Analysis Overview
SHA256
aecad583a8113a2a9527ae379bc1dade42655e8f6438e47a41d54a484f5b4ed0
Threat Level: No (potentially) malicious behavior was detected
The file a3d44fc771bb3bd5ce91d1f956f731e8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:32
Reported
2024-06-13 04:35
Platform
win7-20240611-en
Max time kernel
136s
Max time network
121s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCDB40D1-293D-11EF-A5E3-C299D158824A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000001d2eecca3bff69eeabc253b8332fb50ec905d2049e98ad45163ef0c2ff654757000000000e8000000002000020000000feea84a3659b1b5d8c7c87a57b80e0fce0863674ae7ca1d54bc431d159f1c02e200000000b50535b5dbef20776e8db55c68ef6ff3f2c70320e1f58c31d3766ef921442aa40000000d1d92b52aaee24b3ed80c99c0cac2086c5d798c8aa22694a22eaf3997e9604374ec114d42e778330e162169489858ce777759b93eb93d3694a45219b9fcc11a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e133e3a461313dff80e7a3f93c4fa6c22594c814f3fa938a94a9a8bb2abccc93000000000e8000000002000020000000d2716991cb7769d1767166aaa905d1adc01f7d6b41ada695b62e3025965769d8900000005e734f938120d3efc83d0d965ffdbfe2df6246483605be90ade3419e7d46938143bf674b96a7704a6139a0d3670dd5116af48b8a27fe8564ed1d20f7a3acd85d2a44b155c84f5f7256be898608d7aa7073915339797a21128ff1fd756edeff524dc2e85ac12e745cb5a60b1f8e67f9e3a7d5810ba53450ea1d2fab6762c81a80013de720993a46867bdd26a146e074f0400000007b7e674a619968aae0498517bc66c4f4c7af89684807cc3c87d34e7253f3fb7d16523194e441149166ade49aa73e8acabf4c6abdbbb8c995053c42ea477c2ac7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f36f104bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415036" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2028 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab207D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar211D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 339ce38debf2e6082de8afe989b3eed3 |
| SHA1 | 7235cb3f8fa629b05dccd5d89d6c9fd718528266 |
| SHA256 | d638603aded35b50806824678eab9011fac875a11e6129398582b9a5c0aa82f2 |
| SHA512 | 6405eedfb89dd4f92fe151d64c12757b4ce616dc37e3e0efd8dd35b2aa7b4e3c71659870660c5f7c374332ca66fc5b6d8068948b1d009a24abdf5180834622f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5733c4b70adaf60f2a156e137f6f7f80 |
| SHA1 | f992d99b17f9290be25c8aae9124232b68351693 |
| SHA256 | d4898e49462ffec25ccda8469dae33ded856d1049ccd1e83a9567689b765b61b |
| SHA512 | 37ace590c249d3998da1dfd7608538159ca168f918170673c97be01830f7d85c29fed64bb3c3684bcc73089ebd78c99df9534797e9f9e7712c88d2f1a05c26b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9779d73bf30d9ffe597cdcee0bd582bd |
| SHA1 | ec3410d34d144c5315db9126a4f589a4d14f3676 |
| SHA256 | 8b94d07f8377861e6fe6f8baf8a2a0877594cab229b71415c34fd6773d3cf854 |
| SHA512 | 748a98c3094f2f4697cdac302d4be3251c12db9b4c5cece5b8ab0507553afb14efa758ae48ca018ceee79027ce3431b4857f4e891fb9c9097f2735e15b45b5ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0668f58cf07cc1eddf457387495b58a |
| SHA1 | d2765b5007bf4aabfad32084694fa5435ec45662 |
| SHA256 | a3c42a4d47aab74ebf876776d3731100211951b95bdaa99a46d8bb1f39375b65 |
| SHA512 | 1908c2c255bff576e962944021df5bc99af18b39476e4d0b46ef25054f4406d727bb1406010decb6a9b727e785ca426ac571f95809514781ca710680f742c8e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de1790f41866a9a3b9e23353d9cbaea7 |
| SHA1 | 8864f11476cd74f0503dd2f7a02cdb676c4989f3 |
| SHA256 | 0f03373a95501def325e31bce89cadb210a35aa9ae7d0ec4fd2a0eafe0e42c60 |
| SHA512 | 7d771ffd2a53cf5ff4875cca342d130681fce57aff3af273564a482b1181e0b8a779607e494293804a507b14a90f7855aa7b82667f7f1552a66799caff7f598a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 805d54de938647559e63d94ab5c589a3 |
| SHA1 | 48cf63f44c7ceafa1fe88095077a58aa4ce31b69 |
| SHA256 | d128f3f792d6d81036e33b5692d1ebfe8da8fe3c5edd019e1ce2a4d6c36b8250 |
| SHA512 | 0905d9601b960e342773bc005552ff9d1240853a218343888e9bbfacb04aa5492f3f8c8be5046ce24b8e71640a831d4c91415cba19d05e9eb7ae41d683fa9d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e66117ccccfe8ed19b3db2a68750d454 |
| SHA1 | bda5643ccdc84c7f075e325c746bcdfcb4199496 |
| SHA256 | 777ed5bf1fe7d5266c3d61e254a6a0b06a5f999be8e4e072a2b0f94f98435b6f |
| SHA512 | 7037ad9b47f4bf6c5acac83e1718cb0db2f1caf55e743e452e7dca5fced8271e4e1a6807717466f6aade691c211a91078e13dab9a4b564eeca3ab38402182892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b46daced3b096e9ddc1f8062a4097a |
| SHA1 | a61825b10a2e127a507470f197831bdd65b63e24 |
| SHA256 | 761ae38d3c5cf2fc606d01eed60314109d610c20697912970a9262047495ef92 |
| SHA512 | 94a442c7266826e9d0ac93ebea91c68bcf29c201f39a534f952f37680fe0ef035b7ea686ff61e9da09b589ae3e5237cf1ddec39af21f3b6c84236cdc195c7656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d8c093d62503c8760bb2342e02dc1a9 |
| SHA1 | 4f2200ed1ea42e6ff5db3cd566fa6c360dace6d6 |
| SHA256 | 6f267fb22e7de0e5957ee729fe5c55808a702116df7e640ec9199d9f96c70ea9 |
| SHA512 | 09969fae77ba077401a1e103b4eee0fba34e4c2c30dd7eeb665339589990968d4dfb8d981b43bf2a6becd8e7ead77c7ae411e390c05cba1f6271eaf7e827bc19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4ca2ca8f7b06f0368bf321280562099 |
| SHA1 | cc5627f21cf75b7c6dc6ed6322586c39609d0a5d |
| SHA256 | 95ef61a1ac3b56c4969fb04f4e2ab66164d4fa751b11e96f2c2e3e66f12fb0f7 |
| SHA512 | cec6154f38b69f5287a72ddd43e7c87d8701547a8e19d8813d176190f3bef6dfac0a5aafdb8e14cd1ebaad26b908450a17ec54d8a74c0fc996385396654a4d20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f84b567a9f7683d456427af2183e2e68 |
| SHA1 | 370296292fba61e7386a62035aa8420e08ebc711 |
| SHA256 | 64e229eaa82902861b5da744c27b26321d0135aaef53c2d52cf0bf283d992b41 |
| SHA512 | 7fd4b86ab234599fe87ecc8a475ad39b74c6d14c8c107b3828cf6715610054f40f6c8d3a699b2a56d3fe703452b064febb652caeeaf87e04e325b17d26777305 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312e573bd35ac2b9694527b2d17b7b70 |
| SHA1 | f620c1a3dafbf4b69e134801d5ad2a108a77e5a1 |
| SHA256 | 0730c0334cc3fdc398e479c14a76cdf1fed0e9eda206520dff574aaa900928ef |
| SHA512 | e0aec0f5f1e909c520c14cfc25b012a74592ec55eb87c05a39c18ff9b34db20ae961890f2ea12a1d069efd1c389e3cd807edb620fdb31a2c90cc991758611c77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 955d795445092e5fb5c8b0e9e611c1c7 |
| SHA1 | 7a33245a96fa98590fe9ba2da243c981495a5f11 |
| SHA256 | 3ddfa67055ba668b4fe4aa190b99f90c586b1ec33c262d0a31e3c037603c79a6 |
| SHA512 | b674b953a1afe76bc23b7417aeab33d954837b3b96bfee96fa2ef9781d1bf5048b8913878b44afbd985e87f3a9419f5c74f07e6c56953b45df227dbe63233e61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f64889205233d9d99195125b772fec2 |
| SHA1 | 0a7937d726ed8ac64ed34ed544dbcf3179c82155 |
| SHA256 | 06678cda88c7a8626d03329df39c04bddd2c9a5b0bb00ff4c6f5883ddfde0e08 |
| SHA512 | cabb1f47dc9320af63bfbe8bac22df671bc1fd616d3db94c2a369fe64f3922fdcabbcb7d939f1b5d71f2db9941fec5624651213863a1a1a6bd66450f2cfb2349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e047b60826846313fe60601ff4ea630 |
| SHA1 | 66977415c20bebf84155025b5b0d0017c642caba |
| SHA256 | 1c1e8b4f3231bcc3aede07b3779b30746023fc0aee40aa3940aa2b2c8aed668f |
| SHA512 | b71f0aad95cc650114940becff1037d9dec56516343481c127d32de5dd8f606b9282e9418d2d49c8bb1ac2e0685c61560af477a8434af94d9b9faa9d7440b5f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a72e08cf193cc82e655fe0c28b4c1a1c |
| SHA1 | bfd0e636e3603d24907204fa797c610c5210b486 |
| SHA256 | 2fe7cdb66060360a60d7a17d5d2b43eb5730878f4200bc4cf20f87d69bf9e2d8 |
| SHA512 | 013bcfc35d57730a752bb81abc012cfe238fc01d98293b735d5953149b2a702d774700ae163ba0ae0797096dec63a8371ce2ec3024233210481e53013db74542 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 524769a8c149861b11d75d015b1a5cd7 |
| SHA1 | 3c953957a9db55b72bd3a1b1745f55b6645d9b13 |
| SHA256 | 8410a9ce0767ecebb959fd15efcd270c626047001608269e83ca38e4109b5e59 |
| SHA512 | 7fde2197ae022a96335eab572e40018c8d2fd5bab40166276bbd2e9aa4aa75ffb929fc198e718ca308f6cb5b4daacf02b16612a7ed2b713337cba3b2d9f50622 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4802978911f8bd10f89fb7cdf9e1c74f |
| SHA1 | a582034499cf1169050e1e674ce5f4f32aa0f8fd |
| SHA256 | 268916bd850294540ca642e6cd5f1aea1666015480790f05c63d045e493764b2 |
| SHA512 | 240aafa7a7d89bbc02a71082a31a2a4ee9c21d84ad90f5b8d8659fff4723c70922e6536c76a6211253c7b5bdecb455d112c0389f5ca20b3cc188095cce353ee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc5ec5f533e8547bb961f1589b1a035 |
| SHA1 | 398606bb5b34e46342376cb649cef959dd207535 |
| SHA256 | 88838e717a40398846998192dc81736489f323773848743498a3cd6404bf17a7 |
| SHA512 | a7c3099ce479223dd842af89db5536251851a2c86068f69d7104755768d833850fdec078eb698b33b48565501c1eaf921a618eb9d83bcbd1331ab17e667587a2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:32
Reported
2024-06-13 04:35
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4dd946f8,0x7ffd4dd94708,0x7ffd4dd94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4353700247709760266,17613460805171346479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2728 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_940_EAZMESSSXHJOZUCE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75a43af87ac6302143c51ec1616cf36e |
| SHA1 | ebdd51c06bfcb344260791a430834fbec6cdfe9a |
| SHA256 | c12fdfdd2d92c2da47dc1142d35c84c7362b77330806df3c5f157ff0ee481099 |
| SHA512 | 5c21cd5320f0f07f931c2f02895a0dea18d644272b26f0bbee7c144834d60efa7976e4a3c93e2e81d1c505b043ca215cfb308ae5f899aa3298779172343191da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a398ee15ad1c1175a9875dd094b1ec6 |
| SHA1 | 9f73e18c642d1626b4982f8240689a72c5f47711 |
| SHA256 | 8e312f4ddfa91bcbc1d07f1ec26e77f0a33bd84838754e7764bd022387fcac65 |
| SHA512 | 137c9bd2f9579b0189cb6e34e585e8cc2ab0c6f23256137e1b234cc75870f2650472084e90a8aca3343ce2cea6468483e54103ec42f937fc5024bf18b646f98c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a7c0f44af377055aad10f86761a4132 |
| SHA1 | 7ee20c8b68d49d8c8b78dce2a5eec57e0ceebe15 |
| SHA256 | 870353fea13050155e47a68978cae6e17d83bee79b65f2cab027d046939fcd3e |
| SHA512 | b354da5bdef8c47019e2c3defdc1370c4c175c0bacd11399082843c5e7ac7543dac08948715a63cbf19ccacd721af936a510030a3e5e4eb1c00f7814be34d2f0 |