Analysis Overview
SHA256
494fdffaa96af66d75ce817340e76e171808f0459ed72dc88b06ab0fb11bc653
Threat Level: No (potentially) malicious behavior was detected
The file a39a6b1f57b226d884b27e2c9a921300_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:57
Reported
2024-06-13 03:00
Platform
win7-20240220-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409324" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0355161-2930-11EF-9680-DA96D1126947} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000736ac7d963e3648b1ebdcb8da4a0a9000000000020000000000106600000001000020000000d12ba495b23ff00e59dffb075c9ff96043786bf17f0b878d4eb9bbc6bfac327d000000000e800000000200002000000078265c1e48c9859010fa75ef174c11f6ba7ad6de03ccd5b9dc2b29a2508bf92820000000ef2267b67393d3a1d00bed1c1c68a129f0512cd955ad17f6a3de1e854006dce64000000049a96aab0e5a4200510005992be8cc86212b34a4c76bc940795db938afac2d3bc50ae001b52f083a6d198c398202f2a12e7241e2ed0cb579089cd3c1b9b5f375 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e070f8843dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000736ac7d963e3648b1ebdcb8da4a0a90000000000200000000001066000000010000200000007851caf6161b8acba95982ab20b8da4a57ad4bb10a2db1f291420c3616f05406000000000e80000000020000200000002a0c5b9cfdb2339aac15507b71f53fcad8958538f0b675feb8c3dbb0d271b4bf9000000055f25b510a97bc35276cde9f7c4a8cbef94301908faaf49d038b0f76140e3fb091adab78833c6f3770922efeb0679380869577097afb0380b4ceac728dedfb0957b0608d92320d8f081dfe9d3b7c4c208c7414cdd002dc57929af7fb31e07c811ed57d81b14bdbf8c5ecc3d3b1b3691c50a128b0b1e508081d6ffa18688d8e9fb755361bf44aed899f4251e1babfcfb140000000b309bd390714de916e0f8f120bd8b4379b2e2bf06b3b1a58af56f58cff8ff33bd6008a8f227c284160967491a68109f1a5576b969b69c1cce270e7ea3d57c9e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2604 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a6b1f57b226d884b27e2c9a921300_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab405D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar413F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4960943ac973edf74d5175ebfa92b694 |
| SHA1 | 20fb597ffc1e638d99380884776022e7f0e60814 |
| SHA256 | fb20aab8cf405fe4dad324282b3a59b183be6add2ae985cc71b94e458c5ed899 |
| SHA512 | c96e04932fda613d5cdae45a5e2cafe7b573d25651d0b56947d7f820e27625a3b5719ecc68bc1ad34e6f4e4c6b757365e055b92e3422d483b1f7b5b20229d646 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6d19fb6ed61c97c75d77deb98142612 |
| SHA1 | fd5536d81f0371b5763b11551a8ac8f8f2ccc0a5 |
| SHA256 | 8b1c184eb1829595af57957a899f2fd33eaec656a46d0109acd6ac514ccd48c8 |
| SHA512 | 0fdf4dbc681f63037e9a0cde1c40410a2b8900c9f72cba849420c86b43bc6d18b25e856719ad18c9c3f829f9ca84a3b0fa217e62e8ead94e0844d8324b7d8402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd199989460746dad98f85c7f9aaa2e4 |
| SHA1 | 68991d7fbb0922d4fced3ed1210448b7507e8f12 |
| SHA256 | 62bdacfd3687eb849976b90630bdfb7f31e5d3f67bc9aa1c98fe8db70122d860 |
| SHA512 | 1dc07873faa986530f958f0bac3cfe9ab23bf41b00cdd5ec5be30c17c64d549835dd826e4e6c5e16b262764e4cccc2941fb74ff127e486ff4ce7311ce27fde27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d514577a808121de349d4c0fbdadcd3 |
| SHA1 | 7bf4e6ef980e1f123931e6a1be4ec3a3ba1f13fd |
| SHA256 | 2a8befbe7864418234197470f98e7a397e82475ed439ed3be0dcdb06956401bb |
| SHA512 | 025a0a1fdc7aa53adac83b006b2e82ab98677082a2aff8455fe1678c0fb8b647a79e8b57ddc16fd7f2aebb44b655601340a4309bdc460ce0c965b2fb3efc540b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 159fe8abe0efc68c0731970748bb02a0 |
| SHA1 | e8d31a4547ac95fd2d76c339ac5412bcf991b65a |
| SHA256 | b5b94dff564181b34b0167c2bf6d660ce0bdfd88e3690f288bf731e1832ec8e4 |
| SHA512 | dea4da66713d74e6bc9991a6993033d29fc5515451b01f948e0e9156529de30bf374914907f3cb8019e70786bae79eba4e9008d76033f8a67ebe5011885ce6e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3410511484c5f3dbaeba77e79a86300c |
| SHA1 | e4877c1af0d1f74ade77f34c3fa28cf9191027fe |
| SHA256 | f4ef36a371145170489d6c750bcdd58c83d97467bc5c2e08ecaa0ace634bb17a |
| SHA512 | 6322f471c1f88033bdcd5b6dce9e4d3396afdbf0ba20577d2c94cb651abf615563c06885a987c5ebf7e60fafeb31fa15793311244f1cc9b73ffb7ee51e15d2b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a216b9eaf4dc8ef308bfe07bdffc1b1 |
| SHA1 | 2545bea8e0e7f4a38045eaca15be51793ec819f7 |
| SHA256 | c08c45a2ceeafc4be8b7922f5573c83ac247c0ea1daf9da544fca7cc7835d4aa |
| SHA512 | 696cb4d34990abe7d286af52866686b4d43e7000aabbac942f3618e33111aa60650c51c457202e649a7cb964a018e707c3a96b451879b8173105cd484f8db92d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8497a8d9334e830db4ea5b0e803ea5d1 |
| SHA1 | 988d3852f279ba113ca26ffd69416b2dbb2c1e19 |
| SHA256 | cca62b7b05fcf3080d90ea39354e42fe2108c5f3b1cb61563c7b7998880a778a |
| SHA512 | cc7086adec3c2d31256cc7fc8d0763109cd412ecd66a72c2fcd5974692b559caacf6b9da84fea2eb1238ee98b3f25eea5c331445a72ca39b1be01e91e6fb4b9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 797037a59669906a7b23e014497f7f22 |
| SHA1 | 5750d01804f63288c02c852227de1d03e4a38290 |
| SHA256 | 702481cbf30436e3b76078fd41e8a5ad9765172c09e82b9e5fae2685af06034a |
| SHA512 | 0aed344bf82c71b893912318af16296545b82afb23e9efe6a44ddf074269b8558cd42d0ed02ba6e62e10b38af8331cc58e12cb4fb6ff9016b682814f21ac22ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d69fb15011f1d180482650596b7782c |
| SHA1 | 96ad4dc64e42d7eb27d638f4369bd4331bdd0273 |
| SHA256 | 12740dd07c8594b071f13da0f56547a32aee22611f123f3014da5e8f3ee47d90 |
| SHA512 | 361e280d93151da068dd4e4e73a0f84c6bf292a6fd88aa1a339705cc725e61e523e36344aff9a8d0c9f1cc7373c1d54142d392d15499fdd0ab5c1ab3e2df29d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 676ce2a0c8e2135868e8e727bca18847 |
| SHA1 | 3e6767f075068a13c2649cf84ca731aac6e9cebe |
| SHA256 | 50dce3998d56f7c4437bb6cd62cd43e519bb069813acbe3bbd6c546a9ac591ff |
| SHA512 | 598e982006af3637fc08964c166419bcc5d03213c8675032082d4ed5c3a05548da76343d5bc0a81922a9b0cfa4214418d5a4a3ee4703cb1009ccf4889369a536 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f0015696a7943af80fe671289c10e09 |
| SHA1 | 49f86e4bbc1587cccd51a1e3ed719b876c000751 |
| SHA256 | 8fd3e3cf2e1c72cab2d28859124d23d0cc05a570902905555b2f4960f4217a94 |
| SHA512 | 2c9050f478df54d41ea134311d0ed29d57eaaa8b0e7ad18260a77baa1d1cddf4048acacd7ae517dc14effa40600a7fba56ea1b97c4f6c3cf55bc4252645f0a79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea6edfa3fdb61983e85c31dd4b54852d |
| SHA1 | 8fc4328d32d7838634eea49acb5b1983cb7a7a34 |
| SHA256 | c3d0bef6f0dd1cffa7cc8e74a7a33b38c31b1026e00b8459cb7b15a26a6bfc13 |
| SHA512 | 02f1f736c7a2a56d4c7f206eac3e6e19b01f254b76d4d83a8470b56dc90158cc3a467e81d2bdf5ddc9d6ecf737f5e048204ee9c6e72851ed8f3a908e74dbf116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da095e1165c9c15ed85a6566ba3bba57 |
| SHA1 | 13cc03d9a47a1f470ebcb1212bdd7ea61f66aa60 |
| SHA256 | 3050cb2247b909e6ae2794858884712588351397ba97793bad1b6b751121fc8c |
| SHA512 | 21b7880b448fb6fb6e5045a5481c5fb64f38e424e9001a161e4ade4f7ab2d219343764945441f2c3d7cbb5d15300e5d472b4d29c7373550ca69d51d9741283ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60525b2490f595c8a1b1580742b1978b |
| SHA1 | d48db758ffca17a34555e8964d964a5f69ef9d99 |
| SHA256 | 66c54730ddb41918c2685c3947700733eac859f614f989371f5882b9ba2de223 |
| SHA512 | 2bd7b21153c680144fd1c9a30a3a030be236f5088b383b05faab9d9b44f1c71e5a0dc1dded97be8f2d3b0e9d59397fda632be0e2a7bc6f379742a26089935492 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1e605c798a2ef49378b79917e87c255 |
| SHA1 | c79371837a161f5a5c175ddb6a6c6e44cc279252 |
| SHA256 | b46b72f5cbbb7fec6cc2fe26e5a82ba17ef691abe67278f672f3686b6574d31b |
| SHA512 | 6f38acc84b3244865479258a275f4e3654b06e55d6e6cc2f4f72a98f4db7318d483ce1c28124efe26874978ff127476e86cb7764ebd61ed54f21d0b4f33226ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdf3a15696ba476fbec0b02470a19f65 |
| SHA1 | 8362e013e04026b180349149a92182db9880a80d |
| SHA256 | 07db29d234eef0473362e5ac26a1da00e5513c359c10e56bbbaf112deea82eef |
| SHA512 | 6e154bd98a3ada76143b1bf73b0891aadcccdab7d7c56bc85a1e594d75cd0e9a941734b443bfd080bbd8b412155ba14545774ee1d6bf0c0023357ddb613de5f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60d51eb2a601d505196ad87c898e1077 |
| SHA1 | a09ec0c345f060372e333675450fefa94b0272ef |
| SHA256 | ccac548c6786da25943ab1534686a63b6a392235b0abd0d6c0c5b36fd3fdb656 |
| SHA512 | 9c888aed816ba817c484909e596930138ea73dda3f502c6039c8eae86ba138f6ce422c8e075c11c5d338ec7714a768cacb4a06303e229652d7fd5fd4415d778c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa2c5cce6e6cff0bbdc3a1bcb50b042d |
| SHA1 | 60d7eb0f63bbfab1423a4b339b1b6a33048f9291 |
| SHA256 | e73fa4b9c4244b18d164394dffb0468b6a78dbac053e8a54973dc1afbe756aff |
| SHA512 | 5186589e87a5e2a318256f6ec76a2b22d2aab7454c4a8826be497f23d39e858ef2629401c6620e75b76bf97802e98604a1db96887878602e79191245821718d5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:57
Reported
2024-06-13 03:00
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39a6b1f57b226d884b27e2c9a921300_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5122079225571287413,2228832957256318565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_468_LSVERREPWQDDVWBX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84c5307667919177cfbed097438804d6 |
| SHA1 | 9d1b1b54597853a9c41abb3146ce64eb0d4fd9ee |
| SHA256 | 7f365d131ff65b582d674ff6657ab153bb6fbb524d51c679b81ef062c2a86f2d |
| SHA512 | 34481725fc55bab01adf2c399cdbeaff72ecfa56ceb0bbd67eaaf46dd553eacbb72005fddd2e9d880f7333c5d52df3976f9cd1a67c479e7cf7d81ee803575a53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cad201be-d878-41be-946c-d90c5505b4ed.tmp
| MD5 | ca9f957caba0c1ae93a69b9e29354cca |
| SHA1 | 9fa207897612e11febdc6d3667a7ceb39a619093 |
| SHA256 | 7dd614176a448c4b8506ae74404e7db283cc55dc84b655cdfc847eda1bb7b274 |
| SHA512 | e4238a01504457bba39e59751e419270f7da56538e53dd601e365d1a55e8bdcf3128d16a31cb92a02195a337d38ab0b4b61ebea1264c2b0f65b7335c6613e94d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12a84e5c5d67158728f790904c01824d |
| SHA1 | e462783570e65e14b346f0d6574672c4681cc5ce |
| SHA256 | d83fdf27543d98880e602ad6687882ea749319ef7bd4083770c0c0dbc42ddcbb |
| SHA512 | 035566a61091373ecf6f8950c02c90a2d50cdc6db3d5f0fb289a6cf225333485babd330faa59cd8c6f2f79a1b6fc5ec2bd4b3e523a5b6280ccfc96fc1df55478 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63e94862b42530f86676ad4d8dad984d |
| SHA1 | 3fd2230f79711e641c7d8bc1fc8f6d671319aec8 |
| SHA256 | 02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25 |
| SHA512 | 8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff |