Analysis Overview
SHA256
9566c1e6a9083f56c0720a34bd8224478871371dfa222c7a0ced5c7b8f7517a5
Threat Level: No (potentially) malicious behavior was detected
The file a357434db77dac116428de0b77dbf389_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:21
Reported
2024-06-13 01:23
Platform
win7-20240611-en
Max time kernel
135s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8630" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9609" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907adc1230bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000089b22c8152e642193bfdc8dee601897ca8b9eb3c98e18028e60da84bac5ca29b000000000e800000000200002000000034e58f4f90868db6e17ee80185d54ba70070e9cde8cb2913a01ded7d0102bf7520000000db48edd34aa9e9b9450318b333513deb5c053732386bd20c3bb53792f2b1711f40000000ff58319d3eaee74d1c7184b78b9e8264c4a6a194bdfc16ad58c2ad10b4637e0ff3b4d32338d1b6b08f4c0a239209815b9cf2f4a7db4946c13cc360cfde90ceab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{36BD23B1-2923-11EF-AAE0-7E2A7D203091} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8630" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9609" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403538" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8630" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000051f4578e10692b408524a9cab2440116934d30780336e26b32c432a068c0f3e3000000000e8000000002000020000000082156543c1d11317079423c664fcc22a6e497b7e73e103af0e0a93c10380e9d90000000ec97cc863236b75485bfe5b1d38aba4834df6595c8962392a2244c2980b96fa51e7c1d155fcd0c9ccfaf0a595db07dae31e4c8f0d0df44b3ec345b58279c3fa83f0cc789e33f8722be3199c613380dfa943d674d14ea6f05e107032ec0af0df70fec17b7cc0dbc2007c33de63d0fa9256b0991b847215efd88978318d6059a2340e84997627c73ef294706f6d5e526bd40000000dafdc9517e02e5eadae1300beead47fba94a0d3af3b761105287787655e86e01092e05b1f60238db9f166097798f7bcf73995ebeaed8ce104311b1367302e056 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a357434db77dac116428de0b77dbf389_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | opi.yahoo.com | udp |
| US | 8.8.8.8:53 | www.noithat190.vn | udp |
| US | 8.8.8.8:53 | www.doanhnghiephanoi.vn | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:80 | www.youtube.com | tcp |
| GB | 142.250.178.14:80 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | 754a9a5db7ff87dccabd3ab012d767cf |
| SHA1 | 83ac1da94a1ed4d54cbdeaa0f30e2eb1ae7c3acd |
| SHA256 | 19e75b26d2bf8d0052052157e8012320d82428319a88ab13b4fa5285c3f90934 |
| SHA512 | 516ce12718fcea667559573ccd8040f4ff18dc6f283fdf320dcf8708da5289e9d3d28adf13dbc21b07e755e4c1cf81d241bac346353562de0abdd66191418018 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\j85XBmD3K-auBXRuR4gFy-YbXrRwDWE2e6ZsFqyJZWU[1].js
| MD5 | c31f785afed7c3bd94e48286a26482ad |
| SHA1 | f66156197cf74e58d6e0a327e8a1e6503fe63374 |
| SHA256 | 8fce570660f72be6ae05746e478805cbe61b5eb4700d61367ba66c16ac896565 |
| SHA512 | 8932b515493774d5587a01fe6d3fd08c404fdb694219898ee32a44ef00cd8773ceec0f46af1fb2834211a64a7eb698ed6d1ee7edbf70e80593997ce65113a6a7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | a416e17f26457d52dab402ad2284997a |
| SHA1 | 101213a8b66bb023d241841f74df757c05aec9c5 |
| SHA256 | 9a5ec12b4a36738bcc0d4b94e52ee0e344c2f61d9029a03c4fa9836172a90f1a |
| SHA512 | 94628770004290c3d7eb5d85b948d743e0b4d73d01abea5e6156233702a905b46ea320d9eea9c636ac6adbe73b3bef7f5486f0e25ae0bac8dd2d6dd11e959597 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\embed[1].js
| MD5 | 14d69fc9da4a63c8ad5013b3d3781842 |
| SHA1 | e0272f8403d95fd27df22dff5fc014e2ab5d8a3d |
| SHA256 | e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e |
| SHA512 | 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\remote[2].js
| MD5 | 122e83be4335ed0b6b270ff458ce45fc |
| SHA1 | 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1 |
| SHA256 | 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5 |
| SHA512 | 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | 9c64367933f3602d7eff58e61376683b |
| SHA1 | 6d29d5f1ca0406a17caf92326a9993f71058b3b9 |
| SHA256 | 16797aa4656b7a7a3fddb4f1e623f92a0fbc41e73e48e6c3509e3bb3f60e2b86 |
| SHA512 | f9fd922b572b8b01664e9fc91694651a83a76fde760e9bd4c3f54275f42a77198e8e477e84e717d9a5a60174b8d4739a23f54b478722d04051d1ef6b6cdd1878 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | 4f47a58e24f380f064a12c99c403d90f |
| SHA1 | 6ebe3e18fa076e62b7336e968fc416cbc6cdc04b |
| SHA256 | c0e0a316c8f2429cc52c6bd83313bcfde4162ce34c955aac38f79dfb6afbcfd9 |
| SHA512 | 4b2bd7082a90b5572e7af394e3c53defde5e46f1a51c57867bf7c2c74ec58bf74feee5b37da978e80187517410b1881bdc12290ac8bd28f09334502c91109b3d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | 06634cf51ef85042e35fb5df356d51d1 |
| SHA1 | 4a5ce6c00be6d2fda8ac679e7f255a6c23dd6503 |
| SHA256 | 45d68e7198f382957e9c6cc8a8372d0e4b72ebd4c65900b243e9c80be91dbd9d |
| SHA512 | f04e3d82af715f47ccf2a5debdcba65d093e5cea907afbea9eb8ea4304b97e2897b068570f63076d34dfb7e8ece54cbce530fd508989a5b541990ffb51360475 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | f564c98a2c4495af03f0dfbd22790762 |
| SHA1 | 7d2bdd35a4ecb5fef0e35e0d386802ebf00d9c24 |
| SHA256 | 7aa23f7127c7413b16f55e7dbf69680cf4f9da421a5cdf63a024cf2135c94737 |
| SHA512 | 69b916c59389dbbb686f28848e2adedcdd881e4687938ddbe838b063355c1fa787a67080b3857daeaaa7bbd858b5ee71e5380b27ccdd461764f76cdc129cf07a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | 9e3d3a3783578f1fc4c9e0f98e6999bb |
| SHA1 | d9e674f256d50f2a5ce60c4c7f4ce1785d1c5186 |
| SHA256 | 0435a0268b8a9561d4075ba0d317e9501c3c97fa7de5b22bad8cca111c927247 |
| SHA512 | f1b8613a8403680fb76820af53db16f026fc2a13102db1abd907e30ab0ff737364ac9db1e4f78a380efbaf3fa2f1e12bb54ee8a43a2bbde36670baac3080a944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3d071d3d81c4b0994baf07e2874b65b |
| SHA1 | addc1735e28798c2c7a3fb5b92d519fea00343b2 |
| SHA256 | a3417e24fd8c2d75142d3fe98f3c2a0d58b6193fb0a64f5162ec6a701561816a |
| SHA512 | a3c91cc4458a7d53b6d7f3fcf687d8a587a5b37e2999eeb665d2c3a6ad84b67f59e094508f22770e25e2d652c7ce3948b98ad965444f8a3473569af77c27896d |
C:\Users\Admin\AppData\Local\Temp\TarBDF4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabBDF5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0950edf72109ad6473c9b075b6bb948 |
| SHA1 | 4baba6b2b8214e2be03bfba8df3dd4e38caa64e3 |
| SHA256 | 310c7f76fbb22b562b360eec43bc93f34d567ee5700366f3223c29768ecad527 |
| SHA512 | dd2830c8f3b421f7838e9994939bdde9cddec2608228457bc4f3a09aa0432927c9a7f73d6a700dc1fa0a2c1f149cc4aaf26f394ef588ba3550bf4b59cb4289b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c6f45500824bb26505acd1c43423e60 |
| SHA1 | 1e401b66b4aba89913877b6b1af6347c1fcb116f |
| SHA256 | 55197fa6832ffe643f323a62e9a93566db706f7a54f230be4502aeeb1695a2ee |
| SHA512 | 92f031e36bcc6426bda25f31fdb831e0a0a0c59389597abe9fe2a7d1d9547c782e65d1552343f2b24f705111e7775ff09c82ed54329197a9f83f06eb1c09362a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bfaf9b13fd39faaaee4106f8faaccd9 |
| SHA1 | 631f37e67cff5d1ff2dc9e81a76487adaa185202 |
| SHA256 | 727fc6efd8717b8a04882fb6a123de584199f47baa249774328abdb079775f15 |
| SHA512 | b746f218cb99113b449825d7d7a023cc13f3e9154e0d4b40d9b14d4f333389d4c2380036a97bcc2afe23ac7a1b59ccda63879e157ed58019dc5c00dcbc36017b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de201f5ec2edea54d789ff7ca308d77e |
| SHA1 | 07ed4a450113a453748c8c2783fb809e633deda8 |
| SHA256 | 0dbc4aa2c533670ecbdd133f265e30576e4fc76968cf891b4c80c219d8395a4c |
| SHA512 | ba34eaa439c35279885b4523fecfcfc0a95f301cc771b7bd23821aa86e7ce9fba68f45e5535efd4eafa9589a7f2b34e68282864672938fc2b750c78bc8e8bb76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dec6491085352a0294fb52b8c3f3c24c |
| SHA1 | 259c30c560ef282b1c8a88a6109ec9b24eb6ca7b |
| SHA256 | 5da9ac699667ddfb8e9f99ecf9701625474f0420d62ee4047bfb602d20622cb4 |
| SHA512 | c7f9f345d7681c172f8ae34a18fa3f24f7e26388abc10ecc2024c45aca4747099aa0825fb7c0d987a131d4eeb3b0147db0fe9b980ace05fa526ee40e953ef2c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a2cbca18468d55c7721a0fc02bcf4d9 |
| SHA1 | 0f92af8c13738d302eb6dcb3844a8e5f61129c38 |
| SHA256 | 42d038df05ec01069824c077b1001e4432040ba2686facb39187ade4889b4a4f |
| SHA512 | 7f3519f544326a49036687fd8256ca2a51a6bd85f834cebb42021131383cfa29b9885d21a053e2e395452747b25c2eff77d5f7c45fa2875d6504d0e412d851c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f94c278426dbfbc3284f872b4214d95 |
| SHA1 | 4b2e235a3c127d4b9641828a0b6ec40f0d3147a8 |
| SHA256 | b939325b745b41702002fda0498cd4a1ea761d6c967bf2bc247bd5c34eb3fa68 |
| SHA512 | 6169d991b26e29be5e3d23a9726827ca1aeb657b8a372701af69971a25f4db1493e83a6bf15fe7535ee3fb59be5f0bbebf1314e686cdfc3b54b89ac464269397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1764e23fc29f083595d3b7d24aad47be |
| SHA1 | f380a53f5b1ff6d290ac1e490c93e825d4ea1178 |
| SHA256 | a5a01630bbe3adc5ffa783fb18904cf509848f1d23bcad8fb33599e53be78c51 |
| SHA512 | ff0e93ea3a675aa61094519c5a2ea5b27b5769ad8015e43f4f857bc230fbce6a8a14cfc05b4345b7dfc6f10469fbdc59375292a05f6c055786add14695b0cc5a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml
| MD5 | 108f9eb2f99ecd3e3a72643be85a7ebc |
| SHA1 | 4cb1637e51f25064b5ce0e0ed4a31c412347ac16 |
| SHA256 | 2703fe0d91a55b63fb817e1b986e4d16fddcb98a174d7d24a1b869abe87e0d6e |
| SHA512 | 31cb83efc603ba9bd9cca81047d3770206eb5e9759ee83f1f04a5a7b31506111f810222145b29a9bb1c6cbf8156c756b9fb1390f5a2a3f0235d0d5fb0773187e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f888326be3096ae5da139f5e3cb2183 |
| SHA1 | fee8e078b3bdfc15a61fc8b743ba2c266d740548 |
| SHA256 | f48bb25311f93ded48a57f167cfc5b77969b338a2b13de2e48f65b34d02dbd5e |
| SHA512 | c079281b6222f37e87bb11061246f7c3dbf570b3e047de0e60f4fe501d367dc880e40d862c4e36276bbdba88e39c1a829a8f64240f8cb755382c5ada36585b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40e65a54f98774b82ed30bf255adf78c |
| SHA1 | 6cebfe437910b875c236b1270eb4f948d6410bf4 |
| SHA256 | 3116dde72b0af6268b1a0e64705621ea648adee532ec5471f341b36b4b8cbbaa |
| SHA512 | 0868c6a973e47be6dfe20f7d28a602a5106ffb646a20223d00519695eed26f062af12ba6c614536a09bdab66bb25b149f29f2066884a3615e3acefd5d3620760 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cec04b7245558315c18496ae5059372d |
| SHA1 | e5869f6213637aa4f7211d9ce863a358a81f42e4 |
| SHA256 | 3e317751c9b77c1471424c22008af6a63b9e06cc83cf7aa4c6da56d3c616a58a |
| SHA512 | 74721836be6fd9bbd105845553ab6ecac50f845ede6f4eb39b2bf5f8f286ade98524b7937e84409fa2742fe2e495895af4d45338e9bd2eafb9436ee10eb6806c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cde1de018f90ade8d378ae9c2a7a7a9a |
| SHA1 | 60c1e94eec2c57337b4b841af54af2a2f7840e7e |
| SHA256 | 87b1cdf0c25425992565f8b1bc6e5770105413eb30eb14b1cb6a8b041f1f96bc |
| SHA512 | 34a98f42c70ff0f98188aa25ec5083d4e1e509907b03189c9ec67d8479592a40d8eaf4704c86fc827d19458b1ccbc7202d338d499a41a9b4ee57fc6d0ac5a370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f15717d8f61d84efefbeaa5fee4860f5 |
| SHA1 | 5d5733bc737f4a093a6e831264c18d2298ea91fd |
| SHA256 | 05fc460846d2038c6731076d935c49f933f1c22b4d2ca82e3666c9ed38ebfc4e |
| SHA512 | 694a5084745a762fb5e10df4fed2f258495d03625925f8f02c6ddadf41aa45030115944e34e6b6f2351715960401bbee29bd5db022b63f53a5b54749ec714676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37b03da475c535377009d761f1c2b65b |
| SHA1 | cf14afb7eeb9cfbec4c3822abc854522063281b5 |
| SHA256 | e6546b37de5caadbf8fd251925a8a276db214377551080134f13e57177e19059 |
| SHA512 | 16f61caa67e6dcd713221d22a320b6fd46bc8d39bf43022d7b85fe2158566db35b10f52020c665ce2957ff6c57ae3d1b64d058f3dfa2977e331a9952f94f4320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d16699ab573b29c68baa4e5fd6f022a |
| SHA1 | 4bf4d3033f00fdebe61cde99bc255e54407b2329 |
| SHA256 | 471cd71b145c9297d5b3d565fd8a5bac1c8fc810e664437ba920a1977c96add7 |
| SHA512 | 62f9bb5dbafcce66d1f1d4d2b5578a2a43fac512190023683121e3a0445f402189ddb62a4c009d3de340d66173082ddde7b7bc71d3ed8a8caf620a52b3404db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbd66cf6f36c55f882f0a54db03b6d71 |
| SHA1 | 71c9b4c2e0083bebf42fe94bf3704f6cd8dd7fa8 |
| SHA256 | c44bb69b82b4becf8ffa63959025195688b399e3d075eb4973762207041316e5 |
| SHA512 | 491dc6e41ed1a6c6b82166319cd10aea5bbd76dfa1db4000f6020c33d94ddab9949bf9084936e28be63760f7e6d3053db08f186f256c8f9ccc89025228f3ff44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f64ccda00c320b8c09035776477bac4 |
| SHA1 | f90bd76990f87a8a72806f406d3052813a35e38b |
| SHA256 | d8f33146a0ad3c997aaa6434c29b7ea5243e5947c26b44006cacd826d863eb5e |
| SHA512 | 69f6f41ac209109345706cd04a1cf008aaa5fa03588d4434442a7fe8b3ddccecee9092b23d8d836fb6c44e978d9bc5e41c2852e633ff336fd095e4b7fef9a1b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd1117ec9c84178165af6ed724da5ac4 |
| SHA1 | 8cc194c19058f2d01f7cae94dd92cacddfe44761 |
| SHA256 | 8f1ff85d4fa753e709e0f582577ba4bb8ca7ae42f477a18aa370e62c90886f3f |
| SHA512 | b4c30d67bdf1fcbaf7ad69c5bb0f022297affe9edabab88c9f23fd57ca5ed37481025ffcc23e87f012b9b53efaeb1ea5b5f4884ae876f0181b816dced2266817 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50db987fc65a5a7c03db007b1c5c9baa |
| SHA1 | 283f62dd04ba4e03afc7cb824d2d0763c26eac8c |
| SHA256 | c9bce32bd2fc40855d4204ca52bd9bc58646aed6d459204063087e9c2cd5391e |
| SHA512 | 7f06a8a373d052ec02124fb6a2f97c2bc7a8479a9084db44090f8dcdd30fb367d131e716f4f3b8faa61a5293cba167f5c157813ba451ba86279a2436d88e4222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97e0b9fd7df45b637d56fff0cce21406 |
| SHA1 | 544fbc77e82cb74b579961b30e0fc29108de2fbf |
| SHA256 | 966eec97cf251399735764032fdddc7018fda5afc5558506e252e24ad03e672f |
| SHA512 | e63a1d5afa5365db53c9d2d1e7a9799a0e4b6eb641ef8caf1b9120f952aff3b988db9040366240dafcce0754faddb82b17406d460b228fbcf3d93e6bd3f936cc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:21
Reported
2024-06-13 01:23
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a357434db77dac116428de0b77dbf389_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.noithat190.vn | udp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.14.0.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | opi.yahoo.com | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.doanhnghiephanoi.vn | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| GB | 142.250.178.14:80 | www.youtube.com | tcp |
| GB | 142.250.178.14:80 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| VN | 27.0.14.98:80 | www.noithat190.vn | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_1496_CEHSUHMYDDCYBPPS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b39ddfa8c0f4983e4ee71b1bfffdea6 |
| SHA1 | e52981875480312c240f6147b918913856262816 |
| SHA256 | aa2279eccd91d7f5513941d859f6c9d346c4ab10c0e5851672872feaca23f304 |
| SHA512 | 068b2c1a3b837f4f0cc8c822e4a209a90fedb69c89c4b696b397f241fc6000bd070467988d44d60471fb7e62ce0225c17675381b52fd8a7be1cb4109a09ebbb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8694b7939e3f13eb5cfaf4b668b5614c |
| SHA1 | 33e2435214de6d58564af7b13e3b1827dbf6b185 |
| SHA256 | c015cbd25213cdf9690e37ee8cc1176774daf34f7768ae2ecafd3f8657084461 |
| SHA512 | 87c5cb2358c7888367c93d7c7870e75b4ad1db09130d64732f8d4d209542b3ea055614850dc15da5f996c6fc436c17ee73196c7bf052cfe5d75780da50baad3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | edccb6d663ddc7b66f3ecb8037e8c302 |
| SHA1 | 0fc2bd37032ac7f3c8b076e95c3fb632d1652f42 |
| SHA256 | d73cfd0f1b0a7d126b3f5b94813e8af115890104ae7bc85ab9f524d534401abb |
| SHA512 | d8ee02c90d8c14d0dddf7fdfba35254f91acb8d03654553bf35b9445133e374bd3ebe41187cc2bcb4b48fe09d65024a49708d4df32782e9ae289753d7aa1579d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f0609ff702b5102ae6bc5e472e4e917 |
| SHA1 | 8770db560771b3bab4d014f3e6fe95ca895703d0 |
| SHA256 | 74f0681c47aff488d87d6a27456e1bcfc093fb3c608a491054d518396fdd2c2a |
| SHA512 | 15e0582fcbcc02900f0875eb296c408e863ba073dd0989e0b4ca64f18cc56d26247cdba20895871cb791bb2672d3fba195b654f97e608a1a0417e05588eabca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87725bb3a345e97d0a68694b8466f1fb |
| SHA1 | aa8260f1f3d5beb319030fab33c934a427c30f4a |
| SHA256 | aa3635c9172924f1a7a700a99645b5980faad311063287c3ca2f73c7b36bd944 |
| SHA512 | 059b81673bec6d911c09e5f77273f014ea59c691152d72df7badb0fbc5db8d71c906e7f9057c2d0422d26ce54dd557536a0a698c80bfe406d08e0ad624303044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 127e0f658c66f8ee523d1423e4024651 |
| SHA1 | d7ebaa2253764499abd4a7f6b3dc4acb21547b35 |
| SHA256 | 5b5d0c1e93506a707fe6ad909e2b5170dde880fbb22597ca220446bb89c37e98 |
| SHA512 | dd6a3d2a3cad146dd3abc217646715beba2e6957abefddfd98ca78bc1aca8ce3a9a03b0151154b923b989889366679546c261798f10498365182ca2ccfaaef19 |