Analysis Overview
SHA256
5863b7f591f91174c17dd3911aeab2b7b7c13c9af8d60507d63073197330752c
Threat Level: No (potentially) malicious behavior was detected
The file a393dad18a45d9caea4be166bc557aa2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:45
Reported
2024-06-13 02:47
Platform
win7-20240220-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8047f6c63bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010c75a07c70d8b4c81971e645f7ef1ad000000000200000000001066000000010000200000009a93dd33ee34b535cf3f6e67bd84a4638faf209ab02f5c232c2afffcf96ecee3000000000e80000000020000200000006e0559e48e0b7a67c513982d7328e83585c0063a204e440d95d296dd84b7a8a1900000006a157534c79c3fcd039ee1c4f1357f643e8b982ce33ce7a4887ef630c502f3ee8d82d1d8b50aa9677593fa21c2c9da5a9d0c4d6450610bb3b82549345b02e80f299c36a8651d1edcfd652e9b947ac8d446657edb705bb9fb192ad855f5c4b5b1c6eb4d8271986523e0b9ed9b490b45ca0526769c7006f930682b9bba1e13bc7f0ea9ad69e1aea81ab1b1989173ba066d40000000e5a9d12fe0d83276e696d5fac2efbad88b6da6c18d77d82399755e8eccd4a4e5f6fb5ac39afedf3284fbd971e6f790557cb299fe4c27fcfceaea8b6aff076319 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7BB5311-292E-11EF-9680-DA96D1126947} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010c75a07c70d8b4c81971e645f7ef1ad00000000020000000000106600000001000020000000944ee45b25bce347049fd3f6633025e4f165c8b57a62c5ce9194a1b9c1ec4329000000000e8000000002000020000000741bd1f1a5f90f70070a628b46c74e1705a96f89c7f9c81e0003c10fa7952b65200000006340fae2edadb4b9d9a88a4e197e5f1d2bc44033865d19ec461da3d0a977f96540000000cf8dfc4ad53eef50683df4301495deded09c87977cdd6ff3d66ed5c095df4a7d1f1dcd2f3826284c67f920921fd0e712fde4600eaafc58f1d2d7bb23fedb17a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408584" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a393dad18a45d9caea4be166bc557aa2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v2.jiathis.com | udp |
| US | 8.8.8.8:53 | static.duoshuo.com | udp |
| US | 8.8.8.8:53 | www.ccets.org | udp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| US | 107.167.27.86:80 | www.ccets.org | tcp |
| US | 107.167.27.86:80 | www.ccets.org | tcp |
| US | 107.167.27.86:80 | www.ccets.org | tcp |
| US | 107.167.27.86:80 | www.ccets.org | tcp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\hot_last_main[1].htm
| MD5 | 2d287b3334bbed7090d84a60fd9c6634 |
| SHA1 | 8c660eaca037ff7f010b21d1ac3df617aa0d1b43 |
| SHA256 | 35da6cd8a7624a793e905747e0901e18b50f8fb7f899672eed54c9e3bdc5f14a |
| SHA512 | 55602bfd264feecf8cedf6c15464d068bd620a739d44ec263bd6a8f48752af2bc6b0dd9dccc5cc5bd53c7b3fdddf351b381781ffc9d4455a0dbf6b78742ebcc9 |
C:\Users\Admin\AppData\Local\Temp\Cab3DDC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3ECF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90fb9f2446fdc219a79add355675be4c |
| SHA1 | d896c16f7a5206e5889e279335322bc8c57d1619 |
| SHA256 | fa75934fd9b8faabfd347cd3071885a63abfe66b1cbb5d08c6627d64e1ac4d2f |
| SHA512 | 3ed9b782df5a7fd83dd463be85c32254e781679fcae610c951a0bca8cb531b51502dcb2b01de237fbe2a414612afbd1608a7f08f1c4a93ba008e2a5902393c01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b241a59ec9a7fc7dd79334761053b902 |
| SHA1 | db92e3b1dcde825cc2f72f892ab21bb6b2995e86 |
| SHA256 | 6fddb00e11418754079d2ce6f325cd9a7c9d16dadfcd944bc2fa0b8cb855f612 |
| SHA512 | d3b38b65ebf0860148d0b889d6d0965f8869a3933a245bc1bb9eedfc6f332f094a235e6851c77900282062d298a06838ad66c778704d383eddf72c13c7185847 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d7cfb445f41a6b5d3fb8d74caa0ea28 |
| SHA1 | 52e4d7ed2c9daa18439b75f58df781ff9a2567a0 |
| SHA256 | 3fca0e19641dbba963b8d8e09c9871a9072a771bc595dc3f117711ab89b5c158 |
| SHA512 | db724a8f079af59617ec78ffad325b24b2a256f358085865af64b92e5a5727cb43cd0dd06b551aabce2af57b219731c9aa8f47e805a76f79b8e93eb7e8fc301b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42ec5792ea7995555eeb215e89c23fe4 |
| SHA1 | 14153c369a98827a15aa2ca90e815d1ac94c0b5d |
| SHA256 | 1d4adfb6f5c1f159d99101ef41399583eac148dcc558ba2f2e8fa8551fa241be |
| SHA512 | 8fb6cacdda96180062a01aecb9881ce3d37f68c52d2d4932f9ee2c9c5285a0f8ecdece173d6b29c9797e83d9a5b0bd2e8c0e825cc9b9afd5251dcea02e533a8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5731a547d5f3b2ff7a2377fe5630fc6 |
| SHA1 | a76fe90d9eff18d38b36eff11a7769e50a14d945 |
| SHA256 | 07413823a5326362676ccf2ee32cadc5987cd439dd86a1ddceeacaf5c2bd61dd |
| SHA512 | ca2f48f27530082e3e1618a81f053a517eafaf8b06046916ebb5a2a7d1d2128ba60ef3e78908c43ff3ed75fe0a9347c1a4440b2b65f6015747d119a06e441e9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a710dd5dcb5f1ea73b45fda1af8214d |
| SHA1 | 2c601a299d7b737d5e7e3536d3b144c5d91de95b |
| SHA256 | e771ddab3862bcddcfa274c6c7ca603fbb0fe5eeb8949897807ee03b5117843e |
| SHA512 | 09b5347ed851d8e47d442894c5dbf29302342bb6da2ab7d23a248c7b00ccfc6a726af15bc417c80c7506b633c461197e2cf872c84ab3c4159876363945b9e054 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9ab0c9497068e4ffb3e416f5d9ec0d5 |
| SHA1 | 5dad48cdbd5e80ec6d6e26b5afe4d10053e7bff5 |
| SHA256 | 378b9f63670bf11481134dd0b503377c27694d658c28aa6b9ead998139755e29 |
| SHA512 | 1506fc5ac7e08f1ff04dc9a89fff355923582c2245ac9bd56b711abf4fe988a98b4a869dfc3a9899111d77cfed7c380bcb6112a0fa8ff1f50692209fcd11b76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb41cc253558077e175339f1dc519b17 |
| SHA1 | 85381738a834b78609dceab7c76283cd410096f6 |
| SHA256 | d663d71e8fc8b6f3f929b6ff92df55433b7e9f6c2475eebc8ddb08f7c6703211 |
| SHA512 | 13a42d88ca464ff3b3114376ec7f6bbd3932a6b4945ea0b1dd903920776e5a8dc4a0f30365f75376916a6d2011eb3e15daf881781b5a5ecf1140314f36cb396c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de72306d5bb627d6d1c7d20ddec13eae |
| SHA1 | 3af72b9a349e860139163f0cec50bdb75b7555aa |
| SHA256 | 23d6996527d8a78a4143772225e928ec88c8edf365ce56495535899b86007b5a |
| SHA512 | dc374c9441f914370d136e664a4dd70cb90afd2cb5913c27cc8f08f4e7c9487d57b6886e704ad06f6455d5e4a0e7272dc19383fed8aa4cfb66a10c783c7bd1e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b3aee9e223f4abbf6d24f49c323730c |
| SHA1 | 7e8f871f67da5154eab5ceb5af5a63e58ab37dfd |
| SHA256 | 7bd443e5b59559457a77b19f019892c726637a6789ccf1ce0f6535208b01321d |
| SHA512 | 9ed3236a07d5646a2d59ddf18daae17be89e0d022678b29d462395dd106a94e5b2120c88c19aa49a703be578b4898d27ebcef796944f0c56c46de77a50c598bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4aed1be7f33a9eda05d315513bea039 |
| SHA1 | 3f3664c82472271c1d8e47317d162c40c0d450ea |
| SHA256 | fd314e5161272c5cc53938dce12f877970276ed7ae2e0b65f99ed39945f80261 |
| SHA512 | 4029cbaacafddc84d7e45a08f34a60aa9cdde5110ebd00bab24c64a0b2e1f495ee6b9ea06cda096a0299fe5720cf47248a95c7549d27cc2f8870f5d0fe392677 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 887f612178d2bf1beb880360d268cdbc |
| SHA1 | 068e2c52dc339ddf260b756c2d40c30a9bf2fec1 |
| SHA256 | 0d0e5303f90ee80f1d2e6493a9075c60212a8674aa4d37493ccfae9e3661c4d2 |
| SHA512 | f009c62170b1b84c9a1e7364c005475e8041b74896bfa04fc6851e88610e3df0080cefcf3df2b4ca4ae8d267f0fa22da0fc5cf4181c77e0ef675cfb2a6ad7c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0549bc3d3c18ef8ffe3b3827d8d7c193 |
| SHA1 | 432d03c5fa6ddc2d82a370f3de330589704304db |
| SHA256 | d186b8140457779a229c68807475259e52899ecb20b9c6eb72457236c30f20e4 |
| SHA512 | e36ddc6452274b029d89014dac6363b233f505ed36f77349f3d5ddb3b855e573f8e34bd20320f9694b554bbbb80bba2889adfd535f6aac08f2e32b1a2bdc4b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d9f1709f3c36ad8c15b2c222021f45c |
| SHA1 | b40d54db38e32b114318758f5c655ae041fe217b |
| SHA256 | 3d439046db65cbb3d2e0ea8b097c5c4b18240a495bd8479d9cc46ba7ac36429a |
| SHA512 | 60c045cbbe164b8d7cda7e8faa53b4bd996206865a37ff26748676ccb023b13a562b192cf736ea8a813e1611cb0eff8c7ce2e7b58dbe792cdff07aa80047d8e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 539c07019f0ed868901da5ab2423821e |
| SHA1 | 86947b4c43e7be5f69bbbf6ddfa4b0bbc8406860 |
| SHA256 | 3c76fd18917b592307b7fee513500bec45a35b36bd9a19d89fc931e345811c1e |
| SHA512 | 6c43094135b693449a2441da81c77551201cf11bab5055318b961147f8f5b59d7cf9086d050c8b7520f1f834a9aec6ae69168f23a1e0c075a59ceec302d7109f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2610af49f5e70f2dcb2e566e53f134d8 |
| SHA1 | 0f6c0ed5a550737c457dde26442b79c92d179711 |
| SHA256 | 862ded7c9d9e45b42d767636df55f8bb63c638d6d05c98ae2cb8e179700a40e7 |
| SHA512 | 81973c8c595a665853519c76f8453609c012996b23844429809adb3a7f1b0db6a62cf76935a1d876c16f9882b6de879445009a6f10300398525b05bf07dee598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75a3e7281b438b58722dc9a30d455b49 |
| SHA1 | f1df00856440837c0517d699279ff53827fa0f8f |
| SHA256 | ed76770ed4dcfe49659b3e67361ddc48744a27ce2997772e6bc5f0bbbd10292c |
| SHA512 | 06f713f84c22828cff0328c24be65646112e7ceb7039141f046ff055e75db2f4a2006a5a7a677c018bec5a86b11dfbfb296dd74e90396f1ac6e61296d44deffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c84a780e00ad9e3c2f5bdfc08ba9a42 |
| SHA1 | ca1d21ae51304e7fea1011554e1fd7375f972165 |
| SHA256 | 0aeefe65601ad622b67ea1b68003087ca0c533ab0fd0789d9c139fbcb2a30fea |
| SHA512 | f9c3bef95471cf0d44ee0ea215346e37353eba4802fdcbef212e7355465291fc5b38634f26f7a33419eade61d7f18ffe041800183df0509bde540a497248d500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec7193bbf8f9b80dad73bd4c4a4df7a4 |
| SHA1 | ef90c5216d64844726092d5ec15d02823e3b943a |
| SHA256 | 6e524f1fff846c77f8b93fb260341e121675e5875316c8b0a70060ca2b98f61c |
| SHA512 | 5d5611debe587ac2b582c8e0ce89fef7859f9d3f830f0454313a9e9e94385c2b89de0528e99c9f66ad67c3cea8d1dca92d762e342372a131ef70ca1c5297736b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:45
Reported
2024-06-13 02:47
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a393dad18a45d9caea4be166bc557aa2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffe346f8,0x7fffffe34708,0x7fffffe34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1638542511484686426,11086316125643439262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | v2.jiathis.com | udp |
| US | 8.8.8.8:53 | www.ccets.org | udp |
| US | 8.8.8.8:53 | static.duoshuo.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1544_EAATQUDDIJZIDKPH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d04697604377d2419ffbd6e41ac8765 |
| SHA1 | e7efcf2974fc2bbad8c4cc2599f3f138468ebe3b |
| SHA256 | 9a113e3b01f10f1d8007cbe2b71f29c60f84addb2919f3b4e7e03ab268414259 |
| SHA512 | 51c1ebe6331e17b719f5b9912e2e8a99ffa0d23c0650ebb03503929d9d2ac27f4677b2221930cdbffa5d92dd9ea0d5399c034f8cae423ed046aebde45538ed98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9c06695a22a80fb66fc896467bbafde5 |
| SHA1 | dc6870130f52b20ddfc02ac3673cb9526290d3fa |
| SHA256 | b595d153f3c2c8dbe4f4d00b50334444121feb5d8e7cfad6cf69c6ad069f7191 |
| SHA512 | bc24bb8b3b92f04a7dcd1db0790fce39dc578b11b02b3e8cd231a5b1b207c39e33859a89ae76f8d6efd4c925e1c29ed110b8cd17e4bd2c9f2c8e7a8b1d087523 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27a140c524b0b770f1e487abbce6e571 |
| SHA1 | d907f645e1ad2cfbb5121016e3621ac83eb176b1 |
| SHA256 | 27a02b1a9f260c04152460d850fdb2f44688c005db90ced102f79e22558becdc |
| SHA512 | f5dade63127989f5fc6ee726e1412617ff982f991aa4941a6fb00343cd4fca20ae1ae2accf36fd66a59dc66628b0097467135d545a025ee91f2c76dd90a1a131 |