf3b1a9f |
| SHA512 | c1a8e1e293debb7f2df9251090ab30c10d16a2ce4f710a50621dd467444525fa290193f2f5ec4fdff95ff31afee1e2bf5cef65a1e664f80c6085696cc16ff622 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e589e0393e47b533cfa9cee64337a45 |
| SHA1 | 9e7fc1765e4cc10cb9eeb7a0ff0ae38b89770369 |
| SHA256 | b85523d7cc62886c7e30f81cd584f2bda6299f769929b60dbe571abba71a5c8b |
| SHA512 | 77c0393eb2841b917c83293011189e4736f1cf8d2be74e7ac4d1b2562086b8a6074ccc5fb1bad8913b9996c71cc41319457dad7d1b5e2aa99bbd157c56a09674 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:34
Reported
2024-06-13 21:36
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b3c846f8,0x7ff9b3c84708,0x7ff9b3c84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18334129026830954705,1613873837576029477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_1860_UNPIOVBIUJPZXDJZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 08199190f3d13c47056d0a4ab7f4af60 |
| SHA1 | 44dc5828211d3ac854c52d3cc589a999e3cd4a0c |
| SHA256 | 6b97076f598b07f3043241f0a3f0614b712bee28c6186a114deb4879f0ea0986 |
| SHA512 | 10b65b9dc354eacdc9303f05495e161691ca2a4f85826f6202b4bdf587a43a1cc967c91235d7e723c35b9fe755bde14d9d56138d437f40456d0303d1fe8e15fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a98030c175160944135ae05c8a726e70 |
| SHA1 | 876c2d9607110a021780206b0c90379ca434f0bf |
| SHA256 | 86a14a4e733071880ef6df1a55739564275b28d79ea6ca1b84cba577995db81f |
| SHA512 | ea662692d8efe5e524da0d679adb7f5ce361ed1ef502cacd93d9eb6e34bbdb352767a3e3d8a9d352752cc444fe951b363de7c880a18fd04b63eb6456db91c583 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |