Analysis Overview
SHA256
2759d4ceecfaf85480acba9fd585d505f8204e7f18ac3fc0d093ddcc346a6293
Threat Level: No (potentially) malicious behavior was detected
The file a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:38
Reported
2024-06-13 03:40
Platform
win7-20240611-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b1752c43bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000044ada6c5e11714d5ee82c03fbe0a6961264938797f521fe8c424cc299f6b08e5000000000e8000000002000020000000b9e216c5e104237bc383c46c9275ea04d6f184fe45052dc9bd59318a824880bf9000000019550b2cb2e7f693e330ceb95416f70a5091c0edbfc638ccb0be8b961868f0883568b2d4ff9bd1024a7c562ad1a6ab00b7589bbefdd56d9cab57b5f92ff77ba705b7bee532f8aa414c6f16976d8ea99f314ba36963687a1140cc761bf5b54d84b5e059e8183a329e199984ebb5e69486e5f298845bfcfed7112997fc476a0dc032a0a410c7a308d9cb4af3e2c4c9054440000000326e724fbb991010efefc2babda525bc9e6d7f81eb6410a5a43a04f5a2b0b6692fa293b3e32e29f5dce006e03ba12caf08896f536c8b1459992472fbcf499afb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000028838c80999871cbb15543444127b3fab079262f2b24693426f5d0f050e1e1d6000000000e800000000200002000000068f6e4d51157be55623335dc4a24dc89f01c5a511773f836b27241d70f73175b20000000391209cede5f597c7cee695c12bddeea7035ae5c97f76d136d6865b65fa1d4ff400000005ab7e238668debe54114e4fa8ef077bdfc3eafb024bfb88b0c2ab1573b22e5e92734177eb7aefb118219e2317a5b3c91778efae04f04f001a93b560cd609b6f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{575EFB31-2936-11EF-BEBB-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424411751" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3040 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3040 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3040 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3040 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | ww1.popularhdmovie.com | udp |
| DE | 185.53.178.54:80 | ww1.popularhdmovie.com | tcp |
| DE | 185.53.178.54:80 | ww1.popularhdmovie.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | dae400c20964c5f7aa97f4beec1806fd |
| SHA1 | c39e96663dc2899c7e1b33001c4c548e0c4d8ce7 |
| SHA256 | 9ac8dbe6e4fcaa06ed26dbbefa1d59c5a16c6556948bd04c780b0fe25ec38d50 |
| SHA512 | 583474f2f47610ad7d3f7878224b2e0e4efefaa19b09b74b37d935c5c4faaac01243115162d9d22c19a258e5bb539590c9ffc0c33e028a78ebfe69ca95b7964b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 326babbba80cbe82eaf076c37b6ba94c |
| SHA1 | 5abf34c8000a678965561bf48cb747bdb35a8dd4 |
| SHA256 | 70563f59f9e4e319fb40a5e9b05342af5e9e5b88a241833044c152deb0cf5a58 |
| SHA512 | 246b21928fa51d8ac7a0f2f75a0a1b829a04b0098d85104208bb6b6bc274b9ee15be73c4ea9929d1064284df4ea2d7d3ee06b5027b1c00e007f71c451ec89778 |
C:\Users\Admin\AppData\Local\Temp\Cab3055.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a19928ba7dbc9e6c5c90c93799d3ed4 |
| SHA1 | e82925bfbd6600c4aaa49f4071b9fa360fb2c3e9 |
| SHA256 | 896ed97063c88011b2bb5a00f503f9db889c4777fffce989f65b5fff1c63b565 |
| SHA512 | 633985b9ee07000611f6546ae54c1ce26fd2f838f425a2be17bd76a4d617135cf63cb124b09bb3e3df6fbc19492176be5fef4aefcf8092229d35153b19127dca |
C:\Users\Admin\AppData\Local\Temp\Tar30F8.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1febe1159573d2d7887e61dd9cb3d44f |
| SHA1 | a75a65864f74abf1cf65d00c31c2f395b6762ccc |
| SHA256 | 29edfd75eb0e940bc9c8d87f1feb77c9369ff4ba47311ca97d74dea3ce0fb702 |
| SHA512 | a42a97738eb4b851d7fcd0721256fe0cbfdcbc56b6d759eec069adeb0d624c9252f34b097ca74f77437807b632a01b8376f66faefc26bdbd8c34e39166beddf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 433ae3823bfe8ec9ea90219326c0528e |
| SHA1 | 34ea6470303904c0bc29e87b11744d539b53b1d9 |
| SHA256 | f063181961b48e14a5f98c95c77a252d8fe2b719d54fcf4ca7df4cc45c66750c |
| SHA512 | 707a1d5b7faaf653c781509bc049aadd839e5135583af261c0b28497234e19acff39c4120256b3649ab9560aecb243d355316bf1e360a172b4dc89a16739e12e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc2e90a625cb99129ef7b65869db718c |
| SHA1 | 190b5591aa30c804e81ecbe34217b9fb20a68940 |
| SHA256 | 19ea28f6322444dcd6ceec8db6d908f7e5c0b3edd8ea2ef3fc8ecab1dcbf8852 |
| SHA512 | 3f64c7e412d5345c94902f9c9e27ec4b3733a1a0a2360acd838b3ae10b581da32a093884481b894d79032a28c20665605f9e752dfb72b7f4258de7e30c93746f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d6c0656c5ee8b33777737d5506b2577 |
| SHA1 | a4ecf83fd0fcf941639339304dfc112664244803 |
| SHA256 | a4a65498806eacea1afca8ca9ce123f7b43294965ac12ed831c891b77363b731 |
| SHA512 | aaf45c264a65cbd86e7c4450efc5ee24cda72293f11cb07312e16c6a70e237e58abe67b54ec3d78fa5f1e5ac9ad017f34b568df54b26ebff419b64b1c354f873 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0143c3cc8cc54db1850dfc8d9edc10b |
| SHA1 | 15c7609ec819f91e30c761e29cbd5533dd04f750 |
| SHA256 | eeaa41d1b8a6340e631dcfd1603bc695f351190910d66be755a28a45d1d3a50a |
| SHA512 | e605401e8ad1a4781fe4106e6d5fac38a82260b2d8983aba4007be9c6eb7cc897268c045e52f45d690cda072c44f4074def2539ec3811f3bdfb45341f77fa496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0820158fb8aea93e18ed04137aa1185c |
| SHA1 | 8e59b83e2545baa1b673b7a8e75eb0ea2289b175 |
| SHA256 | c63821d39a0942599fd4f3110540507f107c85a44d2226381352a3a1d4c52880 |
| SHA512 | 832ccb75a918c24183f6bf2b1ee861ae282771337dbbe92b330fab7314dcdbf7714807869c9a4c7e20ee1bd61484b9e04455f260b19ab68be6b0bd7bf5da2971 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98ba2429d5354bba2490236efe700c20 |
| SHA1 | 250103a4e9239464016c89540131f0cc10533b36 |
| SHA256 | 7cc0d2ee79539416906f54692ac45460e30372957f36d4eb0720cb90eb7c0c8f |
| SHA512 | 4dd9b98b0494b87d7aeb2bf75253f005da1cceaf4ab21213ff90936cb7aae62cabd64ef9d1663d5e9fccc972a5e2dc9e9e92daf65e41acfcfaef1bd9f4e5ef6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a634cb95e2ed4efafefc04d912d9b587 |
| SHA1 | a91789e76b7db73d8070e4e6587916c7e8cf3987 |
| SHA256 | ccdbdb5d3c4fb455443598d24ea889ac6b8749348ebec88488871b768d734fab |
| SHA512 | 39b87f358d98529f823a57ad44fd8a9814c8c3a500c2257cf000e0e3c24ba90c193da2581d70e643e041b9fa1cdb3d04d9f29ebde6dbf0c93848a8654111fa7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44fede153f75630624622f798872970d |
| SHA1 | 360bcf668bfacfc918dfc7e1f117f734f4dd50d4 |
| SHA256 | 86615f8d618d65bbe716327a338d6acbca717f39c6911bf5206ef7e8145a48ba |
| SHA512 | 6cf5ff307328aeb1e1ac25460507ea52b93cb6ca738f9ec16aeef71ea908e3f83d5a77689973748d011b4796ef920edbe09db5ae4d5eb29197f374eb0ee654b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f35905bb135599226b8ce5bc281dbf46 |
| SHA1 | 99be4626ea1bcc79377b46b853e105ff456d725f |
| SHA256 | e7f9b0d799d39b2abf93df75bf89cf12f69118ba435ca732ed43c3785cb2e82a |
| SHA512 | a0c8ef858d3773cce1abaefc6abb19bca05205770a30fcf17e0d418096a790dbdb7a8113062f4ce68c414181168c390e81164dd0ad57ad4fc0c0b778e7a2ab24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d04e813313d8d75b6e475d69427d3ed4 |
| SHA1 | 04abfb1ecfde486502e4d3169a51acfb7200e22e |
| SHA256 | 665eecab81bb7a8fd135e9531d09517714c2d0004d63f5ff83515d77a87c31f8 |
| SHA512 | 3770a8cc29b00c0c8417be2624fe6091c5e28654dcfdaf7b2cfd2fd620f1255bf03358548fbd21597fe06b09a65528d6ab19675fb904adfb1f6e8fb0276d0020 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 510ba2b911dc342b4dcaad6ce48724e4 |
| SHA1 | 25bee714633e531800450f0421d5f02c87aa824a |
| SHA256 | 70f40b777d56aeada14d513f13718d259737cac2c33766047c6f11660f243151 |
| SHA512 | 94523baa645d3bc5d2b42cd17e89a2040d77c5aa847efb38fc4e236e727e671ffddce3a982ea3833f194842e3afd5e121b13c4758537030e450b7eef0cffe023 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cfaca2fa9172e21f1d2c5f50ac9ef9b |
| SHA1 | 74950cea3281fba47cec5782b6c16d986e3b718a |
| SHA256 | 823c081479f58e6a69c46e50f0dd8c1fe564e67cb8aeafcfc4d64babbfbeaf75 |
| SHA512 | 14bb76e1bb6fba993c2601437c2772e2fbbad6d8cb9d9ce05726381da1ab4b6f564c1478907449a34310e0ec849fe7d674b31dca531333342ab0971c1c0dc8b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5867274f5fdf50226c24c09bb671e1b6 |
| SHA1 | e346be5f4ef109260aa53b773e9500cfc6e096c1 |
| SHA256 | bfcee94e880e8c316a7e052cd386f7256a54427b99c8e2e0e6aafd8f44f301db |
| SHA512 | da9818a4fb89887303fe40eac6296a4c00bc2ad761c9b0bfd13ff17c3825c2e01f11b9656f96275af754173599a96755dbee8c9b1c4c05454b8c10f05828ccb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56a359aeec868e20c5dd7da7fa84cec1 |
| SHA1 | afb1e66a2ae68079625a83a3b3fe3856426937a4 |
| SHA256 | 44174fbb1369381d2246ebcb927481b001bdb57a7c540eebf9fd5c943208338c |
| SHA512 | f1a7480e8bdee342b95ef660e265b7a1f2d6307ec657e315b2bb5c58bcd2ef5b9b18ae4786f0897f1027a3a55058075293077f163de9d82a158fd88d39aeb554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2b0222739dca9ac9efb33797a1670cc |
| SHA1 | dd3366654b23284a5dca0c1b5d1909af6c74a62e |
| SHA256 | 22d4256be9f8e2272cc78d302b7acccfee5765d2611cc1c85a373eb985a48a7b |
| SHA512 | 8159d19e693899c071ba413c019712beeb0ce07366a27e9f761d87ccc81b5fc9b05e7a7ab1063c620c8929e2a657d6d128c371bc539d67f8faad24c175e86829 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5bb20d104e100db54d3de0576a58efc |
| SHA1 | 42445ea763120ee294e09f5b0856127f4030dd10 |
| SHA256 | e3934aec1afa569f5178817fb9a0aef7caec4ee9878352a148aa65df8ef4409a |
| SHA512 | 5a2adec47b09fa225092cf6ae5a780e57e7c3a6faf64d731fcb50dfc0892fd8f06a45e7f95e62ed28fc993716bdf3f22553f3c847f4363de7df9f63881c9693a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52208710071462372a4bdafab0f004aa |
| SHA1 | 0968d2bfd4c25f57e92cd401b8dfd549a95d9c6e |
| SHA256 | 4e65b3b974f11a5e00bccc5060ab7e177d4ac7a3402fb2a567344ed18b4f9513 |
| SHA512 | 0697fface696770bc43a4b3682b906ec159851644b86ec7b319bf6d33906fd68f25e113e435ee0686098228010efe8bbd9ebe704a3dc6a98256e76b7dc66a956 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:38
Reported
2024-06-13 03:40
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd179146f8,0x7ffd17914708,0x7ffd17914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2624_WFFBJVWKTPPDCAQF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1573b01c533a7d530f853f5c14a90221 |
| SHA1 | cbfa9eb1305cb8bcfd3a20824702736831614e59 |
| SHA256 | 1db5bc713413cc594041039c603ace5934508049c3c4b65438309fd481ecd42d |
| SHA512 | 654d9e5ff20a7cc91d899745dbd53938ff593b9afa7868ecb69c8b90f622b526c78061ec663abfa5408ce80d0b3e84565137a7ff3f6928764cfee84ed01fb72d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dece4ee45cba17b42ae8762cf60768aa |
| SHA1 | a20f632093726f3dcbb382fcbca473f86033d061 |
| SHA256 | 7b3cb056e26f2bf0f077ec0da03adb2f42c326b9d00e785e18f27da04de135b3 |
| SHA512 | c273775d2c970b29e56c0f2dacf863251c54ff81926d8dc5596b596af7ae71ad51e39ec273f6379edef487853f0471343ef6d244c24120d3f4cf28070981821f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea0f50a71079ddc3809068e0b1ccc480 |
| SHA1 | 40db2ee96f709df2a84dee476d357ba21f4baa76 |
| SHA256 | 338ae83aa9bbe5b0de65e6b54d3a53226d1f026f2da2fcb456764ca9762766e5 |
| SHA512 | 3276567ca0bdb69081916bbcae7f81bf960f06c21c4351ee49b3793fa86ddc0668360aa85f121966b96007837bbbba4ae4b2a0e1e84f6de5ba71eeeffb327c83 |