Analysis Overview
SHA256
27a26a4f00ca1eff64e035a9ad8058f310cabbaeecfc1784699379a39083e661
Threat Level: No (potentially) malicious behavior was detected
The file a352d1eca0e4148ce129ef19306a57ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:16
Reported
2024-06-13 01:18
Platform
win7-20240611-en
Max time kernel
131s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D064541-2922-11EF-AB3F-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000051736473f9b704c56bf478492b2b7687fdd2b577d0379733dfe6f5cf900ffd3d000000000e800000000200002000000025a7b232ea9adc0826a981debd60b9c899ed0c9636bdd5e6787b22526e3e3fe9200000006d60f2975812eb8efc5120503f1272b1cdc16c21bf98976a9c3ee930ae9869c740000000962e648c766b2b0fdaaf75876fd5c961ac412abb453416a3649270d153d00f177a9e2cdb6f18edfd48f44b1f30b7427eed839aeaf287cbc5a88f9349eea91774 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403251" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10222f7b2fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a23373c6b317341fa4bb503856bb535804a634060432429250f5ed2442674d99000000000e8000000002000020000000749ceeb33ea663dca22509081b25032cd41722f4de5282c029dc3c89be0ce3a390000000347312d641ef7dd116fa82c1b40e50db2cb57d432a667ae600ae63ac82c46637947b3e306552caa975138859d526bb50eb6d5aad545dd842406648277ce043b17916bb6d7b277a8bc7479010c0c0ac704b33ca3bcb625b0825d874ab8e00b636fb52edd270d514b289dca692835be052f5b2f3037f3a287ac5599322f3a14a95408562490c8f4fe781f8f4759f0977c6400000008dd02a4481df5bca40d2c854ec6af7725151b9401b6e5aa72956010e8a5ecb501d33d4584544ff0db0219b638231571508c6983cbe55f6ab484d0c7c8a9eaddb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1812 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a352d1eca0e4148ce129ef19306a57ae_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.webmarketnigeria.com | udp |
| US | 8.8.8.8:53 | placehold.it | udp |
| US | 8.8.8.8:53 | webmarketnigeria.com | udp |
| US | 172.67.186.216:80 | placehold.it | tcp |
| US | 172.67.186.216:80 | placehold.it | tcp |
| UA | 134.249.116.78:80 | tcp | |
| UA | 134.249.116.78:80 | tcp | |
| US | 8.8.8.8:53 | www.placeholder.com | udp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| FR | 18.244.28.34:443 | www.placeholder.com | tcp |
| UA | 134.249.116.78:80 | tcp | |
| UA | 134.249.116.78:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36b91a125c61dc961aea19c40f6a08f4 |
| SHA1 | 8797a85d1fd8e0b76e95097524f52ce208ada869 |
| SHA256 | 7f7e898e3e4f9f10213dfeec4c747c48c66f52f00aed833a19bb2c285d386442 |
| SHA512 | cc5c6732174a2fc6e8e2fff97b46d8aac7ab6f16d5133076341d0da2243236e4a343281345a27a6fea3f2a52a65c6850affa15219bc83bde3cf71fae48f5719b |
C:\Users\Admin\AppData\Local\Temp\CabC97A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC98A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6af3b9a51fc42132efbdfbcc8a767be |
| SHA1 | 435019f020d5f85fbb45b563eb21bc3d67107c78 |
| SHA256 | c8e609e348cae72f3cd3c31705479fa048cd0a881ec9f6e3883eace3f7315f2e |
| SHA512 | e479a0725615370b2aeb9ccd91f2ff2af283dd4de576e71c5d49bfe59d035845f792765f9970a2d3b800ef7aa9f6277b9acd935751f65bfd61797241351ea96e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01454fe8006bffc2aa2fa2b0065fa999 |
| SHA1 | 1942d808c0cbe79ae8aa2759e5271f6979d8ce78 |
| SHA256 | fd2096fea279b3e9e17272fb4835b4a3a34cc09578d2ec9e28ea581190205d18 |
| SHA512 | 87ba4e171402bf15ecb18b9107bf7cd55372314ab06444f8730813d73d15a04c838d0be1c6baf8ec25533e568480a2834daefd862dcecff79f32deb094590b98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f71d27ccfc9beab70bb03418fb1e275 |
| SHA1 | 4e5ea50cf1e467e0d2f558beb6cc3677f8ec9c97 |
| SHA256 | d87c1f80cfa894af3ec3618472858261266923af8233edfaa585173736b25076 |
| SHA512 | cc827b47df4745e9a621443b2581bf185a34e4ccbfc86ff721063d91e2673aacdb603691e8ce0ec99c6c33c40f72bd119830096a9dc0f5e78b8dea64acb90d83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b95bc71ee2364321d445708efb73370 |
| SHA1 | 6c7e0d7fc83287d979f92c1fdfe43476c9584c2c |
| SHA256 | b539e9142ac4535254f900b94d0ae6de4fc57e6971c9f21a0e473ed451500079 |
| SHA512 | 3c0e25f8b831e3d73ddb788f385ffef8145165adf6a7048cc24d07be001755d459e0c953a6b7dbd4650759863fb06d6fe73e76f2c635244037f28f60099a50e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e36be83dcebb66d67f4943b6201bea7 |
| SHA1 | ebf0e529353193bd9ddebe8f051783f504ed478e |
| SHA256 | dea054eb96216b50c0f188529ccbf15f3a4e53b052cb65f6dcb1d9e3b7651e5e |
| SHA512 | 1fe1824d96a9b343d6527c1b944f2cab9e97d1ad161485b3f922b21dba4c8aa42d85c92d596055c55d648d07e6dbd4a762a91b008457d9fd0c956beb8d45d6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed682811a2896e15322d8b20e77a565a |
| SHA1 | 826c9dc1250bc16cff3c0854a773978ab229d3e8 |
| SHA256 | b66eadaed3e8374575f81043d040d69707e7240629433c5f4fcda3529bcb7831 |
| SHA512 | 7f912516e09e4e6e150d1ff790f70866769d19c66aad51bd0b605c9c067e05904b20e46835da9be08f1a7c2511cd59bb114a21167e930849cc60ad1b917db77b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | febce6beeadb423b33dda38b36ff113c |
| SHA1 | a71c5ace0758c21e44b2f21a0fcec1c8913fd9c0 |
| SHA256 | 65fff58f2e7849cd3892959336ce1079de47e52902638cdf18a52efb4eda39ec |
| SHA512 | 471227b90466a515916352eb169936434d785bd85759995f5f51e024a7f51ac5592c39b8c037a82954d1c04487e9de964a80725d77a60bcd025168fc0ef07e7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc49a62f94b0cfb8016fa161e68626d4 |
| SHA1 | 2573e5b5d6e0a024379324e17c89ef5b18e02cd0 |
| SHA256 | 9b225673b155df1c99bcf8eb0dd0b315ac0d369a340d7aba15f8d0cf44470b22 |
| SHA512 | 34fd52500646bacab933219c51951ed85f2d9b60ea21d4ffab5713a303ad92a76d9aa7d90c593a31df048d695358af060e4826c4ded452923af7de10bb6ebdc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e5056af257b58adfc7c8b7d832cf796 |
| SHA1 | 3fc3800762ad8cd686ce60ec71668b80d5130ecc |
| SHA256 | b8adff5755ca42c71afd55469a5555bcebd637b50e023185b5aa82161a4119f1 |
| SHA512 | b5415fa76a89281edef90f3fecc9535beef7fbc6c8b1a271424ad3180b1582a6a73ea6ed0c4043810c7da1ba064c859245aca43c6b4f2cd37ab1e7460cb3302d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 809d054072efcca929a6e7f42a7f49c2 |
| SHA1 | cc92097e3cc7447021dadb6d24f1b4c5c1a054ad |
| SHA256 | e2d7aee7e4fd0b343eba5cc82aca7a7351034751a45f73e3ad8ae315d13db89b |
| SHA512 | f6d8901237ba42cafcbbd85fd92c23a06f21429acafdeb58c6fbb54ca9810b748fb1241221f854b42896b646ba0ffc627b101eb133715be6cb48e0775136e85c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 777399efdb8ea653b2aa829cceb09849 |
| SHA1 | 11ce6e01ba2c516e02d499852d844ec30ec33a56 |
| SHA256 | b56119a5cd5d84223d538b40b55591ef1f7a6e597a7434e5c974e669fd72ef80 |
| SHA512 | 93fedf887ee9164ddbbbb11683f733866518ca5eb06a4040f54d7741b746709856ef49081f79d9f943008ca16ec7dc585a8ab433de310257201f87a25771f224 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95185ea0dc5dd6db6b7817f4cb29ea3 |
| SHA1 | a5a2c401858dd9297310f72377c709fe2c5be21f |
| SHA256 | f9dc3c5ed63a5429a1bd442125a7b22d4eac8eb391e1ae37a182dc1c8742e58e |
| SHA512 | 46df0e39dcc44f103582da486253a453b4ebc0d5ebe462e86f7a7c397443f3296659db70da5bc8e9e26b890557d3cec30d24b379d806beee34b1bdf283317054 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84e1955947844469988b6cf3226359c |
| SHA1 | 4051f6b66d17160c61c3e29acc832e5c6e0fa92e |
| SHA256 | 8280eaa2b4d67ca7d2bf4314a409446a599e12c3c72e1f82e73b7606228d89c1 |
| SHA512 | 71e4908a87b60b3d436aca02b9fc90f6b567de29372f0f6f431dc380b13b67b02d21fb180f5ac446be67094171bc5f9e44335ff0a58857ecfa3c8d2167a4fff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e58e557dae3fba1a2bcad15259573b55 |
| SHA1 | da33d486d9f6b4895dcae45a2af0a39d61181285 |
| SHA256 | 0bd6d430c86f5c1660bb3f5275380d1cef9cc2c0b7c1bc5cc5e43eab1b86fbfd |
| SHA512 | aae80575fc263d705a7f09a375f245f39d31576d2a9749e1735cd481ca5899a11f9b8ae4a308e4801ceaba294806f19ef2d45f63001fedc4c65dcee6ea06323e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb30a3f1a54d00e6a13bd2e7bfc80217 |
| SHA1 | c3a29625a7cf46feded9f7d8ededac247dcbfdf3 |
| SHA256 | 1212a16983752eedbe2a2bb0ceff6b8b280c76550194bf7314f2444d9f31319b |
| SHA512 | dbd156d742f9829a60a591d9b3cb28dbddfed8f44639ea22752ea22fb88cb4f0b9cfc931dd1ece09d15b866b272631933a7a5bca831107117187b5f2d04d6609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03a14c6f834554266428d75d2c646a3c |
| SHA1 | 8dbc0be1fbc2726d68893e4d899fb6be79ea876e |
| SHA256 | d170da079ba8f439c85925bcb04ee76839de51b6bf34841f9f50999e3098d5ac |
| SHA512 | 70a06fd717089d5f00a46b0091080999b1745a3af394489b653f4c7fe164d9a5c72842ea081bcf9fd71c3ca242645310bf6dae08b97a65ec93cf62dda25874a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cd94e311071495ce529397ef559fa3b |
| SHA1 | 7266dc761e9a6e341da5a9213cc479430fdbbf0e |
| SHA256 | 4643dc29447a793aeab866a872058f8a5f694918eec9b3a2fa80078de3b84332 |
| SHA512 | 16e36c2d5bde99ab8f47dd9e4820d712539461f6a64bf6d01b9eb12f78726cc3a26be7a2ec4dc4a5546a275e6389106a0b6be5d4e35792ca3d2836190e620818 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 954d302abd744a51500192ec034b4f58 |
| SHA1 | 1657e707ac6ca00492b93e1e9e8044ccb95f169f |
| SHA256 | f16f537e7b8e1444ffa8873f957000025d81da34646d4fdaeb43557df6a7f2a6 |
| SHA512 | 167b23c0c281eacb9d3bc253827c8d9c474b43f573afd1062df605a2f0b9e33b33f1bb2d0c6f46618b8af7de15d95d8060f88bdaf9144c5f11db107b228278b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 127773f2b5b8469d04ecaf2cb72af2aa |
| SHA1 | 033a1022f13eb2a172a59e7dbb727d9ab22d77e0 |
| SHA256 | 5577cd3108d5ca4f76b2e23106060aa53976283f5c454c0ef7d63a7b1052bf68 |
| SHA512 | be46533155d5b71eb90b841b86c327d362dc80cd0bcb57c59ffbaa40749f507e8ffef0a37509d3d319bc424b2c823cdba2e9d10a59f0ab8d2d82a5151132cfa2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:16
Reported
2024-06-13 01:18
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a352d1eca0e4148ce129ef19306a57ae_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffad9b46f8,0x7fffad9b4708,0x7fffad9b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8868856650073495839,10216875205669903306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.webmarketnigeria.com | udp |
| US | 8.8.8.8:53 | webmarketnigeria.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.webmarketnigeria.com | udp |
| US | 8.8.8.8:53 | www.webmarketnigeria.com | udp |
| UA | 134.249.116.78:80 | tcp | |
| UA | 134.249.116.78:80 | tcp | |
| US | 52.111.227.14:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1948_KGECSJJXIVKHCPBL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22ff3431629b0c6208eeae604eeb4de2 |
| SHA1 | d897af0863f530c397aaf0e94f742274c87094eb |
| SHA256 | 94910fa38cb38b57c4cf76a48f1bb262ec1da1afa9e76e9e2dae10a8e9aa3276 |
| SHA512 | ae0afbddc00d4532c189689982c2df6cd13bddda92f243d517ddac2b4b5eccfc48129cfe1f1418a01f0d165dbf31075e72640c3ed7d3ea161fbb0ffd72feef43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1bb8d1b25fa30b926504b3371d1bf924 |
| SHA1 | f730824228d6bd6b97a9be3f2d8c0aa8d9e6a44e |
| SHA256 | dd097c5f91a117a1341471a545746dcd45c0fec8a84bfea817d1734cea9f597c |
| SHA512 | ef13dab655cbc4a363005ef5cd98512ffc2605684b172022999791001ceb4c7954398ad01ab99f5ca7be777a54f251b1132434c94435e7c061baa5dc00efd816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |