Analysis Overview
SHA256
4f2b8d8b671221294d724c9172bc216b8e0d6f44c0aa2b3c63b1f19dc23bab60
Threat Level: No (potentially) malicious behavior was detected
The file a6c3994a72927f5a1ce33ae415fa3f65_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:57
Reported
2024-06-13 21:59
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083d4f74db6a7064c917d107b5826538300000000020000000000106600000001000020000000ef455ada3ca7b6d6dffcafd878642d9799f05fb508cf4c883c8ea1318d931b2b000000000e8000000002000020000000282dbd5026817ebdba553204eb42f426bb7aee25aea0c9b21cfc611a50f19d972000000027447e8edff82f4c5ca17066ecf49709fd7d2cc3873ffa27a40ff583a5098827400000000277589d6d0d85411856f7f2db0de3a98af4c490014a0ed7a1553147910c1f7b04df37260d88d69963503f4af09553bd7df0242161e7d5fc2f6f4fbb8aac8442 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8402E01-29CF-11EF-A293-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083d4f74db6a7064c917d107b5826538300000000020000000000106600000001000020000000f3ad42d068bfeb66aca472e54a234312e17f1c201d108f6f3e3eb7837054a84e000000000e80000000020000200000004f215e2d621e806432234993a868aba86d2eeb9aabca793360d1bb504c8ad83090000000ee9352f5bfffc3c7c5c74359d6296c189469204263ab4050292de181d2b5e58435b4dec0cdb2e1da724f8d8c2def56bcbacb6a0d790306689a717c06c96894a08749f3b601d78a10c8dd38706b863817c229751f4229d368193130a4359583b78212b70d4176d5d04e835734e05f0c0578b42b3acf5775135ecfffbffe33298ed17adcb5ba50685a915ac031ac46b89b40000000d575692091dde90814057a2abc9868ebb0466024529b40fbbe43adf9ba86159fa8681ee3c7531dae81051ff8d12add3e449acb4440df866a29cb4288d32ab2e8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8083fabcdcbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477708" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c3994a72927f5a1ce33ae415fa3f65_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | theh2oproject.org | udp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2C51.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2D71.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14ddae1b8e84a5bdd697f486044c715e |
| SHA1 | fc154fe36564933462d23d9e9cdfcee8de432064 |
| SHA256 | 98bbeb7a4b93b71edc21fa4fe24eb2001a8d706b46b9d3eb267ccdbd486b4873 |
| SHA512 | 76791a7abfe62090fdb48d5eb10a3ccbdb1ee2237d017c3a200c4848f520d5d27b7ac63c470eb3eacc114e58b3dfd75ee2e3badb032b2600474b5e11ee70d3d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d168fd769659fc2f7c51a4b2913f3602 |
| SHA1 | 8e7a0e31e7e30037ab68b6deef85ffa943b37b3e |
| SHA256 | 1f09545bc30d46726d59bcb9f0314615ba7c2666a3e7dbde71d48d2c44b19daf |
| SHA512 | e54611eb71012c7fa9cb0171ec693ace86be0ad0723bdb39aad4cbfd88b57727538a78bd4e0e99f25628ab586517d2369b30bd642f9faf7e5c5151d23c530542 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3487469e9c7850f221f79d8040069126 |
| SHA1 | 9f42ffcb128ca7c53a96aed2ae7dad60bb82c940 |
| SHA256 | 7d22ccded18a4e04d26f28082afa1b3a2ba723ca11438fb679a2c0da37f206df |
| SHA512 | ecaea1d3e46bfb720ab0fa8ce7fa1f96624693fb61e420ea9eb08a49b1b36918dfd2d2144700660b9f12d8688b3f5cb98958a2dfe961e0f6c3e857ba0a354aa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d20cb4dbacb4a3861a8a8bfbb28e2ec |
| SHA1 | 564791b632879d6e928e74d92d51f0ae6fd96bb7 |
| SHA256 | b75ee8be7de79c024303373495ad8ad2d702c6d49939f4bd04aafc763f9c7288 |
| SHA512 | 0dd96102605a2dc53ca5c8542e6ecd4b77fd331edbcc7ead395c6d48835683521e93b101d18cbe8ba976c78d18c5b18ba2accfe0f83d1208bc3f329e93744913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6341d1e4c41e0e343f092618280fb76 |
| SHA1 | dd87af4cdbd75cc54fcf17f1de496bfa3f4f96bd |
| SHA256 | 8179bdd252d6384db5b86ecd3e12a27afda009db2c0f7ea0992ce2167bbb650f |
| SHA512 | cea385ce63a78c2fc9268ea92aa59f1c222f0fd9e1dbfd7f8c26b065fd9aa190c5dac53672a754001c86b03822597a3b4a87455a55f4df3aadb7cb054fbf7bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b097f2356710af378aee3e0b903c194f |
| SHA1 | c42d1c27339d2d010adf0be8af3e2975be1e833f |
| SHA256 | 715663e06ce824453fa1aaf473c0e6c6745796c0aa5cf6802742b93180783557 |
| SHA512 | db30e97238af797708d1ee278f8a7f454f957a98a9b560f754534ba2701ae68349c62ac372c17d395735eb15b12453564f76aa392caa6a8c3b3ecfcfdcd3f16e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 986629b02540e9e6397ea57fca32eb89 |
| SHA1 | a1d39d655a5d850e191e04db025a2e7c209e6d4d |
| SHA256 | f95152c966f0d4ce60ff548a4fe30eafe65c870a58f74d75a745b0bf4096ad2e |
| SHA512 | 23228b22f7952358783929fdb007f63121411ed7f0e65dcfb1c669bfc4eb4a41c60bbaf78d4655817dd16e674132b82578ba14426050399d7a01d67d5104607c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 558f1f3811ef42efa415227e6d5c3e23 |
| SHA1 | 27bcdc284ba78c3081b4e1dc4b10fa40b27963c6 |
| SHA256 | 56e1db85a154e466045c07ac1e02b27e8de33c8ce073ae5917a01bd3a3c54dd3 |
| SHA512 | a28c6c0073a40b9f872254914c9c7b10a66cbc062de14a46bd5887c0ded49f70c6a89f42591bddb752f4803a717822826b87ced55ece570b659a0c983a0a1c99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e8ba86668fdd7d8d626c5f2b6428546 |
| SHA1 | 0d2ca75870da049a4c5f7558a4e52315c7079aaf |
| SHA256 | 73bcf8371672611a6cbd24453646439d5f97fe4d275fdbe64692a16ac02fc883 |
| SHA512 | 2f506af2d170e6324c3950b2eba224b31341da8e8e1ee140e212e4ad0ff19ba356e419eecd2cc0d6f4374ad493bd5313624aba17084bdec5f839b2acee35ce61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78fe08d47f528317d2d0d32d3a86d2d0 |
| SHA1 | 71ea53f3c3d177d711878c57289309cff685a20a |
| SHA256 | 760f70014e85f5405acdefb9fc609b0d31e1c02f9b5f64c1671af3b13374bab6 |
| SHA512 | 7bacbc93859f8fb70b66f2839de8926f9f963798d8df809b951f65a31bf893f73eda40d559f0310c28824a483175e824f2a5260b7bb7851b2fd955a062575159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae4a95b3641c3e0b3786ae4f255f4b18 |
| SHA1 | 9577f28c4fb632a43ba1965e9817d979a55dac42 |
| SHA256 | 2e1074a7bf667ab2cf88190f0718038e03d16df2e2d67c0a8c095cc9e9446788 |
| SHA512 | f6add96d3f37625e935f506b7723f3ceba0e84c356f0bb30ea0d968f51e5f452b6225803bcb43d68c3b7a69904d40c7c6ee5c307212bc53268968b1723313ad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2515f20205c23e6fb5769d440e74203c |
| SHA1 | 24a9dddf52eca3174644a2abe4e58a1b7eb5199f |
| SHA256 | a34e20b2c544bbf30b691aabced52c95676eacad2874acc3d2d0388c647b1608 |
| SHA512 | 582689ffe1b299347ca207f0cf7e6a3f77c285ba069184521d5eb4ad6809316c3b3663ca31c467d34cf752e97b97f34acae21c54b128aa34d4b79ef691cc197c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7616f844375e3c38b703f9677abfb19f |
| SHA1 | 4add1c3b4f8c0a86ef8c4734ca6ea2487ce4812b |
| SHA256 | fa3496a7b8f323932759d7dac3542ee4585d5d54ad71dfbf3fecbafa5fadf9e0 |
| SHA512 | 9ea6eea45882c495f32769910cd7f8a737a536c48160bf71d023b66a165d581aa01338c39ed654b49508b6e577aec9f61d07f62e856904397aced2151d70e9f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c58715d74aad830e957699e2aac6b79 |
| SHA1 | 1baa0920f6e38b2f7a8a1d1d8df2688f4c311b37 |
| SHA256 | 8a2ae070f05259c2c0f11f0063b6c383ac79fdccc7187815cc9c274336bfbbfd |
| SHA512 | 983e3cf6f227b4e7d6d5d5e365808678bf2ed78230c161f3217b1fde387f5604ddb15684ae6100ee53fb419f215b91ef6bdce26349ae4eb87f15f7787462ad42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 593eab10d1a24eda9fe1333ff37c1fcc |
| SHA1 | 89ec29c73ff8f428556cf18dd105d40571eb0c7c |
| SHA256 | d3763b86ea13ef2940d746f049488b516c973b194c983d1d2515063e52d0a4f9 |
| SHA512 | 5d20085832402ddb445a0b9c132c569868fa5f9531606de078615f69e9b234a8886a62e4d5df689e8a11d4446525f351a00e20e805a2c4dab4e3f77df67c06db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c335e478cf41f47677b2d323ce2ad6da |
| SHA1 | 695b417c5e706b7eba750f330a7a457e7202f7e8 |
| SHA256 | 7321915dc793617f269bf0c45c4bb6eac6fd7e8c1cd13d059a354aac61d7a881 |
| SHA512 | d2ef3df6f5306896e42ea923007656efcea6108323e51db0590f1e6705588d315bb2451e22f856dc73c02c27df837b6b20772542fa001a0f523b02cf683ef54b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10be1142f990575e2c618832f455428e |
| SHA1 | 870ac041ac548454f5bf8b71547066cca6c13f0b |
| SHA256 | e9105e6436151b4247a4007f8ade048b15527e9604ee17fe02fd5b226cac9775 |
| SHA512 | 4ea862f7f58df605d6f2a65543e63a79b122d4eeca835b8a16d4ddc58fe667f2573274695809738c8fd4748f540e063a93b16b3d05520ade4a7c3d0fa98bf87a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c14a2e4a2726281c7b6a41b72cc06cd |
| SHA1 | bea22ee6fbe082455a87674d3de57cd8d50f0f2c |
| SHA256 | 7678ac1929643386a3e596ceb54fa43b730e3cac644fa24ecbf86e56e714551a |
| SHA512 | 8e59c63a8e27afd180f040985574bca6ef8067c9e492997d80fd081579d4fc34799d0638676ed9ff38a39615ded69cac6de14cefccda075e4c2c67e0d8483563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be3f924d405a7c42127735918892def3 |
| SHA1 | 075b005403920c4fe9ad69e09b3a6b82b960c160 |
| SHA256 | 6334da0be4a3b1ef507c51ab95cf75e43c2dfcd7e60901958f521a442de1e556 |
| SHA512 | 14fd48e421e44a20bb6e502067541696348ead3947bd11d743d630ce3f4f278b2f963bb2f498394af1a69009857cb25774f3a918a4f5f3bb1873a5ed73059ba9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:57
Reported
2024-06-13 21:59
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c3994a72927f5a1ce33ae415fa3f65_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4fd346f8,0x7ffe4fd34708,0x7ffe4fd34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1973483494196532529,2779063470942391787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | theh2oproject.org | udp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| US | 15.197.142.173:80 | theh2oproject.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 173.142.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_5640_AGXECJVNNFKZZDDB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d70d4256a248c1de5b91538abdadc95f |
| SHA1 | 87d40f6c5e6f73de2fc386a5b10e1bd3e9ca8f19 |
| SHA256 | 405c14963a45186b99f7d847b6e711617dc4351db18c91a602448ab0a30f4aa1 |
| SHA512 | 0b70bb6bf7e092645b4f7eb64df72d6ae4c67e6dd606355a82e5070354c11bb3124b968aa6d9eec3b0026c79df106f7179c9458ac3982edb8ebe8347114032f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6299b9a6c667425bbcd472f1252238ad |
| SHA1 | 5bed0da1ade62046f0f5c8d7d01226c99c1bd282 |
| SHA256 | dfb02971fcdbf9212375254205d93157f01b5b0473e718dfb786791b7c06da3c |
| SHA512 | ca5859302cb405628827e0d99cf7fee53f7bda6cd16dea4329dd7ae97e21343080238164ec7a0eddab66070d50c7cfeedb1fbfa8e1713a12d50dfd013991343a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ecabc1251b075c2baf749a5246c3842 |
| SHA1 | 885a52ae00e423a97973d4777b262a0544722971 |
| SHA256 | f68c9425510e9109da3fe3d7ca39b88b721ce9556848f8393848a9a1b96c2b31 |
| SHA512 | 4e17ea198e5dcd96be3859c6628171028ad6934aafe467b5ed8742daa317bd6d72c56296b385593fc22fd9532d6cdf4f289b5e736d29260e464a42e2a03ff332 |