Analysis Overview
SHA256
d5a3c6704c94568f74917787ca705fefe5eb0db39e41cd3acb12c593f299b217
Threat Level: No (potentially) malicious behavior was detected
The file a351de14a88699494974a9359f3b1214_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:15
Reported
2024-06-13 01:17
Platform
win7-20240221-en
Max time kernel
133s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02dc4362fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f6a470734273a4f977654f7515c9e5d00000000020000000000106600000001000020000000976b2d194247f24dd59b33de1f3363fb5a6a20a05d5edb39af4c06584806354c000000000e8000000002000020000000a82353a6e6b41abcdc93cc58d06922f9f66d5e9a46f2795fa9a1a3d394d7f76990000000fb286edfca22a915f22b43e9ae2264dd1dd59a50091ac12377f3977500872841caeba1ee73439e4ad7eaab919066a17a493e56ff3fc56c17da1df6955c333fbd965535a89b756470f13e7ca6f15d8e52d18e299e99ed1026429cc9305df2f6ac7c1a298ca4d10f92123a3cd7ededaf0ec03d00eda4201236ffb2cbf5467cc78f69eb7868f2394ec3f02ea6bf0bb5aa2040000000f456c49cd824557cc63fcbed11fa5c4c464de664a9aafbbf7115f62d808c99fccd12ea3504bd05fcbfafd9883284f0078ad4f63c78ba8ceea2fc46978375df29 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{621E52A1-2922-11EF-9387-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f6a470734273a4f977654f7515c9e5d0000000002000000000010660000000100002000000029bb8e8ceebc20104de21a1577e60c6b68d5f141c4c94fe8f05fdf924c50e6a7000000000e800000000200002000000021b5fc2756d7c09e9679bcaa0abba74c2cf064b3d44215f56f68ec9dee3396d820000000c14c6c11719fe68a331d0cae916599cd2ba0e5613f5c4948f858795d7912e39240000000a597ae59b805171c0f3591aa47dd204f1dd8813c46a6017bad56458620498797cf176bb07a6e5be3e277e29769d952c9e954d5ba026af24d46c811ed702e9ca1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403180" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a351de14a88699494974a9359f3b1214_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2BF3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2CC5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b39589f178b4f31c53837ea1d1150243 |
| SHA1 | 63ca2d3b1621286b6217fe4d7f612f659e4ef87a |
| SHA256 | 05a5b70c4c2db7617efa882950f602244eb15b08f088cf57dc5064661d613b4b |
| SHA512 | bb07fde9dce6e55c7e1cb4b26bf92e80aaa055b8989374c08bfc9937d47ebc34ca616a6484231d0ef9982b50994f5b37a7f591ef98d24d182fd22aa68c6c0e48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4b0c239a88cbd1922fc7cf46d9cf633 |
| SHA1 | aea3e41dd7e213b821061b193895b288590033a4 |
| SHA256 | 180293b12cf6a414c3c967456fbbfaa40292db62b21d941d015d905b233fb191 |
| SHA512 | f221c3f5895c543527444e7630a4bb80aa569fa1a63aa191692afbd6db38b5a762d2d76e70786e12c3c4f07a9ad70a4e15d6a37f3886390986a9e191c014e0d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8ef24d58e77814c03d1b2b3d395778d |
| SHA1 | 060614e8a270c7fe717867ca50b2bef14c5b155d |
| SHA256 | 7f73fe6bb90d8c5d439806ecdb1f65e251d01111b36f5fc96630d312c8c27d20 |
| SHA512 | 73b8ebe7b7fadf06d1ca8172b720c5636379f17a089af567a0fc77338641f8840fa2c12c7f4cd89539c2b7334b6d7c7902ef2687feb25e4a7f8a212ceba1cdb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eef4a1b7180c49331979185e2259ed3b |
| SHA1 | 6a758681f871699dc34626cadff8a7041c411217 |
| SHA256 | fd2e1d658237d0c5dd7b10e577455c971b2023a7eb886052be9f81fc85444518 |
| SHA512 | 75f70e41c6359e280e373952a44ee0354e043b57d3f939fe7fc1a6cd7e0e55bb47669dae8c13850f5d82ce60d7173850f900cb5f70cff44879e80b01a63dfda0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7d7d78cc005d8035e585cda89b706a8 |
| SHA1 | ee53a8c10ee2e25cb35ca5826bf772ae8317b291 |
| SHA256 | 63f76c3691de621dd21ba9314604f3c74b589d1dc15fd6baa8e840aa26a8c023 |
| SHA512 | f6b7a3b89895f4a80693c33ca246833a3babae7c3927dd5d59253d5f05af03024f87707b842c5a82ad239579252cc2a3c5d36e5cd573a06a17e8d85bdb1a3cdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec70f9d37703e25895202eac6882015f |
| SHA1 | d7e530b396b02b09ef475e6d02ca65e2408de852 |
| SHA256 | 74ada36bf1ff47575d666077c073e13ca566361356bd1e47c9e4a7922f9dea06 |
| SHA512 | f4dfe0ffce7fb76d92fe92ef3bd272c1c2cf32a238a43fd3a72c19dc6d87781e6939e2775c7113297a860e08f55605b14a7a7352f4ae60503db1e2d60ccc6811 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d5792939e9fbe089197b000b0f3d172 |
| SHA1 | 80ac00136a4c0ddfa83e41cfe8a6577b7ecc1c03 |
| SHA256 | 61d1611131c7d61e7976b68f4ae4b6305658910bfda9a06c1969777510bd833e |
| SHA512 | 40a5e57ee96453bc2fc3f429defd8d2a0da4798692f7255848edebe72a44ac85cf4c6a9a44cb73bf8c3ed60ff59af5fb7f035613bbcaa50e28d416be195cf94f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfb62b9d3da6def4d4ef861926d982ed |
| SHA1 | d6175c147cb02ac1c855f622731bc45152f7bd39 |
| SHA256 | f59adcfa137105374a481288fabe4d3e4c367909d58dd128ca19b5b6cc469185 |
| SHA512 | 3068444e5de404eb9514942454324f4cd25acc7b0a53957d69e715c7b6c58bdb5d470995fa8e69b1d19f707ccf71cee4ec9004e6e1099cbbde7bb7211fd0d770 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7402a16dc54b3bda1dcfef045e59e2f |
| SHA1 | 0aab419dea2d3928d38d8c667a49f6c6162fb916 |
| SHA256 | 527974f4d9a56721c5b9e35236dd81f4e8e1e617c495f330dc5ff181799d3e23 |
| SHA512 | 9fbcd7586815e6914ffb7dc26f3e4517f719141e43773a7835a3026723219307b18cdaabfe054739c90c05bb58227f8013978c3f456373b704f4f78f6b5c89d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad27414b29d9ae293bfdb093e9facbb0 |
| SHA1 | e734225696b6dfe34dc1d176151129fb201a7042 |
| SHA256 | 20a1edf223396df82fc8879ecc9d28157e83eb512b0b12aeae0792ae9d40f91e |
| SHA512 | ee13b8a92577ee670235c137e9b9fddba8ad02cdeeea65930b1052eeb4b6f001a502a6890207101af19ca73b0f2dac83b4eb38538eb29df2e48c817d695acae3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81c3697f738816ac9c66bbcfd3d321a6 |
| SHA1 | 68fc2785d7f93e8b4144f09aee5dcf1fc9ec40a8 |
| SHA256 | 44672f6eccab6afe9ea5ab4832404a647dccdc83ae7d213e0bea62d6ef107e0f |
| SHA512 | bd5fab1a4383890b53b379d52f674a4051ddd86900cfd87729b16ce9f83aeb527d1c554f2a1a1bdaa392d65a8505efc1cdfd59c01dcb55098e9b8f0023ca9988 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a26cc1b3a72e1d88e09c34fa1ceb7fcd |
| SHA1 | ab39efc16a0d1b7c2d0f0a69f5a7f38cf5a69bc5 |
| SHA256 | cbd9dda064bc69051d5ad2df967e48c812521fef48942613c24c64cb8c3386cd |
| SHA512 | 70ca2489f7d30ce84fb0031a6cf8c631b99ae9c6696e476db4f2f994351ec8400bc725910ec0924a2b7b68e772f5225a03fd5c80e12bcd7d8253588ea951abac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5db897d826d6244f658f98624ee4c016 |
| SHA1 | d21f136b1aaedba95f57f05a2312ec9117372591 |
| SHA256 | c1f2e1789729de2fd095b8b092c3f151450b9827803a5df553be91c3657e8d62 |
| SHA512 | e87f78ce44c022b02d3b0178514b498cde5cd4a74e633721d486164ecb52ee97f60b6c4e3d6db75be869919aa093c0dae7b7604bae69950a996d213ecf10ac7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba6a4f15304142cfbd6507027b2c4df7 |
| SHA1 | 5e98e3e97ce31fe7ae2bd94e2b7a0bee649bfc2b |
| SHA256 | a7e42e104ee7605c6453eddf9ec5582b475d04939b2cb85dabb7196a5b61febd |
| SHA512 | e7acf555065fc4e10b88a6a6d0df4387aeaf8daee86529386240020140e437dc07ffdd34b871a6de4fb22f0c652fd689733f67c3d408c691e965af688028949f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4816b25f4e1720db7d9fc499e65fe4e7 |
| SHA1 | c8434433e6d00d306455ed5bed8287963c165a76 |
| SHA256 | a36b28c758b38b4ee50eedbea03f8a5b860f88440d0c574df122048978a15047 |
| SHA512 | 6a062b86c9e483fc4497c9281483b3ee334730684d0afea69399a727cee6a662703622c2f12655dd543d5778b69baba7668984ec6472d8732be18df38764dd48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d54f118b8f4ba530e6f7519520a7bc |
| SHA1 | c21f18ce3a5869499a82888dc0692c0b8d11fa7f |
| SHA256 | b42bda6f8554c7c6ebebe33baaa3b70454887edb89c072dfa1211225028f6862 |
| SHA512 | 530cb02a67cd00e887cdf62d41e37ea196186d271225dd623ed87f47255bd3152a6261e8fc4f3ca0aee0062b92f36b96a6622972c19b28eaca8c856cc6e60a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 902c905d0d56d0c6343102606ccab6df |
| SHA1 | fbf3f8ed16de744aa3b1587d93dc8d5482e61c97 |
| SHA256 | 9dcebb0829e042fa717cd7b8f0059d77aea5fb5088f4852430051691fce35a38 |
| SHA512 | d448ee2a082c80befc27a4169c99d4c891b17f502757b3ddaa8e9c1fa41d81c4e63be32d9361cf84ef4ca1ad0cb1ec7cd21d17c6db038e9bff1fc2a6e0b946c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14fc6b80f8b5b64f3ec767f2f2216d4e |
| SHA1 | 4886366b812b721b3fa67a6ed8ad2b685ccd1eab |
| SHA256 | cc1a71f4021a5e2bf57ccf0c3f9243cdc4e59107bce71e41cf51fcbbe7d20fe5 |
| SHA512 | 480c0b147bce5f2c1a8abd7fe12892614601f2352dcc85e9736a33ae800211c3ed59544a8ca85bd6aa435a8e0d084e84bad5dfa2c55cbc2b6d92596e32ad894c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c40ca3e67e90e27c2fe93607605057e |
| SHA1 | e0aa5e1095ce4a168a2f7bd5362bb21bcacce59f |
| SHA256 | 15d15a30d7d8735876c2929c4246f3e95088fc16b5144c1a72d97ef2773cab85 |
| SHA512 | 4c86dcffb3a3a5e5a16430bc515c1f683e2baab9e5bfa67f37865eb9a5bb61b9f281c98452ce1be261ee583d1fe954649bdba14c42d31555f57736a81539be94 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:15
Reported
2024-06-13 01:17
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a351de14a88699494974a9359f3b1214_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb884446f8,0x7ffb88444708,0x7ffb88444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10905190735578780993,6906797162615478278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_5104_WWDLZCVRJVLPNYGB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf04ae14a175f2e80c43c29befff1e8a |
| SHA1 | f89f09ef03aa7b7bc8bc51e5207072fdcad8935d |
| SHA256 | 40ca97b97bf7db1358953d27531197bf27dec9738f9e251e1044d84c6211a9e2 |
| SHA512 | 70bc4b31da3cc71ccd17cf5992f56d3ecf53d692f87bc261e9c52fdfd79f9414a1169ce6e9eea8342bc2f3dbfd1b059db99e57c9e56976bf4634770d838fc021 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0d146da28125ba1b418a592f4876f5bc |
| SHA1 | b3ab20f66e3630150376a7a99dd434cfaaf0375e |
| SHA256 | 7ea893b60da3d973abd0ee98dcb7230f8d3536ea88b353292968a134421b3064 |
| SHA512 | 9d5b66be18de2b46322a54f0296b9e0857192e3b80d6c2fa6fafa9f095072134a86a866ae011f072b36cb3f905d648c159c207608bf32cf93a5592e02a319011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |