Analysis Overview
SHA256
916f66ca5382fdc6a2b34aa88472b8ad710d0bdcb8b8dbc1611e9c4c35eceb8a
Threat Level: No (potentially) malicious behavior was detected
The file a6abbf79590c9d9ca0156986f942558a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:34
Reported
2024-06-13 21:36
Platform
win7-20240611-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d4e0e20d38c999db91dbbd1dde09930f071ae050475e1631b71be08535a7ce6a000000000e8000000002000020000000d6a84dd61078f2549b60ad5f7437fc26276f44e792edc60baa9270e319817694900000004f30bdfe157d5cc740010cf86265aedc63ce8a5e4ab40138122806a5eec784e6dae9d2895a0023b62dabe7c3d9e4d95bad70e407b2624a1bd72aad309ef71c98a49a961dab37100091db9902a7e1dcc9c0f4c87687f69e60d479bc209cbacf566ea0c435b68f6fb72bf63d07af866f4bc36b114d40fc7e7b20bb0e29912883de6a03d45e1925a8ee2327439e03f5992e40000000213e6ac4ae685b4190bcaf2ef786ac866e5379f90644fba0549cd563335ff66bd78edb6e8e770c05e17344c28d8faa018a8403ae928297b6602fb6d62d0cf3ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476325" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AFE41BA1-29CC-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10bc0286d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001990e77cc015bbee7ab695f5dddd1acab9b108d10c0e15d854690425e98697a0000000000e80000000020000200000002f7ec7df226911457ed89c6f91f6c462bf09b598499e7766b683073c9139f65d200000003b665051cfa7110c2aa16614137edb6b8f8dc6701d20f58e86be4533558609c2400000004a4c130cbbf38c85e3576d7186e0427ee647ef838813772f32b8804a142f5990875b1f699a26a7bd1246c1598c4aa8170c7668c29ccebee5413a1e3a3848bdfa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6abbf79590c9d9ca0156986f942558a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.daumcdn.net | udp |
| US | 8.8.8.8:53 | t1.daumcdn.net | udp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| US | 2.17.251.40:443 | t1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| US | 2.17.251.40:443 | t1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| BG | 52.85.5.6:443 | img1.daumcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 778380146587140c3970fdeacd835245 |
| SHA1 | cbeb19674cbc6e27f7128b642f2e522d0c871626 |
| SHA256 | 32dc953b657f3cadf04bfab6d3805eca728973ca6f4f56afa0784dc7cf854c57 |
| SHA512 | df733753b1c4f1f313db7954c5d599d0e299dd624bcdd927119d1013918c47fedc5241b5c3e7ad4ebf489bc3379e7fbd7d3012145babe367db2ca433691481eb |
C:\Users\Admin\AppData\Local\Temp\Cab7CC0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7CC1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3e7c021fc76d0366c67b034c053658 |
| SHA1 | 02a25236931b3664cad5ab4a28063097ac215f08 |
| SHA256 | 21cea929bb07d4c8c8f8b876696702aab199dafb2f3e180914fd41bfcb36b9f4 |
| SHA512 | 9909f068dd710dd171b00b3e8a16303bcca5d8d8ab8099b46c2325879779a21bb348eb0bd7ca5fa1f6e44805fdc19458c40c802d906fa9b0dc82128785a73a15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e12c1690819d4f594f5e99c7b315fb0f |
| SHA1 | 0dedd6145190dd230c108951ef559ebd6f440f31 |
| SHA256 | 814b8d6c6b70c8a48f5ac5ae7460964ec4b3db4de87e14d7fb77555d1aced563 |
| SHA512 | e3bf412efbb05df562bdf681b5f6e4515e4248c8e24df6e5b6fdd428e43f2dbe08c928e463ace0d50266f15bc801ac5154080a471e02a6ecbf4b44e87f8cc39a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1a14c94e2cc88264413740bdefa7fa9 |
| SHA1 | 36f9f4ad9efe2aede9132cb1c957247bc3f00fc0 |
| SHA256 | 1240a25792ec4d02b6504484d5b4a4a359a49ada1cc66756c266f2d8a6bd3906 |
| SHA512 | 87703f0f0d3231292b77d3e4d0098a1508568fadaaac2d4ca4ec52614ded18c4a7821815af21ffff51080853fa8c24864df6633d096344617ebceb1accc311c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f805248a89229694aa585d9c967b677f |
| SHA1 | d3cdeec5983d0104caae5c78a5d506dfc193ca92 |
| SHA256 | bf109a0dd770f8a2aa608a68a46ae0fae7dda7740dad016333780ec159a3e2be |
| SHA512 | 23259e3dbf5c2e7a8ddbfc692d1bf3c65059109b13992b95d6e2cd9c54d5155e887e5f8321652439e0738f8db65ee24b63cf3be457c49aa59b368af3f8755d62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ee0f5fc4e24b7c97e14272b962b7dff |
| SHA1 | 9e8020ceaee57a3a24cd93ddf32e34db637daf6a |
| SHA256 | e356458ee20c8ac373fa3d43e9eb58bd2c75fa743f6e50ebfa358151a8719760 |
| SHA512 | 64713b6f6bff34939d1abcf6bbbab04343d304cdcbdd8127baedc440acde2fbb8072c470b5d435ca24946871da90460fe362048467683e621228c11c2848b0c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f37329d72c30861baf8242e001604c0d |
| SHA1 | af35d4628024bb9094e78f7464725456b7699f3c |
| SHA256 | 0dc81910e876e6d209896a26a1dc5f507cb70c897ed02d190d3f5c5561bc2340 |
| SHA512 | b4d858ac93deb015ad0f9c1516c99c849e4cf888be848e06f713b8f2d535fec9702bc704af3577967e4d820df264d494214b30e751cdd7be8db932422597b17f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b91b7b952b35ccff8e36d7b7089123e |
| SHA1 | af1dbd36fe5b26f11201b8ca44644f974083c766 |
| SHA256 | 9464cf8b2864f1e7e928678250a821acd30c03f6f129a6762e65363e5a0362b6 |
| SHA512 | 47021e3788638ee83feefeb7dc7d777da623258c8decff8d54b13bee39f88f46cca00af5454634542de5faf4db419159434df7e26a8d840ba43830b4eb22da3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 524aa139286f1a533d76027a8dce3b04 |
| SHA1 | dc298939163e85f50555461550088369e031d100 |
| SHA256 | 60ae517e067189ba4fdca941a75384bea149d7dfbda9cb463e74298cd8c33f50 |
| SHA512 | bd0ef5488c947247448698df1575305a7626fbd857bfd16b950c9c309208c8786a26ed3c9133c2bd857a3b565d70a2595f1453a039450cdd834cf97d26d2156d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 060fd49b96a92ff77c4dc0ac35cffce0 |
| SHA1 | 0ff793d46af265104b1c8308108de46ef2e81daf |
| SHA256 | aa816444f9f7761162d61d710fab100b9291250fce012b6873c52d0d61577cd4 |
| SHA512 | cc144b95c68e888dee5ccb52fb91e0dbad981f9be1386b489a607fbfa219a74bf9a2283528edfbaa4ad5dcfec25303327f4ca07f47b61023277671d81f93bfd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45c7da26309ae72be77081c8cdf944db |
| SHA1 | f88c13b73671dda11e28aedee7cc517beffe2560 |
| SHA256 | 01090b603ea47a45cfd9d42a2a7f961ef1f44009d27bb4672e73486e5534828f |
| SHA512 | f173e6307dfa8db1e77165316b08bd0ad5beb9f0d3edd6299e36da6a6c47ff05d9df1b514a657ec1bf0eea22fbd0918132c78f1df3dbddafb81702ff7ceb8f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7537ccc40f95db54947853bb6ad02f62 |
| SHA1 | c0c57d1b27b5f2d3dde581b6dcbc741df9a9ba18 |
| SHA256 | 0650c6ddcfdcf45536677ba8e41eb1ef857476cd9554d1d7d09074555c66690a |
| SHA512 | aaf3c819551adac3d9fb18563e172dc75f5dc00539a2d1ceb4081405c0d0fbfd593dd0c1b0f32c6dc7ab6228355eac1d41ce193bf637c0135a1f5d4095532de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f38ba2558259a21be0debb451c86d3d |
| SHA1 | af03b8f9557e7a81f4bb7fde6de9df8469083d89 |
| SHA256 | ef8f6b0b83ab625e9f5d56e878b4779eb101079dd00028225bbca8b697b543bf |
| SHA512 | 752860c7d740bb7b6cdd3ec2a167ac7c89dc21bf6479c2ea90fc7edbe4a342810a489f325eea9fcd6b2be1a923a295c7b532e597f35a60850171081e520df297 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d8f73c0155f8cf8113519daba12912f |
| SHA1 | 4b99b2d2738a060ae31e5af1c06ce70accf6b884 |
| SHA256 | 689834b858e6e6327475a6ccb188aafb72a117f7a90bb9bf0dc24d15d7fd88fe |
| SHA512 | da0a80b77b374c898e687509fb32a4d17d1bb6ebdb2bbe8b34b7466bd387621f078af09e3d3161d72362ea591da5a944acc600700fe4f1b5501c57e9936ae61f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2267214819a1da20994f1b763e7b8ea |
| SHA1 | a042bcd9749cc618e962464071014fb75989294e |
| SHA256 | e662aa3259b7bcd1150807c6f0b80a8f99dc02c554c6150cac10d10b899d8d10 |
| SHA512 | ebb2ce0eb81a79a33177a2a6f5b29765388f7f873beada7bb0fbbd182a6869777997143cb043c8a7be1382d7a47c2ec8f0c2c8e42865b91f9c2ffb016c70d832 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1d60b6522ee11184d3e3b91942832d3 |
| SHA1 | ede24ebc55e2e120fcf2419f670b9fe3d715f597 |
| SHA256 | 30ae398fd9d53a630306a229a166e9cd7ac295b654160fa1210fa0c1e3a985aa |
| SHA512 | f1b34a296121a86e78f3df731d4d0e865eca57cb815e9d56458fc6ad18c468b770c8b66a4b7043f4da4f5ecedee0a9464fd90ce47c5bb9d6c041434c4726c2d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28e128232b28a0d77d616969c3ed19a4 |
| SHA1 | a1075d83d82cdd3a7b9a333a23af1aebaaf4625a |
| SHA256 | 024837e105f830d5a88df46b871f6b7b47db5fbfadb37cf8bf6b7ca86e8a30da |
| SHA512 | a2447fdd5d250defa64585f5a4869bb9a73a89f8a9e31f1d86025c149136b63136842b0c62102d2ae470a1f0cbaff57bf1fbe2a06f284f1c4400c54c0db78270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e5343f18f88eacc1e9db1445dfe1b3d |
| SHA1 | 96512d55b3835b9f3889c6971acf5b79c7694f5f |
| SHA256 | 22e8e3e507836fa2ea1c7b27a6ece05419e5a3d770f5bbfb397f3ea1895c2fec |
| SHA512 | ed3eccd6c64778787eeb05e4eb174a487a6492d6c22b340a2bb7f1a2cb3ebba0061a6a38d26b0f77dd3db4be0324daac77148eda8076e91c4aff22037b2dfcbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52ce60cfb7aef2b1e5af40820967c184 |
| SHA1 | 0e7274c947bb464d75a2475e82f28c271c33e9c0 |
| SHA256 | f254e024fb0151958d8fc98d275b55b602637b2dd707823fdbedf6695013afbe |
| SHA512 | e65640a9aa88cff55fe0d3c4c2b4f45d8abce6c7ededd02c734051cb4c348abaf4b1fe1f505d5511c0ba538b03c9f8c217beb3b3945d43661bb6650fe543da7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 246ab4f11e99ab43cb1e4cad24c27bc8 |
| SHA1 | dd7dbbda22fcc4bd25156e2296c38de7b8783121 |
| SHA256 | 65feafcba5df1545e25213ea84b654560427cbc7181f53accaef10893b2b7842 |
| SHA512 | 0363aa595da559c97cd63267be2f7ae8edd84362189f0fb00a45cf776cfde5962f37a2e564a053c93255f9272aee8b77158c397c2fcc2f2fc8c6b8c41a616f67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5cc6b09f4954dd36e1301adc3619e2e |
| SHA1 | 6e709d7e796b3d84fccbcf2eb5a6ac796158f544 |
| SHA256 | cc5ce51315f13a3f9569fcd02f63372668d9bafe908caab497f1d025542a40ea |
| SHA512 | 67ebc31104498a8d44705bc722330f7ed23553eb54c2bbf84cf0844183c4d05e30ce48bfa9cb017d894d1dba72e43b80fc37936353f712f6bd0398f6c98db690 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:34
Reported
2024-06-13 21:36
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6abbf79590c9d9ca0156986f942558a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,9724314799820740986,16678113731902311267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4356 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t1.daumcdn.net | udp |
| US | 8.8.8.8:53 | img1.daumcdn.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | m1.daumcdn.net | udp |
| US | 8.8.8.8:53 | comment.daum.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_1316_VKHKTFFCQGGSDIZM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7f687d8ce162938ab3960327e619e69 |
| SHA1 | 476bacebb0651f016a727d1c62a8916396317441 |
| SHA256 | 1af8168f7341f4e17ac2dfbb1964aea066957b1fa983dd996ec5e46f1624f66b |
| SHA512 | 1d63096020954f8b305d602bae009a6de161952909dc544faf093665209b61320e23e105b5d9f0eab01f066d131199ffcf5bec74e294a5e9edc8b330a5244b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ff66cb0fb3ad56009a33742a040043ef |
| SHA1 | 67427758cfc81d8a057bd4b2c5e35b7fbf0f8666 |
| SHA256 | 605d231c239eb38c9bf0c9ff38d77fab9589f6b18d8fba96fc029693e29b34f9 |
| SHA512 | 7c71603c7781dd105f4623839737b855916f1d6c5690dc50e89e39f90b4005a0c2d2c07a08352187db779ba56705122995761061b9282f5264025c3f16cf7d4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f005c327960c060a353672166d290d2 |
| SHA1 | 3116751dfe23fde37cc097ed219a461e3c209874 |
| SHA256 | 2d07802737a8242cd06b2fd5c156fb1594f3d111e932564dc1eda63a420c103a |
| SHA512 | 1d790f3e7058526a02dfa132f34303a2700db9a2e15194084eaede35f18fe247ceff590029328415705d68533abfe94dd14fcca64a41db4aa344e1a2b9c97a42 |