Analysis Overview
SHA256
16e2718fdf1c4426590b2a69057e32e92da412caed8cacf9c1c0bde640cba81f
Threat Level: No (potentially) malicious behavior was detected
The file a39b23aa80742cc69220633a349140fa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:58
Reported
2024-06-13 03:00
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C809EF31-2930-11EF-8FBA-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409364" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1876 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39b23aa80742cc69220633a349140fa_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fonet.si | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
| SI | 212.85.188.100:80 | fonet.si | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1354.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab1440.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1464.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45b5b3bd8f8499e1344291aafc1de992 |
| SHA1 | bfac2dba126c2bf0228af296bb2fa6818ec9828d |
| SHA256 | 5467115effe5fb767cd62ec8936a047ad3704c2e0f4caf359fabd9ab6cdab0fa |
| SHA512 | a57e58d57bf352abbdc9722718362a8606eef8566921c460ee1b762c80cd50929e9679419e6958c19045794e644b0214f542c51a26fe90821d4949d63661b4b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09dcb897fabfff8c2c7285ddd22bc2ad |
| SHA1 | 52e69161382e34eddaeba342c0df5235a5f13083 |
| SHA256 | e422a12b633fbb5d5fb5ae03c2f7b38d85e25130a83b12d2eed3feafd644f2ea |
| SHA512 | e1b9f759c954c5e767211cb63b313438f99b7fa52e53c8158c03d8eb3a8301e43ea9fab7605c3dd8378817de1aee46428cbe43d0efcef7fa3c95309a4ceee4a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b4b877790702a46bb4d0af6fa56e897 |
| SHA1 | 5b21204dfc05e8898edd25c0d6ed9338d82b06fe |
| SHA256 | deb7475c4658130b772f7642f1e59b71955e52d3e263924ce5872d06698e4682 |
| SHA512 | 12310f1d44b343976a374259bb2d18979e15f83fbd9216052e5440e8ffd8f48cd3ed951083d649451537ed12f3ba1096be57e6b02062da8e10710c838a567cac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d798e099f6ddcb9a7f611938a18f820 |
| SHA1 | 1a7aaa837706429db9c6df2fe4dfd2070f93306c |
| SHA256 | 1f2547850fdc318cc8dd88b1a66df8f76d0c8dd11954a1fdd0a223f8dc14dce4 |
| SHA512 | 63b3827d1267a9ceeb50fde5575bd7005f8bc81bf15ecf3e30ae152a2655bacf64c87656dcef8d8175e79581adfe751431c195965358101e0174b5e923339247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a66db45b068183a65a2f510bb9255334 |
| SHA1 | 87a28c96777c7de7c8d0ab7ff8313fb0f46bb6e5 |
| SHA256 | f58c9491059f0f443a5c2539e5b94b89452698a02747cf5bdbead18446f7746d |
| SHA512 | f265455e308b31201e39118335b4d21c73e12e1351397d8dd0ac6e81a7e4e73c5e40cd7daceb52fb27e5508ea9a5f0196a284860a88c9e1b164540a635de8e3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceb88aa9ef34fd0ec3d02165fdc58cdb |
| SHA1 | 1d805b398248e4afa2c3b2a3b716aa8a1505268d |
| SHA256 | 667aa004d288ac0a2bd7091e275ce2e4a3f4a57da0917b42fb349f1aaf82a4bc |
| SHA512 | 36c2842e6f78e6cbfd710eef82403a4a41522d8e17219dd65f4ce9548702e9474112e74d685aa94e61d7c0afc51efe810c360e0dfe6d0caa7643858804ab20cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c367493b87b2e220af4e662d29750902 |
| SHA1 | bfab684c7ba82e7e2079ba4d54f347431c23d56e |
| SHA256 | 2bfa954f2808f870aa1e644a63cdd4e8640825d09980092600620d54f505c4dd |
| SHA512 | 3662e065251411bd4f1c56132a127d2e6f7b4713c7bf970530e9d2ba1c08635111a2ee8a7ce30bf0fd7841342c437b2e7af0176010fffdf1659f2ceeedf87a4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 496cc29ef80719dad75af83b811b07c0 |
| SHA1 | 278e8b7508e60ed83c4f17e7ca5bcb14fae42a9c |
| SHA256 | 8b2a8b99e809758d6943afae68c36f90e8399f997b6c61774ced66d9d2cf14c5 |
| SHA512 | 4b14bbf06dbd2d2cb9f6b6c7cb029fe6ed9eeae21e1cc63daa5e446bba9a075dc668f5d997537dfaf535ccc5fbc90074801d6176a807d55a0ecccd5aabadb335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef437a691589fc57053c1d882b652df9 |
| SHA1 | 31ae532d2780d443675992ae21e1672e3b2757f8 |
| SHA256 | 2d1f1353577499b4808530c145a376ab66a21f5201f64dca026cdf1bd2f478c6 |
| SHA512 | e5ad2ae80636c0ac05c9ed648536fca773ccd3a6b68f65e2ae9c2dd93e2cf6bb7391ef68e343b128f7c4e0c26b3913755cb641073ea5e0dbb4a74cd37ec96a9f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:58
Reported
2024-06-13 03:00
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b23aa80742cc69220633a349140fa_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8993581255026091414,2320949065434100734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fonet.si | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | fonet.si | udp |
| US | 8.8.8.8:53 | fonet.si | udp |
| US | 52.111.229.48:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1668_LYVHPDTVZADCIVGR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83cc61124b3d250a82fb8549e7b02aff |
| SHA1 | 7312f36b1772f8ccf9fc3f687ad9655aca5b7728 |
| SHA256 | 50b6a0aa75e03d33b5e345d9544704cefcda983b11e8e8782dd9b2f1611fa70d |
| SHA512 | 2f4b436447bcf35b718a5d1a0abbd11a4d52e84724e4d5424f72b9dbe7d2ec235aea8757d67e54905fde23f848ba423f44d8f7253a5d319631dd05f63eb970b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd05f4331f9c7722b18069567358431b |
| SHA1 | 0f77630546ddc93d33cdb9d9c8ca1de6b2f909b0 |
| SHA256 | a923f9fe44077c68d49ebd9fa904d79aacac1ba1bf5cb57ff57d61c3d24617f8 |
| SHA512 | 19002db6e1fc444648ee9d2206857d1560c40b81ecfb2ea6413b19dfe7347da4f967552c9b452159b344e5a40d931db45f5146216d4c31f2b31e2c5ded09cae0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18d8f33a4ba5c4d95aa9ba2dabcc27f9 |
| SHA1 | cd15466d8a765327a5328d17c50e36276598f882 |
| SHA256 | 7188f229148445b7b178a549a89b49c8e931026b5b9028881478da8c5f7b804a |
| SHA512 | 7a5e4437c80c3e584b0552489d0e1ed363b5cd82eb92095a319b9950e651a953940d7572dce2230a59c36df9f1341d08d8cf3d1e1648a984cfd27d1338f42c10 |