Analysis Overview
SHA256
7e217a10d26a23b22057a06db117da5ba88236b9745fb6a21240eb542ddc0044
Threat Level: No (potentially) malicious behavior was detected
The file a351db75d4e436104729b46f5701fb17_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer Phishing Filter
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:15
Reported
2024-06-13 01:17
Platform
win7-20240611-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 40544d282fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403180" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61CCE6E1-2922-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b052fa392fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c44003f7b3841fb8e8aa0c0d5283cb0dc0762a9b6b7e2e9479f021e8ea8ab01e000000000e80000000020000200000008006cf31089dd445160a8965818ec41f13ba36c9d715448549302442d8c951f69000000064d12e502ec0e66ea90bd4164bbf73eba493b496d4cd6e5611afaa5925746c42821efe79653038f167489772409447a13c190ac29755cafe791de0bf34b5317811e0d0fb384c58a08c8ee376a8e7403e8dc16f6462eed1836bc98457f018ac220775b222fda8a8d268e9d1a16100d64f335a37a2099b1078f7aa703e5d7798c70ca80364967e13cdc29359fb7754d87d40000000eb188c87a3b702d4c8633233f20ff85da34ef1f6e4ff66677b37ef9c869e4f4ceb8d0ed05ef64ba752c9ddd9c9aa8e0508de76f491b0b685d602896197ad16d1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d837a2ea575f975103c63c3d8787c27f3f8e6580db194d6d8e8cb8fd846f28bf000000000e8000000002000020000000eecae79ace64a7756ff59492ef0ccd03f2d2f4a390bcd50324e8527f781c684120000000757a060312690674465d94b2aa7f94b61adef8bea4f3932de2dc1fe280565694400000009ef48dbae65959a8dfde5fb03b436ed7ebfd77e88ec39fbae705812d314395366cbdba52e94800b40d252f077cbb6d0513762572fe9da80edc3926117a6294ca | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2996 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a351db75d4e436104729b46f5701fb17_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| FR | 52.222.193.204:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 52.222.193.204:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 52.222.193.204:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 52.222.193.204:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 52.222.193.204:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 52.222.193.204:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| US | 3.165.113.43:443 | event.mackeeper.com | tcp |
| US | 3.165.113.43:443 | event.mackeeper.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\jquery.min[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Cab63E9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar63E8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cb671e49343d3dd5da59a166e2f5fcd |
| SHA1 | 852a05237764805b17d1e07c3b449619b85e4993 |
| SHA256 | e07588de9aa8a28016b5a3a99d4954e75d61fe1c7523453a3b81c77ed43d7640 |
| SHA512 | 80ee516fbf059aa0de1ce5fc70a35296db6d3675e10c78a9c660a462e7b72590122579c15b392f25738711973276642af070992c83aa84e72511c24de4c764b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a649fe05cd149644240d4a6f9826114 |
| SHA1 | 2e1ae8275c10cd454dc5620dbb14dc64457a04bd |
| SHA256 | a952197360a1337f06871af7f54300e89a472a879334ad0f164104f20853547f |
| SHA512 | c50451bbccdb280db40e3599412e53683cb18e6b54145888ac1ec81b4a6c673698d5d908194ea36a251991f6a95bd042b54fd35f17a624c505f1b54a174b95db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51d162bda70875890dea60a7d5d65fee |
| SHA1 | e793b18cabdc100efd18d354b0deb99d9eff441d |
| SHA256 | 8c7ce9f151e8bba2a664ba10bc685eff17e1ab418a409ef30ce267387abc69b0 |
| SHA512 | 848846c32bb7957c186d02a7c229ae1857185242895978f4ffe54ac8b4b13b81e5a681f4ddd26960b71991f39c5739288ac01db7c2fd729db2426fe68163872c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 0603615016787be585fddc8f38d92c8b |
| SHA1 | ebee3317610fe40955af739aeeaad4699c4adca1 |
| SHA256 | c00ad16c93884529d1c99b75731b46dfb438f6c024ffb247628c5fa3240cf395 |
| SHA512 | 2cc63231f6b866ad902172057d01c13b43ca37331dd7bc62096ae4a478123e5e60723c055279e2f6223c84eb50b1b1012eca99f33b1fca3a0ca292b60afa97f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ebdf71263faae5547b342589f91bcaa |
| SHA1 | 74a12f5ac3ac80fb19a5d6c2a12952a1ae3b4858 |
| SHA256 | d2c43085068b5c262b088f3af82d453e49c49b377e94b55cae92f8718d92534b |
| SHA512 | 4dbf45cb2c1220db411c741c5fd6b291fdbef5655277dcb19e3dfa555435b37cf4c9d5ae021c8fc85acb76f3879ff843cc525b2cdb344c15da11124d0e464885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7df3c89defbe0cc647185e1b1afb5e50 |
| SHA1 | 5db8973d737a5c3bb414414dd116aca9cdfc641b |
| SHA256 | df95207c71d266afd9f2f42dd55e1f10e256d8e93ff5749b7ffd8e5c4f50141c |
| SHA512 | 870bcf211a140dd4c6589004f26939b4dbaac1117310f7c24b9774f88050e80981687f0e9212fc3a22fd41f26f3eb512a777dab3dec35a342dccfd9d1bdc4a1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7e19c47a02461cfeb4382f06a022a90 |
| SHA1 | 2431cccbe05871c1fbd6e3ce217c763a3f36f132 |
| SHA256 | 486319f0c998b4707c7d20f3d10a85ce27acb92a7270e0cece08067d17fdb53f |
| SHA512 | bc532e060a6cbc601061917788b490475b8732b584b7a5c9f990a2552b183ee05f6d846799faa597468afaa57b9079ace739db391e0d0b7579e334bbcc10a2a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d39f236e9a96a9e870e50dcb31e805e |
| SHA1 | d4f052637a455cfcf53c732d8e04f36f6f0c8e96 |
| SHA256 | 02aba0ad8453a64ff59f352ffff509b8395bfb0d6f8fae96d92d0889180c5e65 |
| SHA512 | bd8ad9892101c9ea260608291931f6086bc6eaa46470be9f85c4862ee6742a64a20590fcaae39ef9bf26abcab88e4146293c21688640adc5a99411e64e43cfd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e26db2667bbdbcb6c723746a3abca226 |
| SHA1 | 7b36d74bf79a5edfc566a1c16741554ea4619140 |
| SHA256 | d848f3473c299e32c8e4040b20ca4b39389238d0410c0736389aefac2a5c7dba |
| SHA512 | b17eda78afd104426a8423673e6cc39468a641a6e307edefb155e0f0607cdb1c12df05c73dd8d6cc795d59e7c4444fa6a096343cac322df2027725d81e2f23c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3a5996d0ef0b6f57f4522af7da9481b |
| SHA1 | f8a9b8a58ef18ca68728f4709ac2df2d7e61be25 |
| SHA256 | 1d174b5483b8d15853af9f0eeadc47531b4fa2aac1aaedc6167ea36394f9ed6f |
| SHA512 | 0d694e77aa0510e4d12dc05a1ec8e6e72272ac783b54251e911724be83129db460ebee76aa4e02e3c47a71e6bb7d32effed9a2d49306cbe599e78d4a9741d67d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | e284ff4212d60207db022f3ae5e67766 |
| SHA1 | 534f8849b8411561c8c530d2372220debbb116f3 |
| SHA256 | 631602fefd735a972c7eeee87c6e06bd7e7052faf714046f75b22e62750c09f7 |
| SHA512 | 63d49fcef30ae2ab1091d59faa297d57d1e7a6f2aa31f20bb4bcc34e3cfaa7bf1e0e25cd09db0cbfabcc65ea3bc1657dbea627bbb30f0d200864660413fedbe4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d83d6487dcad0b0879703505cc5b57f1 |
| SHA1 | 6fb675be1ea7a9300d6c5f02b0153aa50448c310 |
| SHA256 | ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd |
| SHA512 | f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 0a73236ee00204e59e1fda9bf3d55580 |
| SHA1 | 562afa32f14c1d434bd59835845b1c2fdb9860a1 |
| SHA256 | e5909b1dcbe5827a055706d28e8f6695913e504015b6b409049f182e0551a13c |
| SHA512 | 9ed14847ab77ef73adcffd3284e704d8346d73d12f567b3a372ad23496ce68b90407266806c09f15c9d65b28f66f77110d37938d0352120c9919e036c2baaae9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 0c3e59c96836b5ff39711c3af100898d |
| SHA1 | 6686d18b5aedefa9c5a7f0e6de48e7808d80dee9 |
| SHA256 | 58e93c11de5130ac47d05ed1fd907fbd74fab0ba9e56b2f479c803d04de65c32 |
| SHA512 | 80ebe14c011f60aa780a70e3b174f011ba81ed09b5658e1884971070c7e5ba7ec63bd50ac90d0c78b9d2e6ac00400b36760639928004d5dfd26ef54249bf84a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 947069d4bee30adcdd717d95885eaef5 |
| SHA1 | 5db89b084be16a1547842d578b6e5f008353956b |
| SHA256 | 326b7cadfab8d174142c964f0ee4a0104082b4c1123299fbc3d88c250b814cdc |
| SHA512 | 2cf1afdfa0b8758219aa5b349078ede6fa92724ed0337d78fc247e11c32f65a1276b289848bae662bc38a5f9138a445cce112d126e3cbfed4b2de066ff7ca0c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | b5a90e7cd6cde48f789e373299f507fa |
| SHA1 | 7a362c26f72d08e1172545064f896de933aa24b4 |
| SHA256 | 39a9e515cc00454a31b8af44f083cdf37cf46fdd2a3b17231338d9d0ba1397a5 |
| SHA512 | 3f7f13fa5557afbcb6c190eba700d8951e4db29d59740e66bcf64b9c5b485047dd164ef9ee9ae8ec714382c978405ea5dcf276a2ff9e4e3b8e18cb3dcc6e518c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 9c1e47a00ac9a956fd621eb29fb02968 |
| SHA1 | 2b59fce99adc924f1a75ffb858dbe2811bdb8032 |
| SHA256 | a2d98cfdb5f4ec7705050a81bfd9794ef9579233563589ffff08f081e77ebfbd |
| SHA512 | ce44eebc2441ba6dcb08e7fd06605afdb11cf79e65fe5a2ae9f339632fd0cca1d2a0948104c684ba885e6fc1cddcff160a4330e6a180fea75524d4907a94bf7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 760cd3d40f345d36f7facbc6511b5e86 |
| SHA1 | efaba60746570e85a5ecff762bb519311fba7150 |
| SHA256 | 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359 |
| SHA512 | 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a821830205b4a08ad14573ff9ba9bf89 |
| SHA1 | ff89d4bc380a35090ae00baed9fd6b4007d15d5a |
| SHA256 | b83b677495a0b6cb62ed4e0f3083686541d3ad2ab07505c6710a3d99c80e6ef5 |
| SHA512 | 7d326be702c1c60b81ef0b4b6fb5f1056b8146589207ee3d0a0fa68149f71086b31c9cbdfd2b93fc68343b20641612878a45ea6259e81b290ac302b88c4be36f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4915ffe4439c7a0f5c6dd48d624c797e |
| SHA1 | 21f11d813292f2077c424369b280438bf80d12a8 |
| SHA256 | d65961ca66fa259cb8d8a4d7bc1df818fdd771085764a3c1cf9ff74abb91c66a |
| SHA512 | e25a4dc0fbf6d207c111a90ad978698e8129b1b0e321da1cbaf8df4ee3689ad646f107e54d28ba06d9831a50a429b044c0f30b5cb3964c11d60680993e0fbb55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5485e93b5bf92609db4fa80e8b84545 |
| SHA1 | 52414ca96d72cc69267efb27827ea4045ab13f25 |
| SHA256 | b885ca8db19d2a166f0e05c38ecd35b91513b2f3c3f538f4d4620eee3f1ea3fe |
| SHA512 | 84358b5865131d4ac25b49964391426bc64d6481e26f83f866d3444296a8340ae4753390882b3b2e312e2648065fb513b5e04c6fa756fe53b8dd055d4abbcef1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04998d05cc358e54bc96e28a0e2f0d4f |
| SHA1 | c308418900f3ea27aae0704ca4ffc5ecb51fdc97 |
| SHA256 | ab40982e6483b85f4498e24a8a5bffff603f4ece087fcf5a4cc5814f15e7f6d8 |
| SHA512 | b9624e61fe38ce88bf1bdfd29a11329d45293554158f515ef031f72f25787e2f27ff1d9f4634ec97cd864c4e15641fc860e8d972076acfcf0ba1e4f8dda38e32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54d07db9c28ed3da1ea87a8c2302b220 |
| SHA1 | b04f72230edd90e98289f0f5d20f2ff9eff94788 |
| SHA256 | 01a2f1ea220525dc68376cbc4ed9de06b185e09775b3d8c3da52766cfc261965 |
| SHA512 | 3e2ecb703455e3b55700351e14d423c69588b975afc91ab816153f20d2bbd38a1d8ba9edc9c46266ebb6bc1d47cb944e36d9e241b06f4ca235fa8682d3f76ff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd47e3f71cd722492d52a8fb5364eff |
| SHA1 | df718fbdb54edf6564453c4b2301058b3fb207df |
| SHA256 | 2f727020a47d0184ea7aa39768eecb78b5fda1a3f594db3d3e6ea07eed745b64 |
| SHA512 | b6d67e6c53f825859272e504b13dfb6b70be66b42a74e790903719afb994174b81a35c00bde7045afecedacbae3d67817ea461654ea68de6f95668b8deaad43f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c3aa55a402df5ada656039378c20d98 |
| SHA1 | 0a5f4d79ce875e19b59727ba282018a57ef6eaa1 |
| SHA256 | c9b40b562b0cb4bf1d4fb61394b661cf09b56dc38af9d38f93491fcc45156c17 |
| SHA512 | 57f063b111eeabec58a215962c2ae084f4701848a8d48369ae5f8db6e4366cf3306e0dad8e17aded20605971b9cde73f0d8844cf8b297078ae4509cd758d34a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1d728b9dc66d2aedf36fc35682293e8 |
| SHA1 | a21fe983bed079a0a0b57f748a6d8cff3686b0fe |
| SHA256 | b6573c12a36570a32ac3a1c9fc16a1403cf30b66cbe84307613380fc94b31412 |
| SHA512 | 624f6c10fe3cd1418323dc1e2f666d96511861b8c2326eba08440a11d114c3535fc6e5794ad2d38f0c2e3d459d51d235b871e9dc92561c6c3af3856ca7c3e6dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 368966c69f5ce51d7c890b0a3f0f20e3 |
| SHA1 | 177e40fd09f344a1fc5d0e2c4aed383223744506 |
| SHA256 | 9214e46d909a8aaf69ac7f8d10039e240f43f003ba79b3e3b922c4a56b099849 |
| SHA512 | 279a5bf92676e99b3a1bef0b6836cdad95b163777564cb6ae9c1a83da7849d45e56cd51e82846b4b3d8d75e84ff2ce5e7ded61fc10b144dd828c5d6e66c099cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dabb671c1b3d8bfe3cbbd90b41395b00 |
| SHA1 | 19f6ca31f56f32c2c91c0673112420f533ec26ee |
| SHA256 | ac8035fa1c73a0f00c8f94159d2f8c56ab2034629c52e9f2e94b5b32d9cefd2a |
| SHA512 | 2e819af8019a219d3ed523f16074fc71a13ebe5d1e19f88bc6c6d2be422e14df4283579d11307cd7dc47c8691653235ac427123a22cc43769711ba2f78193ced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c412e6b1daacec66d870403e87ad68b |
| SHA1 | 1438544aee579d83a50a72b27d22a4a41f4d9aa7 |
| SHA256 | 1c483394d10824a81f99e6ad3fc7e3ab69a5e8e78e31255237b59069717de8f8 |
| SHA512 | b7790b1f17583beb58e26ddf4cecbac2f79e7d2ec5c66e46923f34b27d3895fcddae33fb39f255ff0cf9aee0b5ecffe05176c7739896b5833e6fffd78b4ad211 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27406faf897987eb8ce28efb472508bf |
| SHA1 | ae41c54a98fe2171618aee47898cea1f62b1057f |
| SHA256 | 18c3a7d4909e3f6515ceb71a27c1d3bb52f101fb285cda717b37f2931b075279 |
| SHA512 | e048c020fea08616117a282c6285cf56d098a851ac509c3f68545d9ceecf1f2db57d127d12464b171378e1f687b589a111a5ec9497278c7a2fa34d022df8dcd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0be1925a831db2c111d8e702f87b96d |
| SHA1 | 06e5689dcd8e4e5af5b53f23bc4a8fe3d7cd60d8 |
| SHA256 | bb357055a4d1fc391028c58fe086b95610ed16c4185e9cd76691977501f004c1 |
| SHA512 | 83d3a1ca9de3f18719f5fbeac3b6f31ef7ca62a190bc96c04e2779c6df75649431ab489f3576f5abbd4faa0ab3c52601e90f91b253920aa9e3741f2bec748bd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06ef56d888631af84b80c6d115119171 |
| SHA1 | ef0d6204c2a7943882b0cc67534b02f93f0fb89e |
| SHA256 | 033d3153ac734ca8d003e74ee28646c717bbfcd8259bcb9a34c90df38022d34d |
| SHA512 | ef484e9120fabeb2ebdf3fc8a422303131bfc24fce602dc8cada7c3e3764faace3dee356778dc8aac984f356e137f43c49ad17ee077893b6d09134b7f15df519 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c43cb89012d9659d9b409ddf802010a3 |
| SHA1 | ff22850caefae550d636327e688dc0f070c37995 |
| SHA256 | 68f37bad3d946f1663e644d876df2a630a7a141ce6af5684cb241ef4b7631ef3 |
| SHA512 | 6acaa4a3fc013e26de0c03f34b1ab53425de99e28430aa5b1ff2645fc03ab2e6b4be367c4f995cf894f4d3065fe2fff10d20a47b7aed40f8a8448ef6e6255748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeafb7b824fa699bab6eb45f63f4cc93 |
| SHA1 | 4ab682517b9aef97546bc1ff6c06dae3c62691e4 |
| SHA256 | 20554b6fed0c4c5cada351fcb479f76b1fc3ec3a58b44db0583b575c13b98081 |
| SHA512 | 435899a4fc3714dfa4f8d30749f761ece595a1dfa7c438eb52c1323463d17a11598b432a39c2167e5721e425e4b6eadd9fe2fac8309e175183f293f3591fca87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84ba4dbeaf172d34926f37552e060932 |
| SHA1 | e6bdf6ec28cc4d135bdb3ed8998bd1ccda694f2e |
| SHA256 | 924a6d8f5316309fd5896eea693ceaa66a4df978437f43d5cf0348058bb0626a |
| SHA512 | a3d92a39dc4b21f91b8c30d06eb563bf808d18e9ba5e4fd51b0ee72889362e25ce56e680d3252af2a92fafcced2b5fb49c5df75aa41b5c305ae7885bc0ab8629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df43a0dded76c09fd904446ec1e30df4 |
| SHA1 | 23b67fc5dd3f98071261da108b8361f9d5416bf0 |
| SHA256 | 2079ceaaf9787349cca4b1e628e2e43c9da7749555b371925aee5f331d060f74 |
| SHA512 | ed0dec45e97e6d36b1958cca5d48de23f16343209b3b0a49905ac13552336fa9374c1331bda0460fe17e4bc23f6bbffc4dba91d137331b76768562604916ad49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c89efef07e6b25e2636d94d06f9fd956 |
| SHA1 | 41db23512f08c8a01d1767090445b534d5220e65 |
| SHA256 | bb09c152c0b62f6490ff6f42126fd85a649eceeca3d0fd0feef596894dd6c4e9 |
| SHA512 | 529591c60b359c3601c0d35b9f5ba171a42b8114b90a2d4a1114c899973571de6b995893519ff8ed57e7f939e5292b077477e4ebae05a168894de09920d308d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4891411324f41d580d31015d125e73fb |
| SHA1 | e092812600522da3a063fd12aa8abb9aa0556f09 |
| SHA256 | 544a12a541e4af9c634976b01a0b733e0e89e58ff95fc7779579736b288e8aa5 |
| SHA512 | c2abe7d11f191b079f694020d78855b63d29f9e90133c430ac76df765dd1a9b41de0ec3848342a73f976badfe6ffb6c316ee1171bd986225797074a062d695af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ce4bdca0f3e61938ec89e1becc409cd |
| SHA1 | 5c2732bfc7e28e01d1e6cbb48a5eae60b8e43284 |
| SHA256 | 77b26725442fc5de315fb4701ae4e9ceb64770ac67f191257a0a94f8f31f3702 |
| SHA512 | cb583c3c4f24a97b2b6020e483ee5f40b59777bc4575106ce8ed2c0c34883b5fb12e0c0e6f88602bdd9689e3edcf3f7c9ee03a64d1ad618c1d808bd7cc12a46e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:15
Reported
2024-06-13 01:17
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a351db75d4e436104729b46f5701fb17_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccea246f8,0x7ffccea24708,0x7ffccea24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8509165356957539204,4440539232460199043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2932 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| FR | 18.164.52.126:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.126:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.126:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.126:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.126:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.126:80 | static.mackeeper.com | tcp |
| GB | 142.250.187.194:445 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 126.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| GB | 142.250.200.2:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 255.11.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| US | 3.165.113.103:443 | event.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 54.174.11.255:80 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 103.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4752_CWMGEWTSVBEYCNWA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c20f410ecb198742449d8c787a7e5ae5 |
| SHA1 | ea89e929954e632bad5a0bf6e0d916b3efdcdcd6 |
| SHA256 | cb363e5c58ff2b0d669ce2bb97f2a7054dc3018b770a550785901e5aef19d3db |
| SHA512 | 974f9edbaa8d4be24678cabef8eb2cae826418558cb949595347fd9dad948c471a043ff1a51dedcbfac5ee77378cfa8bdd9444c96d4f12a669743a0a2b3c3933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 882b39641354302e5f904692129d1db3 |
| SHA1 | 57d27c4d57dbfb50d0821e1a16950f45e847926d |
| SHA256 | 745331e2a13cb89544fdedae042e69c12078e5dd2256ad48fe3243f74a7623dd |
| SHA512 | da6af9556d435bb1cec5b5fa6e3d5ad9f1ebb5780945d6ea874c75dbe301a4850b2b6e7088ee95ff3e1821826e215dba51fd42f8126e9ccd949d2b762b51659c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ea10f507b6edbb15a097ba293f6a5a0 |
| SHA1 | c853768679953739c68c9207bd2c02a2dd87fa88 |
| SHA256 | defd67bdd6ebb4bc544bef71f673da11e9f3cc1bfbf4c06caf58d920886043d9 |
| SHA512 | 90f48cd8d08e7fe98996832fe6a41730c1ca861d0cfe553208e458033533a1b300d49e70752d4f126dfdcba15853db2617dabce48cd32f35d0f2b6cd2517e283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61b5a030943386b8c8630be1a906670c |
| SHA1 | db0dcb540964d7343f345f4f07b35d1315391fc8 |
| SHA256 | 43f8198c998f003b69f3b588675c55ea53c44dcc55f14be17309670f348c367c |
| SHA512 | 438dec6fbbd8dd76f953594a2e8463dc59ea3f9aa6997cdb4110f083543d725f396f149daba9e34ccf128c25eed78b1b02514145b6b7c00d084090ade6bd1325 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a1e9696f4700dd13362a12ba3c6d16b6 |
| SHA1 | 63f196283378738ce6333751ef0ec817d3327119 |
| SHA256 | 60c1706d0465eba253c0a56ad1ae69d7581e7f7d187df83b5fbbc415e97b79c5 |
| SHA512 | 9196946a56015ff526bee98cd23f0eaea9754618877ef04992a09fbd440d2663f00658c1b3a19fc9f7fa36618b97bdbec607ecb09449e0de29df4df59d5f3d80 |