Analysis Overview
SHA256
5ed24c96a9d0117a2ae1a6be866f2ebe21d84b1cff046cbd48daad6851c300f5
Threat Level: No (potentially) malicious behavior was detected
The file a6c479310abf0f39a2f7cc93ed9ac4da_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:58
Reported
2024-06-13 22:00
Platform
win7-20240611-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000bc31e0d4d80e1e3a9eb1b02cdba9115cbe08d4b377802d8fcaf3f82acb2a1d29000000000e80000000020000200000006a2ed1930ad74e46eddc926c9e0fde0c26d3eda26ecf007851451510153c1040200000003d6b73a4317c076a0b9f2de02d4e6388db475b78da565df56cc3d282de782f8e40000000241f297ec6e50da696ce6f4655476cb88ccf5d117ecca4bf86894f04d7fec602159fe01fd71fa2217a552a98ac743dd80daf86b77bc5daaa596dbf1c56b9ce60 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d019f8dddcbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000003f3ba2ec2c16f90f0e4501ad34cb30a62efea64ef54b3c6443d908527498d4ca000000000e800000000200002000000076d09bef80df6368b7d23eb8429988ab12aed03d2b3183a394eca37830e3a0a590000000d280d60482ffe4963cc238247f00849f2d39c97462db0a644aadc38a74aecfd35d57a59e9db0624908612e282d2eba5d81b9c8e4d82573bd751ef4f055daa29aff4c77e55d23e4e7f861737e6a76b4dda5fff76df11abc7b420bed10053cbc24e2553c57df7a579ede0e055fa11604b4d80847b66293a95a3f0a0be5eb5cc634fc327405a10fe780323244b50948edd2400000001ce705a4a3faf2aa2206cac2ed76a942e2e23ef9b000c6d7b00b74c055f68037be818c423d7746d369c940099ebe36bf73b1cda970e5de9ee9f1a18681591c44 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09116CC1-29D0-11EF-BA09-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2140 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c479310abf0f39a2f7cc93ed9ac4da_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coast2coast-training.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 3.33.130.190:80 | coast2coast-training.com | tcp |
| US | 3.33.130.190:80 | coast2coast-training.com | tcp |
| US | 3.33.130.190:80 | coast2coast-training.com | tcp |
| US | 3.33.130.190:80 | coast2coast-training.com | tcp |
| US | 3.33.130.190:80 | coast2coast-training.com | tcp |
| US | 3.33.130.190:80 | coast2coast-training.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\thethe-image-slider[1].htm
| MD5 | e60aa64b944e5704c4eec602ad1b906e |
| SHA1 | 2ba2dfabc32771f8eec51ed8a2315929fe5f71ee |
| SHA256 | 5daf2cce73b72cbabdfc00e33e35e84cbb0ff3c18bfeebd38718ae2b282bf8c9 |
| SHA512 | 3cfc2965f26198f919e297b13b626f70f9c434856027ab3f05b6168e858a64d244f3fe4653961ffa5491e099f5298a6e3c21ff8a4537cad1de03fd28f5a5c25c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\scripts[1].htm
| MD5 | cd8afad6db24b97ecff6caefed15e682 |
| SHA1 | 7569fa909c4e389aec896c74d03d65ab532809da |
| SHA256 | 85bb52f2d9c5da871e933535aed3beed9670ec19e94a231b11bbf9f9d23a37d3 |
| SHA512 | d97eb2ca86b82c7650981b9ef9d08a43669dbc52b5d9e6ebe94933827a1d576765fbc3867186a57ca9fd98dbff070aaae1a422438a16e1c41d46d13cb07435f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6979f565e27c58d6000416075cd1a3de |
| SHA1 | 5a9c765838ac7bbcaf412d6fc81a43118d898985 |
| SHA256 | d5be82f57ea19bf2abbc40cdf4390c93b2066bb5b9fb338e185ce9a3a06465cd |
| SHA512 | dda11c60ce13da900c589967a622008d3f3cbc02fa88c4fac5a0b4a0a0ff5fef7afa47a13c9c9bece348d913807b622776a8d637711338221e89c545b4b799c8 |
C:\Users\Admin\AppData\Local\Temp\Cab275F.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar2831.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1930ebab832335a6e19efc033b7c4912 |
| SHA1 | 4332e62c373e76cd2d63fccdbf18766e76ce99ca |
| SHA256 | fecd9ab0a8e0fc380ce4107be618acf371fd25de324347b545762e612d59be05 |
| SHA512 | fa86ca36e904966b62b55fea81824e80e74be48e6901b12ce5fc97e8f3cb9dd2cc90846228b575c362757ce8709542ad3d3127fcdcede231c38525af9dc6c027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 130926337b210d36e39158e9c92afe19 |
| SHA1 | 3ccb1cc03e35c455464375fd59d180e833d75f66 |
| SHA256 | daf616dacdaf7a0f19e9d90ca666fd5f24de09b876e543e03fdf9a772f9033cb |
| SHA512 | bf5761778822f6ce9c8e5e1e35845c5940873cf923f85f6bb6db4eb6929315150740808f20b5689d07abd2bb445f3749cbf9f18f51c043da1b53f1dc9ba64803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab83888a0fefdd90223ae7cd576ca7af |
| SHA1 | 32ee45fd147aff6cef92c71bfe010f368505c653 |
| SHA256 | aa5d7ac6c336923d3be9d55a3a4beccbfec70a10f234e7d2e514f7db216850fa |
| SHA512 | 184abe6371950401d5572114379de577912a2a80cc3213117018b8698adc22d31d58030449bfd0d23dea6ff410b2a2b91ba843499a86e1d9860e509c321a4a6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 966e0c381bbc765078967c6d7c0fa035 |
| SHA1 | 85c977350c98c3465d249807ec6cb3bf09c943dc |
| SHA256 | 87f6a9a63f2c6a981f01004beaf085c296994de73d3e2035309eb5c75f2813a0 |
| SHA512 | 60499374c9a7ab7aeade9ee76021a0ec7ddf8205bf0d795a59a467b4a02ac82d226f052614486165aea4076225f4b95d7520e4a7382fa0c6a229b6d190a9ff76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4a4c99799c57ada54880c637114eca8 |
| SHA1 | 3207d78e9e73d69d3e1b10ad3a7e6f11b713fe1b |
| SHA256 | 3fe2dd6a498f3c8b85ea7c2b19da650861adb3925e01175df3bd82470ab62701 |
| SHA512 | 9499a4609c742248fdd229f6174936081dcc9e5cc69c488bd669e80252d76b2202053c815f0025f23db64b4c53b44afc11fd1c609a43a137eb7bfd9cf8d030e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ae27cdcf0e3c2f9b7c2374e356c4684 |
| SHA1 | 78d074ba7d57d8e8605dae608eaf4e6a2680352f |
| SHA256 | 14aa7ea94440d4f675b489629a1212379d498f1909555f1f438999b4bd7018d9 |
| SHA512 | c7401eb81035136d7206e2afaa6cd43db6476f7d07eb4510651b9fe107287891ffe6886d340b884ae1aa96d06e6ed779553c8bcd7c13c5f81e1cc1b062c56a05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06d1896c5d09a0c1a87489bfbb6459f1 |
| SHA1 | 2d4e05f9b5136b333922484a310672560d27e097 |
| SHA256 | 1a151ab9a3866f2c1528fd008cc8b4108dc823e21dcc03ed2e135b1c0406c473 |
| SHA512 | f9232cd1344a94db3f023d3d3a023addd7201e68630b2fc06cf8c2a58f976fa71ddfb8aa19a5ce18ffa25d3edcf8d4169e382a3f026240a951b810fbb18c8b2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 269a67d99cf25bc776ae10a6ef5801e8 |
| SHA1 | 075e237fcddf6ec603b1e1454d28708c285c69b0 |
| SHA256 | 66468978e3bbc35c6c85bf00f4c2f3f1c620804be7514b1d0a275d550423b37d |
| SHA512 | 302a0912bce1477694f63b6a366d01d7a537267947746270f9dbd056bc42b573054cbf6cf34e53a3c2e36298da55664846b6219f48c549be92d9087daea8d8c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93616e190e1ef4389a8b4cb38e4301ee |
| SHA1 | 2723e3d5f318e1acda200d1d8ac6964e78946657 |
| SHA256 | 744a8ca5f2fd167a1fecc29a085d96f7fb542bc3070e70179e44755d49fe9d15 |
| SHA512 | 4a8a035aca6f3e40fe6851dd9e32bbef73b9428628876258fc9667a5965170b97cfec0b2b6511c2f8d194ebd15183861c91fcb5188c32eb616969cbc4888b09f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 963dbd7fa81d527e66d929cc4975e779 |
| SHA1 | 2e8cd6aa20d3dec27f603d51b72bfcdbb0949d90 |
| SHA256 | c10388f4514b89f6f81c685c8399ce8104148ef540186e193c28fe1a8438191e |
| SHA512 | 27724758c368ab1c59ccf58075deb15f64e8a43fd2faf1678149df43164549bb20126359ae83b31453bfc0d05f2256ad6c5959b95356a2ad5bf3865796d3f8f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 126080a227cbb7f9c7b6bc30582ee606 |
| SHA1 | 34e9a9be6f086334e80d914ba0f8261ab13702ed |
| SHA256 | 31f5df5406cb7ab4c4cb2d5f415a4ef272f10a94a01051f9cc2b9cb26a4c35a3 |
| SHA512 | 8d204b8b2d7b41fd62c9ca021c4bca2560544f89a26e138061f57f5ab9f0e86e81a27a7765b6bfc6839de75a1962c248f51c69b55c3be56900a976527f194eba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa4d947ec270a6d73ebd71ebf726fef |
| SHA1 | b5a06b5a16eccbc74b3a2aaede4c92563bac3c73 |
| SHA256 | 645d001255d78cecca335a486b642a73ef3c4a6a6c1adb5cde54e84c8243e11a |
| SHA512 | 72e4ea2001f3122bf3a5ea7e0313481280638b801482ea385ca44cacf7c4fb218b0fd0206d71d009681a2a87423d55d08e560f070a0c9adac9131cb8b0f3ae36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1448f943952a55675c89d0eddd6badbb |
| SHA1 | 8a51b9782fac6e27bbdc1387f14c00da72562a3f |
| SHA256 | 2644cea111e9f5c89c5d292bd39527bcd95f3f0e772ab6b15a341a28ebe7800d |
| SHA512 | 1296a8916d29f53f6a879a6e7e2843538bd67c91977cc37c745761c7b1069b824abd7d0516e2d3df4952e2455181d859ce9dcfaa8e06748cb15d710ee75b858e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 618b955b485ec1e4752d89500bf82bb0 |
| SHA1 | e2fb2e7a283b275f26d3f0914847c3ea906c9382 |
| SHA256 | fb3d306c0e4f89f006b18e2a2b806c5a3b36822a9a66338dc3c41a2c9b7aaa78 |
| SHA512 | dbbe16f16646e0a2966858b690e5173f5e107146d5228b6d07569759a547c9a3c4499c489b9503f2a9ce488166b7a4fef528f24b71270955663ac24a503d36ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6086ff1f3c445bbb39d4f203610f35b7 |
| SHA1 | 7c25767db8d9c0e63c0022c3ec2cefab39d701b2 |
| SHA256 | 465f0a8b0683cdf49c304645b493f09347ea3fd92a1b5d17464ef7a363b4aa4c |
| SHA512 | e5706a3fdef378171d3801f48896f0bc63802f54c6cb418d1051304b7bb2092f9b0dbbea3fff023a4d166d46c391886e98aac8d8bc342b5c125c174cc439e1c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e045a94df5fca12b8796753adc395e74 |
| SHA1 | d555815161c14feba87cbd69899b413dd231a452 |
| SHA256 | 952d12e39765901cd3896cfd1adc1cb531a402697f3c6052c5262a5313f9a6ba |
| SHA512 | cacb5a08532e5572f8d7cf33b91cb69414f4eee71598a7abcdb3c3987546b8783428dd73b903fc66505a379ce61f166454727be12601b4268cc3e6a09ba2452b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88708ac95c643ebbd921fdd1a4a68e48 |
| SHA1 | 287d4fad2fd9fc480ede921e245f6fbbe058e7db |
| SHA256 | 5caf78bdfb5ff82efb47d17b1fc072fa2e4637d5997d41634ae5d5c8201f5b50 |
| SHA512 | 353f115c1f80184dfc36dd7af1e3bff0580865267c60cd3d0b9b33ef210f521d1007c5d3d8b0c9c2095f8844613e8dc311097dd1573ad1b0f694f39247619885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6dbbd0d8a624b55162affbdc69596bf |
| SHA1 | 189afab91777f94e37c125d44e0e430610508c46 |
| SHA256 | 8af45f4a97a0a27fd68561629fe7e5371cd9127e06a5327db4b7923184814034 |
| SHA512 | ac809ab874e6556a6f7a1d521c16c84daa6d51c65f86187ff03afab33b9e8c042d0321cd89ebad213be3e8257480a35cc52f2c99596d4db8028dd1abc21c19dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65ab0e6f648cf37caf88d3ea8bdb4675 |
| SHA1 | a3ae778d1860bba0abae91eb799205d0503de17c |
| SHA256 | 87cf9862201b9e529eeb434f09c211615705040708360801d83c7acc018df54e |
| SHA512 | 69ec52e4f92fbaeab8da90efa06c5341c67d381476daef729d04e4becf788076769d72efb0d4dfa97606c844f9e7cc6a58fd98881203ca2a88863b70976bfabd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:58
Reported
2024-06-13 22:00
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c479310abf0f39a2f7cc93ed9ac4da_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee0164718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,375111990685102495,12923981661756395116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coast2coast-training.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | coast2coast-training.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3308_TLRGCSKFVYHAQJAQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7fa8f37d3f231572e73d194071be690 |
| SHA1 | b048ccf8368b8c47035b6b044b1c232ffc58b7bd |
| SHA256 | 26b5859deae4a6c9314814f372b43d46c689f0d5024600f039a8b389dcaa0884 |
| SHA512 | 64304549aac5346e3e1e02ea166c1adb1d5feccd4dcede93c5f31876e801def4d619f50ca89591add2cb7e7ba6828e3555a5bfe099274163bd7d6c6ef1a4dcf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df3213a10549b3481a35ec7fe8ac47a7 |
| SHA1 | 2a67c9c0fb5c1f64098a2cac19ce33c5d8b39645 |
| SHA256 | b60dfe5852b2672cee3094b2109454bd3e39c9b56dfbbbb83a4d453230034b9f |
| SHA512 | d2d641b9500ec2d7a0624de33ab458744dde057196cfd77151a3216ec427e9d5e2f2e8f5e37e9c8262b49f4578996225dcd5c83b097a5e2d1609d1e49a1a77b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2004edff0095ab31f12b2d4ea673c16e |
| SHA1 | 27a33f13e2c949730760dd43b4a61598c7454727 |
| SHA256 | fc0941841ef496a1148b1f6177094749664433c090e65571b8fcccd022c3b70c |
| SHA512 | cc2ae26ff5bccdccf8ae81ac410d1204e3735c979e1fdd5dce5e83c8132427980f0ec5a3533760897c55bdb2ca7b9e831e80e2ef41b27b33eca129a004fc5448 |