Analysis Overview
SHA256
1682faa67b2351f9b5a9da9307762ad30fa2da54530bb4b81c3a48c788960e0b
Threat Level: No (potentially) malicious behavior was detected
The file a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:00
Reported
2024-06-13 22:02
Platform
win7-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b85b29ddbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5428DFE1-29D0-11EF-9520-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000003db7a4700d183d6066d8d4f08158e80458fbd390c90cc4e8f117c269368a7ece000000000e8000000002000020000000ef7d202eb3e897beb564349adb60dbe9f68d241f96c91b4c7a5e6640ab8461af90000000e75d4dbd9b3960c1c621426b5842ecbd30721b4f2f40a0d30994bc2f74ba6108e03b6932743a0df9eff4aa8eec519c2bc11f20c7cb0a77a983424d56efb2e1f2d6162ee9487ab703daedbd0adb0a48b8f1a4ef7133fa0e059c558112ec5537fadf94ffeae323331ffeb924663dc92bc34c7bec6faf2f51387dada55cbd9afa6db2a49de4c84108e0d8bf5157c42275074000000048060aeebf542b1c359ee1f8c511635ea73341d350e5521484d5f18f70c26733a4e312a59dc8b38f2ca95220b425a2954b1ce1ff858b4cffa313e20100223d32 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477889" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f20bbf4fb749c5f79c06842aad94f56560a5096a101b953d90ec3f68d5516b4b000000000e800000000200002000000056c8ba5b63dbdfc5583da2377195477b8ce7a1475cbbca9d185a80fc0744631d200000006e3f137a104096d76468814fceae4cb95bcecb123343b482c5018874c92db8064000000073f867abce9ecc314dfc7678364d9531799d6b4a86a61994b9df65bdc4d9a89062d42320531f5c844370462517068c45523cc08b5603a37c1cf98442d8c8a464 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2968 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2968 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2968 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2968 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.kaitrubber.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.238:80 | js.users.51.la | tcp |
| US | 163.181.154.238:80 | js.users.51.la | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3314.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar33B4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baefa72deddfad50e47b9c705264146d |
| SHA1 | ce6fae9c9dec64f43706babf11df7778f0e06128 |
| SHA256 | a1c8d08600818eb8496621e576ebae504423d1a97858cf92fbd4a8346c25b7d5 |
| SHA512 | be3ba1693f70fb61a1375d99dc8fbcda7920c3b3ca18e893b91a49ff7fa669bd25e14b98768467e2632aac9544c2e63cfad85a37d74ba95ed2894e354547d433 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2267d6e26954352597f914b349df83c7 |
| SHA1 | ec206c86a0086dae6568fd415b7aa3fcf8b67193 |
| SHA256 | 533d9a1acb2b34534acb24bffc575fd29ba7ff98f2fbe67c0f31a3d816d9b958 |
| SHA512 | 7aed50758dbd91540402dfea8e78682ea7cce2d3fa7da342cb81b64624d9fe739674aeeb5460a445d0df7e7c006fdeb63d4c70337fe709416370ceeca1371611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 179b16b4cffeadedc9e327f56010d561 |
| SHA1 | d3eda7ca5f78c47b1265e59de592b1294a24d519 |
| SHA256 | d23219602732c0704bc01630ef6c99c2581e9a2367fd4791f07180759372b0e5 |
| SHA512 | 903c2ef14ef03071a46154da838499844008a7ca0ab624cc4eb0affe22f90f7f03cc6c9ce459771b168ae8524a4054a4e42be57ea2e1d0d43564ecaa33223ece |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3854f4f20a9580ef0ed254fe604809e8 |
| SHA1 | 8611a071c3e6977305a0eb6da7d541549af96b19 |
| SHA256 | 98d9dec2793b79738afe47b81a0621d0b1c2c667a68d3552f32872ab117e7423 |
| SHA512 | dd094794c2a303338f77c1d19c991d6d4ab0a9889ab669bb142d1d35aba3ff8d3ade4f4580748e445103c6ba2e9e0bbf43ab74b8479c1d91c3e58ca13afc687e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15043608da08698f89369bb7c8b2ac10 |
| SHA1 | 6f31d020022ba3865ccc7ee3f86e2dcb1aca870f |
| SHA256 | 7f72077b6cdd03277300da87e21e1536b3041b06206d19b052689179ae164718 |
| SHA512 | 1542824d00f63540e6e5b3cd2442abb2d20d870a8135d78bfeae490a1315c502001b02c81b8c681172cc02a93bb6e2173c999e63cc8dd373db8ff0ec521b4c46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52eb52c80fc1492da2d08cd092ddc4ac |
| SHA1 | 4da327a71288128656d487e0abaa720027dd1ff6 |
| SHA256 | c04300a4521dff6497ab1176be866d7a498bcc5d3fe18168208d8616b31b88d4 |
| SHA512 | 8c634bed29e1984a86e727ca61a59ea8cf6869f2ab4b8dcfbdffeaef0cd168fbca7ee52b98b01e513cd7809227ffa69a27af1dc8f3898aad162fc5219c527ba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35d2757a1436fefd9d13750caffb8c7c |
| SHA1 | 50dfebaa95cdb249fbb73a359ed5c8d03869c596 |
| SHA256 | dcfd7e5799948e54888c9776208b576d3d1f77c9224e3ba8a874ab42eace4e85 |
| SHA512 | ea64db19cf61ebd27cadfd03e9a7bac4112c4b5fdc0e3a9a6661fb58b626c12362b3d8cbd1b6fd99b0e37a407eaf6ee05453e77e685900e6de8849ea0cfe18e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32d92f1c5e62490bfc6d80495abdfe6f |
| SHA1 | a78aca15dc45f1337793c53a0a7a0380ccf7be8d |
| SHA256 | 5f7e87a37bbed5aaa3eaa9a384dd5a8b0c56961d45e3c192cdbdc22fc958c3c7 |
| SHA512 | 25b93fa9014aa5681725ac8884dc75aa3f36691ed95c1ae1385927301625ae8ba1c8cd5d02c654430cab95682fba8af7d15f8ba10855fb70c7687be13fac3472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dbd70bbf4ea1da2f4af504256b04b21 |
| SHA1 | e7a38a1aaa7459afdd11fb765425fa9e3cab9f8e |
| SHA256 | c865dac83a48e78968a92e2f4753651ecd298d1527268192025b1af229f4e554 |
| SHA512 | 363d7ed2d28b699c7c70629691ffcfadebaff67065ef9ed531ad5e216d824bdba031f2b55e13d9aa44f1d21beea84c00902e7f94a05bf4dc75a1fa7959117f5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac8f1bccba8f16260562efaebc73a3d0 |
| SHA1 | e06144f85487dc813c3a89a0e8b4ee6ca61bcd5c |
| SHA256 | c0b455912fa64bf9c291c916c99e70e68408c367b8c430dd776800dc7949a7f6 |
| SHA512 | 1872338c91f34253b8607928e648aef73eda64b365ce9a87a4b686841c672d10dfa871ffc262b6352ef224b0191a723c7f21ccac313c49e50875eab22705cb19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7bce23a72a4786684e150277fe1bf12 |
| SHA1 | c914db329661713f8c4ff16a850d5a10e0044d54 |
| SHA256 | 166a06937801becf369dbd661e14695f37e143ce5b10f6c5d05b2d48a17fe42b |
| SHA512 | 3f304f2343ecb91b73c9800034915fcf5deb214eeeb1c6711eff38d44efe836bce14dfd0fab12b509e80acf8854cba8e9e67bb369471feacbed3fc592d931c56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f69a7b66836ac9bf041a7269a11b5184 |
| SHA1 | be7480989585b2f1770b76fed75721f03a2b22b1 |
| SHA256 | b03e92ecfd799a2a3d7306a1dd49b677565d3037bcf5eff305e6a803818184ad |
| SHA512 | 0b5009a0b0e305c752c15a761d6a2608be4c58c86822c386cb47e0875b1f426e200f6f5d36982b4fdeec3ba5d2069e09d739c88dba6af1ded86916433949738d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f16665eeed1b259417f27f70e0db4cf |
| SHA1 | 28bfeb93c0d9950bdaed1ff7819ab12ea4539496 |
| SHA256 | b6eb1b3b6de335c36047ab0179653dde373e0b069fe6f686258d3387bbe089e9 |
| SHA512 | df18f4f5e2f609735c750827a8b8fcafe77c93b254e5098b89279db36ce7aae9cc8f702cb7038ddb0dcfbad7655227a06c151de0377ab48d039a922f938f1ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 820481cc0dd92aaee6c7a38ef91b65e5 |
| SHA1 | f08b6a8cd2618cd0a00ce7e211c0112eeb8dd2f8 |
| SHA256 | bfcb242355341dc65a5a7a4c0f6ccf3b9f2092b057b89d2801a14ce356e3ceae |
| SHA512 | dfb0656a7ec39cdb7c6f709e340be39957a7ada7ebc0de0aa905311585313a25eabcb07e0fd2dd0edc2dfff7188960ec3a172a8148bdbd2be53b14e88b655459 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 978b6adb1a2a89c64489f8e86ccc323f |
| SHA1 | 225e3069bc5616209b379a1fe0eca12fe062cd9a |
| SHA256 | df700eb725703e2148dea20ca2ee8b67910d6d50814b40a6e21fd177f07396d4 |
| SHA512 | 111e5feb7de5319ae605bdd25fec46b5b296c4533815e9e94eb4f619c2bb81fee24d1e401802d1a7408ddcf70af19aab6eecb7eac811ea540e1580e19c5d523c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e39151c321f8c189d60b3171fa2422f4 |
| SHA1 | 3dba2492119df080ee4c6ffe6aed4edd06b4de5d |
| SHA256 | e727903e48a5e4a2b66af831641f77455dd0a4d99a95506137d99dab20e50fe8 |
| SHA512 | 77e87a7a7580ea13a96c103ea15ef5c39bcd02eff967ce75e9483a2ffeb0ff987fe3fab3b1f0561637b3f2b655979b9aff33365158b534bf35b1ca2125189aab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7ff3133b386c14fb15976a2a9839ef1 |
| SHA1 | 781bb9a792e202edd036086564d2aa74922d2173 |
| SHA256 | 426bc953b467fc0ca2f360a0465c911413eba44e4660d36da4530fe5eac91469 |
| SHA512 | 0a61f75fdcc887a3bc7b5a6e798b8443d1d183fd6c693db8b421a823320ec0020c581ee476b2f3882faf2dfe49b87019f5a4a7f0d86fe4a8651818b180e5f4d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe0d36d9aac521ec69be2bf8e5e8106 |
| SHA1 | 7d7732d6893411cd6aec4742afec4d5d456c7cde |
| SHA256 | f98cf95177a04b2a762fcff1499734e824e1af62b9cfbaed75d759a76c3fa29d |
| SHA512 | 0a8cb0b55c05c9168915ba12f46bc58a717cfb26ac3649808b054eeb8c71a721f81fe88499be6e22f05bd8c0e831d630e95a08b6110c481e79f4a9b665535878 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:00
Reported
2024-06-13 22:02
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffe346f8,0x7fffffe34708,0x7fffffe34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11112616798612324997,14317310546503474542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4380 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.kaitrubber.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.kaitrubber.com | udp |
| US | 8.8.8.8:53 | www.kaitrubber.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3392_QCGCKDUECUBPYFRZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2aceef164116ff13bb8f1771e8775812 |
| SHA1 | 9d315cedec9fefd9bd866c9dd8ef6a8c736cc3a9 |
| SHA256 | 2fad0017e19fbb79e5e42e866c0e7b6facc7bda18b775c97fccf457c6baf1c7d |
| SHA512 | c0a4ac0a72266bc1287c64ce1d69583708f8290390075c70041c6456c3660fa0b8c3fee60482e03d6b99d60f9c6b3800f028f7234cd6b78cb60657f7a42c5a42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7f6a3c89-d386-43d7-8725-3b205002c535.tmp
| MD5 | 82d9ca68c8aecccc3c0ce62f874df726 |
| SHA1 | 4ce542cdfebb714828a58ce2a41e7af37dfb662b |
| SHA256 | 2c91b0fe51beb02fac1a71ee84e8f7d31e4144fed9f7fbd400f7384224373d7f |
| SHA512 | 475ea2a8b4479c8bdfa2391890a943fbd33689cad22810349c29dd5d7dd89198481bc84cb05657604d20e8f0dd69620fb7fe1c6a2e495d2fd0023989061e7cbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21c33fadb8bbc96381ac985fd6108e9d |
| SHA1 | feced75c06931f8c8a1d63b05afda83c4b0d4205 |
| SHA256 | 56fb43e26684918553cbfad5ee061d7467f702304a96f6ff0cf5086b71f0078e |
| SHA512 | fb2a30117d8e9e0f590139e9b99ba44e267427a9837862b4d2c7cc9ede74328a9d38d3293006be0f84d168fe4c08b6941758b1fe930f3fe2ff3fca6c1e494ed2 |