Analysis Overview
SHA256
308f240c3b97557ea4332326e34e1af3476f78f43c66ee41bdeb5d92b89a369e
Threat Level: No (potentially) malicious behavior was detected
The file a34fa14508d03b76c323299dee424884_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:12
Reported
2024-06-13 01:15
Platform
win7-20240220-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017977dd6d6ae324ca5c70a153caafbfc000000000200000000001066000000010000200000009f5044a14bee2a09a51f824c9bf0cc3fd601153777960d8087d396f1a4dd6a14000000000e80000000020000200000000399f89d43bb144dbfe6a0fe231419b97b5959fec0dada9975086f0856400c7a20000000f641d28433ca12ded92e51821b20e81e51a5be120b83adaf6aabb550a2bed4d740000000ea94e0ea242aa84e011d3c860bbe7267cd713a87541b03685fc526079efc187ac384104c2db828f8c93f13d6ccc1c67b68f7235546966ef4f1ad47495d6d6a77 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017977dd6d6ae324ca5c70a153caafbfc0000000002000000000010660000000100002000000061dd609fd274a6c6209cacf94f5e08902a7bb119b9591fedfe4bbd6e48d0ae71000000000e8000000002000020000000d86e107844139927187ab90f024c16aa7477249a32ee0d9bd91407ec8c5bc18b9000000040d019c84c781619e3e64ed8e559fccfcab9dfd3d5ae3ec5726fcf56e6c4ac32b3798cd8a752e99e26100a523b992f61d0f9b84b1439c17d50e6082adbf81fe348c53a8e6a7fb3201f80ae4c0e2b5feb91998afdf69045fb80a9db73b25151a3a6ad5dd99a484445c9e6d760ea049928d25ab0c51744599684bf698666ab30962186519eee679a4c2980b860717a6558400000008a08af0aadecee08843bd737f68f01bdc3e47fc3aec05114404e7a91de08f403cb7aec3e0e5ecd6d733532eb348d489125a62853abad84d288912cd228a40ed6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3020d9d62ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01898F91-2922-11EF-A296-4A24C526E2E4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403017" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2784 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2784 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2784 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2784 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34fa14508d03b76c323299dee424884_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | phone.sogouspider.com | udp |
| HK | 103.120.80.155:80 | phone.sogouspider.com | tcp |
| HK | 103.120.80.155:80 | phone.sogouspider.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3277.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3379.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc64d0329a62a5b4ab739dc8a556c068 |
| SHA1 | 8a660f40d36f6429634c2eb4a40b5201107bcd3b |
| SHA256 | de2813ecfa928a7bd71598526f29d3567be4babfb8bcdfce117bb8a5704d3f08 |
| SHA512 | 2894f8734c3a9ac7167604a17398f38fc48fa3d0f3886ef1516437edc61173f1a2d74f84a6d093984f18d57bfebb646eb5f81ae5a04b8602ca7dce9efdc07f0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a007a002bd69c33ab23973e4cc5641db |
| SHA1 | 5119508f0d685f3f524c92d5840c2404b6238c7c |
| SHA256 | 170b355c773f5f11801e0e158a8b1c32796a2936532a68eff3a9d2718aaf09be |
| SHA512 | 85dfa797dc0d7b9fc4588879e11d1345e1400347e6997f6fd1c0fbc8602bce75167b70e89739da367260cb893e5f19ddb5b36cc77b59b5c3ca1611a807b3d9ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c8f373952f20eef5c312f3e672e113d |
| SHA1 | 7eed56bc01027206c942161ddb5f2833876f2b0f |
| SHA256 | c6d88e85e133db62ea9f654bca64a6f97e94287835a06953a2bb448c91af2e41 |
| SHA512 | bcd2c631ea16acfe6ee86cfcbdbed73ebbf573cde27d62badf12c98aa03a3cf902ef75153b8a56299ff11cc565b3ec51c2fbbd7d48f474152c5f60bedad92dc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd28c1b40ce1371547c20b8873f6c0fe |
| SHA1 | a487a46b6a7ae4805a47d3dd8517decdeb82c4de |
| SHA256 | 0a28ded6fb623abcca92ded95fe192ae3fb6d256d3e8cfc7a270665d71b85416 |
| SHA512 | 97cc20b9586378c7a2dcc13dbbe5cc293474421c3f474e03140aaf24190d8aa0f40323ce92bfcd084c41c1397da6a0107cb3846141d089c6a1177be532e1ab2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e6e7d68435496089eea3cb0c736e471 |
| SHA1 | 160fd165b7352e877876078f1ce6baa70db1fcc6 |
| SHA256 | 65f5c23f33fb540efeddcd377eeb7c0b19f8cd8d633e3c34281693da0a356173 |
| SHA512 | 851efbe8d180a657db93e2c70214cabb780bbd34888d857b76e3d7c881d215d5f63aace35cefbcbbf6c8e1b9cbc1e1b62a6583dd45cf15d9ec9b5053fef1d8c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30982a7d426b09e8dad85a66b3965811 |
| SHA1 | bf497f808838abed026ac519c3f17837653793c0 |
| SHA256 | 634166a8ed30167d736a9a3e0a07a32624dfc9d658be92538f7a8901aa5079a1 |
| SHA512 | b5e4580db42c06e46d684cc70a15afbe32a8fcba4681ef137a41affe9757afbba79cf0aca2cd480d57b371dc9421daa79b2706c57d75996d91a0b030b85cd926 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bff9ec483f2ed186390d4e42979ce24b |
| SHA1 | cf1b498aa6d296089d9d3d70b77458ec0a44bc4c |
| SHA256 | d2ce00a4fe5f0a7110b89fa5af157872d3522a7e2d1c5c5d6a500b1cc6c675fe |
| SHA512 | ddae3845d3b1a6a42e2f7e781a25f2d3206e512fdf1c2306df0175d9dc2b102fc9d3ac8e0a5322da459eaa2b77c95ed7711714d5f3dee170cee4bd618f898a22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1404175282cfd3438287bd6d9c3a8e48 |
| SHA1 | 118de8e39b5ace83b1e4cb64611224f0f903f63e |
| SHA256 | e368c2f04b7ee8c4d839bbd55489e061cd333d182928a0d9468aa5eba762596f |
| SHA512 | 52e2cd24baeaf5f5b02d727163e3cf4d36dee0fe8059065ebeaf64d041d0f51cb3c7fe6e5300afa437ad43aeaf693bcf72af7b13e7740d602a28cb6b83324911 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2130bebf6eefc85394d17be880ec718a |
| SHA1 | 2d8cc33b067c52d5c901c608c84a12d5053db870 |
| SHA256 | 4092526ddaf1dab85b6440c09dc6fa8ec9b2ba36f320b648b1d7cf11467b60d5 |
| SHA512 | 90139fc53c31c9445eb1323299235eea37af2da2c3690c048c09222ebd41f16be2310cf3a152707933873333f3b0f952dc0b2d5f6c126cd887838d56e8fa13c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 449455871ea04b9318c7ca16261dbdc0 |
| SHA1 | 7ef8ef85b47e5ae1b2332f61b635b07a562e97bb |
| SHA256 | 156b9b156b2ecccc4770b19ed810fa4751338500d0e8dd88fdda69157ca89a1c |
| SHA512 | 63b0ce44f5693e67a50165ec5ff108f5a8785facac9ba09c5f02825f86520d39ee3a971ad4d086d253eb41f3eced1586d153dabe4d593aa43b0ae38551f90123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b8be120e2f3f1a26a7d05348de815b0 |
| SHA1 | a29f1235f79d797caef070aebc6b973e70dee93e |
| SHA256 | c3554066c670b8741eb16ec906dfa12cad90645150cb0efb1815d6d09e30e0c7 |
| SHA512 | 25e70850458d5a3583886cb95a94d02fc0692e6e83a2e6633095a34c9d2acbff3eaaca8bf87b8bddea5a22affb10a8480661bb0048a594620fb7acd5beae4b48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7b22aeeda27ee13aa9863c1a257893c |
| SHA1 | 872afcb1be6b1836fecedca24cfe8d16451a87ee |
| SHA256 | 1fc3c50ce3a807c6e25cf221e07efbd535b59749880afca353d3cd461fb37993 |
| SHA512 | 3a6709bd81c5f40e4a0c5b5f5144e6f14d30a99c03d4c90f47c3f94aa96678a959ab819c870908a1bdcc770aec700c8dc23d5c118dea5e90bc8a1419558357b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3ddad5d124599e177eb56cbd05fc583 |
| SHA1 | f3bda4c331d717b2b1fcc213fc61a0d4dd873c26 |
| SHA256 | 9b5ad3233915604c5dcc8d1f34d47f1820556dcd1705c291908405a7d61b8404 |
| SHA512 | c1ad04c132fdd2802583e9d73ce87bb05d8e2f63e5ef0f957212080680ea3034ac80c63ef3e77ba446a0325ecde2f0412bdba7a49b5d6215feb70f5e1578a448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8011ca4b4381108399f6e33dc2ade677 |
| SHA1 | 3ff8446f462ddb002a7591e15aa5e6bdf54401d4 |
| SHA256 | 042e33a144e3b7fd3e0ddbd51d3dcabe67e27b66d477b39c718576b57717f2a8 |
| SHA512 | 32c8a05afee7c2d16ff9d4396a77872cec6044e33215c79d631f2e9212d6263616aba5f989f4417d88e7710c12a8c575f5e3847cb25d15486ac3f14e5286e0f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57e8b9e2c9035831341c08240e0b5ed1 |
| SHA1 | cd47bfec7e8883ed458a109a46b849e39cdedea0 |
| SHA256 | cc12377eded539b3d0681f89370e62390e709ec1f78684ae0cd6b93e4462440f |
| SHA512 | cf6eb19219f2eb014840f93116821cc095e38fac8cab9faf232b2df2b765a35529f69a6fba1666b5c708b9d062a29c61d22a1a98d5a749ff6f13ca07b3c45375 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a9407ee90ac9e37ed0155130428c6f3 |
| SHA1 | 21cc1bd330b1b5e3bd8d51cd639d5e6ac950f59c |
| SHA256 | fb4144ed4eebaf49a7acf05eca7aebfc4210bb82be4386ffa7d8bd5dcaa43849 |
| SHA512 | f97583ad23e1065165e9f3f94d0380be534b4ee70453ca3fc79656e0d3aa22a09b820d3ee2da5b240fd257df9d6269954a1cfbe4d1c86494b041ac56d6595d6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 920450b0c0507c791b0775a75d38f0bf |
| SHA1 | 64463ba19fa277a688a049d8a9b3f3e47e5013be |
| SHA256 | 44ceff37c496abc8c36ac70d6c6a951547f992a54005dccd2ed8913ea0b9f13b |
| SHA512 | 34827ca84a1a6f0ef46d7387f88f66a4e4063a30bfe0fd63377b16f1304be63814aadac665b560e56073fe13916a62720c61e78b27a9c0bc914f16855b7fe71d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c49495d4b9bcf6507272f6c0565b238 |
| SHA1 | 2fba09b9f3f47a59b8b9e1abf0d5ddcc2dd5c8f3 |
| SHA256 | fd46d569bc1a5c0a63cf010ed0f4d62d09645d69c1ec6b4be996d1be7d5251e1 |
| SHA512 | ec2cb113bc883a3aaa730caf098bab40d9177d82fb9cef005ad8129ba6f1cff613f7e77911b29578728da3777486a2f985a61069ce3a59b4a75b37939680f80e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4e5f271eccc3d55655e3f3ed1fbf281 |
| SHA1 | c313555c1ad9322bfb5cc073105608a191860f91 |
| SHA256 | bef425c29111eb3888734b83a2e7ae660afa2b697a0ae06a72a9ee00c876e9ed |
| SHA512 | 46efedbdb76eff7b29d6d650c53e79185ff278bf4d229589d252b60a320f8d9d61a4aeb8743873b8522068ba207233242c9160e5658f38dada1f8c4db67a2167 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:12
Reported
2024-06-13 01:15
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34fa14508d03b76c323299dee424884_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12028055856964676635,17065692759952548298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | phone.sogouspider.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2012_IJDJYBSPKLAZZCHC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c214c8a596031c7bb89c5bb1813af6c |
| SHA1 | 00760fca12ba71861a663a834aa9b941f6770e67 |
| SHA256 | 8a44376c3d5fb2faee35d3ef872e956877dba583f5b5dd739b523b9380e0aeac |
| SHA512 | 1b1ed18f4324c74d4f5fdea7919b20ff1a2b1321149f8cfe7b3b4c0e9dd5f528d648ca3dd7c25f070cdb8002cb314720b1371bdeb3c14748f76ee60aa0efb985 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d92f17fe3c0e17ac5fa7fded95643ddf |
| SHA1 | af88eac916fd5da9f189aaa273f824fb7d5dc447 |
| SHA256 | 733ee6bd926245c3d3b83ef9a277d7d115e89bcb33766a1262ecc28ed3ba3ed4 |
| SHA512 | 5c771f11c52049749e0b7376e3d4775114bb1c14c8cf0e81127f3ee6a8a27a499b7cde396fc5abc4fee8f2540a382f4014ec66220bfb3f35f9859df461a737ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 027978bdfa40b38b81654bfde95f5b7e |
| SHA1 | dc5f23b393402e5eeba799e11d4ebace84bb5a96 |
| SHA256 | eab77c07a605d4ae0ec7c633ae1e5857a66072c6518ac7d1f11104583b20cc60 |
| SHA512 | 762748cb42e5ef6fe3e2ba76526561a11790a6439bdcc9c934f3d8061ce5be2c87bc4851966f4770be26128836c2ef430ea98595882baabb80c5c02ab843ea1b |