Analysis Overview
SHA256
1b516790797a012d9899c1d05fd53a2fb7ac448bb86cf47b80880a613fed3684
Threat Level: No (potentially) malicious behavior was detected
The file a3567be88f0c0a959d7d2c333cd4669b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:20
Reported
2024-06-13 01:22
Platform
win7-20240221-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d88907eee55448488704c49d43785beb00000000020000000000106600000001000020000000912bff5b5e367280725dcac3c40908ef4f6a4f38b3faa371df35ced51d7e26b7000000000e8000000002000020000000d533033a11f81b0f5db7eca2322208ede821881379d6614cdc8b6dca0be3324d900000009d9f3e94e13a4514065bf26b825125783f8810cb2503600d8a33ea91766febd1eff87ff81e3c69e4a20291542af8a4c91ebc2c77ce2b1d8c9584d735e8d682fea4da42127a2c9f11a2a60ec8e85bbcd5865deb5ddae4c2a4848ef82ec0f2470d8ee170db6987afd3f79c613590bf83811e71b4527b7d7ea154296459a53fedcb3a435492f605a924f75ec30877b362c940000000a7d636934d580f4743e98f5d2eb1ce22fab61564bc58dd302f1601f377c5871e36fbb10ebd4877b389a65b76e4bfd3d454a9e637ab0184145ce33a29f6ac542e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DE8F801-2923-11EF-93CC-729E5AF85804} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d88907eee55448488704c49d43785beb00000000020000000000106600000001000020000000a4741737281a9535472478edf9ec6b865d9273102a67f6a256aa93c6fec78249000000000e8000000002000020000000e666debb9fb1ad958784395df81f6fdfd8c5ad4fcd49f09d25490a22fbfd9e4b200000005ac44606843f0c15c6fc341e49b0dd94cb668f877c459050e96fba04f6899bb540000000caec3f89bbcbf0fa63a8c702e53bab4f0bbf77e034a1deddd35b49cb32647dd15132484f18b61cca8127ff14c7de06f9fd36554910743c24039b571bbcb26c1c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403495" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09586f22fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3567be88f0c0a959d7d2c333cd4669b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 213.180.193.14:80 | clck.yandex.ru | tcp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| RU | 213.180.193.14:80 | clck.yandex.ru | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab31CD.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar32BE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6706d74c55b5da26c3fba647ba702fa6 |
| SHA1 | e27c03e1f0413112433ab4b43217f57cebc5eb1e |
| SHA256 | 193c3b128b3544016f77e8292b761388d54db97bb4b46ee67f6a63e648000a23 |
| SHA512 | 85c89c48404b34a638f9fd4b2c790bd5bc837ee09d33dea60c949f26068e4fd3f2b073257ea82493060ff560ede66068c7443b08b46723df5dd72cf8ba58c496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 003eb993bf03dffb80cae4f58a6e4048 |
| SHA1 | 159da4d4bdf09e8b91ce47475955365038671277 |
| SHA256 | 845f9dc6db8e1614cedc1c634c6d512f7a82350201509116fb99955b5fe80063 |
| SHA512 | 78e2c20528ee233a1d67e015d634947c5db9c65585ec9534f0388541895a4be3f8d66ce9e48635c59ea957802460bf1f9c507f7a5f864969e4e72898426214f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99f84d50809cbb0c6962b0859af21059 |
| SHA1 | 7fd493452cdc7f180f86c1cbd8eb508bd4239541 |
| SHA256 | e44bae5ab9ce03fb1e01abe8af9cd7c801396b828028ec17f816a7e4606d931e |
| SHA512 | 682d6e7bb0139ba005435ba33bc47bcf590229a6a9df624c1d073b802bea1c3e2c10d471d668587fbdf0ccae4dc77663a96826582caf5e8a44efd941754b08fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b290822b0bc49c635860f893c2baf674 |
| SHA1 | 52f9843d4da16a36d27937bff8220bc2e49fdaf0 |
| SHA256 | 1629f2f29d613e3d6ddd45bf3f47489e8070319630e4c95bc010de3c3cd920bc |
| SHA512 | 7ac5ce0b612ffdbb5c140d26313590775c0a929ab327881eb54d901674d90756c03d3de14645c23abdf4e81dc48464a89df6c7d80666f6f593552d53407b6fce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6688a7474c3173d44c961ad73e3bbc42 |
| SHA1 | 6afd802e013818e5a9ff8337c642103a666c0910 |
| SHA256 | e86c03965325439e63b1cdb452a097157c4adc1a8117d5081424f8a6915d595c |
| SHA512 | ff4b93c0316bb5578c0b0c170cc6d1184b788475bc60d439b4564fcb6cfbc73c2874916c66a7b86f3205ee832e3602a46adc26ccd8d0400c1a64e9b33a42a120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66fbdf60d5db92404d084c1a1b9d2a9e |
| SHA1 | adfcc872ee1c1568caf08dc3d4cf4663d588c025 |
| SHA256 | 5140418c92d901e767682742c4ff0b29be7b28da0234df0ba0b610a7db2f30a1 |
| SHA512 | 085012d5e034d772401caa3d17050e116f612714bb014dcc5c4b3da5b581ee59cae9526942e9b628695b9459564dbd6b96ddcbe074f8f8678ba3d9cf4303e87b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49b8fbd85669eacceaf33f4897d7f924 |
| SHA1 | dfac2193873043c53f57c2515ddb9fa7e2087e9e |
| SHA256 | 8cd1854047a0f0f01f50853c2ba07c7f1f87bc9d45523d2edf9b6fc678b090d3 |
| SHA512 | 0023a6104a1155435fd18f199a537704b51d8a539df3cc97598c6b442ba48fcdc61917a880f0da518c8517813fb3f39a3dfa9475935ed15df325d4bd808f3deb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b38c4c444cc10a6cf708a571f673e916 |
| SHA1 | 7005fef0233570eafd03c9aaba181aa122d742f6 |
| SHA256 | 3247eedf8c3418f222491cf3780d95939d7d57e544d7e3ae1239084822156c5b |
| SHA512 | 05d224eb4784bdc236494b254530556cc108824677120ce21912a6ac36e88ca43532f35c4d76c6814f0ae8ecfceabd3e9b231d8429cd497f2b4ef48b77e6a99b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8908ad9ea082b593ca1ae592e1ad071e |
| SHA1 | c34851907af6a833f304d9dfba68e017353f44e0 |
| SHA256 | 880d137973ba7c2bc56a89d44e81dbf7933a99f8876fa5d3d0eaff1c3adcc05d |
| SHA512 | fa63092489416e5b3fa7512ee09e8c9d24d7f3113733bdc42eb3494e9bf40807d3c5ef38ef33033dba6c3077430369c32a64d9b9bf3665785ff09b878bad7227 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f220f5a51e7375f9f84021130c984f7 |
| SHA1 | 4155786d5441c2071d0268ae22cd88808e4e9db8 |
| SHA256 | e41a76836b0764d44b962758ec3cdd8d2785129d2a52582ef8638028480b5f4a |
| SHA512 | 2e6dae0277c495a66119f315462cb4753db4755782a0abda1a6588423677d28957fecf5418d65fd68206ac5cd434d3aa8f6362b588f9894e19064eff140fa0c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a34a0cc215b5521fb8261def2461fd1 |
| SHA1 | 05212d8e6a6adc10e2c15c0b3ee5e26ef78ccb39 |
| SHA256 | 3abf771e214d4baf7c9415f08cd1039ea5869718465c5be34b0bafc364fb43bb |
| SHA512 | b17c9e272e0efaff10ab62d72723fd52b3a59e5ab4284acdc62b8ee4eb554ad8ea8fd1e58e96d7e37fd59114ae0208b17af437a345c4e3ab3ae5a406d147349c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1bba0b8c5cd6f5a610dd5a65af0eba2 |
| SHA1 | 7b078cd503313e93d9149b428bac9008c1274efe |
| SHA256 | d4fd07a15b6f12de2eaf8423d527af60cbc71fa46de526086bff59377d287f9d |
| SHA512 | 301074393a727e1b00132694c8091f22068de92826e12c18152cc6fb10f08422c4432caf3d43e09a76a80624455df1624dfbb8608f9f4019fe03d779272489d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b41ae749448e4b141c197f23bd14c1dc |
| SHA1 | 82f87cfe81bbb8a7896c68790871e259a0acdc0f |
| SHA256 | 0e62589fb07d0fd561df3b8cc1a11664b10c9790596cf902cc55f2898cd14383 |
| SHA512 | f1f4d652c236904d5dbda88677b3f6ccbbe51dab937a1454b0e8a9ea9307f3fadd55f563b3eeb6f5a915585d3161d82f57b94d417d2003a0f6a142e1fb7415c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e26490a238c8c7b3f131fd3a3ac4a634 |
| SHA1 | 05d30ab574bb3b896ea25f615e252b8307e65bed |
| SHA256 | 55b610319f6255cf7f68c48f62775c63cba8df9d9e2668729c852f94564daeb7 |
| SHA512 | 17f6469bb99d1ecb14c7a34e562b58256e4d606f0c4f1810541892afb5c72f5bcf08f402caf0ff1bc3039dd75a50d9db100213e947583b3ab39c25a37761b4ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f4ab44279bbae3d797aa70413fc4ef7 |
| SHA1 | 7cbb0bad8fa76987efce1d944063f9ec5d9cce53 |
| SHA256 | a41c402cf616d379b59a2c123881d99e174391e87c01ed20c25a7fa8a57b329f |
| SHA512 | f73e8e59951807da2025642287496faa5fa98895bcff8b3d2c65fc47b0ce393d5dad72e2c58fca1eb4d2b7375efb535616b989f96fc0be2f99a236a1e6c153db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d567604c99b4aeb5a0067b34b538f7a8 |
| SHA1 | e301b519508f6c017cc001eab8ace5f9f5092cc9 |
| SHA256 | fe80fc7d03ec6890b2215e63132bbe7cfa331e24746891be2c8cd38099d463aa |
| SHA512 | d51d0106911c3d0c4273618623f714dca42b1158e075277634d87c2ef66c0ef1768bc9a78a016974abca983e250eed159f7514564c870978bdcce19e3e48126a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e59315482c3ed6edd3774c32c1c875c9 |
| SHA1 | a62800343cd4681b37979c322a429a758fbee84f |
| SHA256 | 1ad29d4143c97378c72cc48ed0770c8ceccd0bed12b9f1bb9b8292d69a436db2 |
| SHA512 | cc4a1a115bc5cbfcc5d429f2ea8dadc14459a3fd68e137cae628ae5d28ff8d64934d23207f0a2a6389f0d78ba5d449b8cb458976ec85c8684209d527d33add72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2444884d3fd83b217a299af56ac25f69 |
| SHA1 | 37884fb61b190535b609442c59515e4e1f44a192 |
| SHA256 | 5169b83d259602c71442d8e95aea7b2ab20e3d2578ecba231e4e7ed52e3e663d |
| SHA512 | f9e92812db7a20abe7acb35c106fbb50d6702c376b4417261eeb239526f3198a5a893560d9631df8bff232aa876e463a87c5cb5e572deab58cd5d2a325a36b13 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:20
Reported
2024-06-13 01:23
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3567be88f0c0a959d7d2c333cd4669b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee9746f8,0x7fffee974708,0x7fffee974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5254342394440143121,5609857326385098870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nllssedym.narod.ru | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| RU | 193.109.247.224:445 | nllssedym.narod.ru | tcp |
| RU | 213.180.204.14:80 | clck.yandex.ru | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| RU | 193.109.247.224:80 | s202.ucoz.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | nllssedym.narod.ru | udp |
| RU | 193.109.247.224:139 | nllssedym.narod.ru | tcp |
| US | 8.8.8.8:53 | 146.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.247.109.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s202.ucoz.net | udp |
| RU | 193.109.247.224:445 | s202.ucoz.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_4852_WDIWPFDHBBCCPMIL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1eb6e2aecea85975aabff9ed4ed1748b |
| SHA1 | d30725027d7a89009b4a335e0ce985d5d2457786 |
| SHA256 | a0fc30389b4de7c1913568fd465a827a4d64fcfde33d086ba6b744f59c71b66f |
| SHA512 | f08cc0bfa8ed016fc0424a086e17d701f4f89058c6a409a87dbe563049b062b7a07fdf5fcde6f635eda8e45279b7415191e80b9dbad09bdb71082c195831748d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aefe5e9fe4d4eeef37a5288bf1f92670 |
| SHA1 | 9c65d3f68f6b8a158958569dc7a168435c652705 |
| SHA256 | 04bdae96db8f72e24eedfe8445d3c3b1914a1fa9d166c456aa413b3c37348654 |
| SHA512 | 8d65fd3c865759801f2e702eee2ed27283d8b94a9c279d5dbe841e69ef7d44348203037ced4152c0d96eddda871bcf523c85c289ef092daf16b9be3424aa026a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0962d0a60a7fc133e56125677df44f2 |
| SHA1 | 631e35789582c9a34eaac35b1856f78cc9e8d577 |
| SHA256 | ad3e9253473ba6565a7ddb0b734ea7f1dd51c4406a59263235a78ba5462ebe23 |
| SHA512 | 3847017f1eb150579ea0844d10b91df3022eaab01366fb5773a1536292c312f49c1549fdc9f1c22dbd2316fcfebddd954191c6d52f6b9ef2291711f7caf04c4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c92b368e917f88fac45d8a8d6ac9361 |
| SHA1 | 4a480bb7ea70438ea286228c7aefbd0a3fee38ee |
| SHA256 | 43d54de099a1b1519f94aa822a1c74afdc5dfa7c7188b2443e14adf7347bdbda |
| SHA512 | b19fb472ac10cdec893280dba43c3e37247e47588da15976161e8ca538c40084aceafeffbacdd198db58834de4aaae8467b58aa6c28c3cd546c9bef44c8bf081 |