Analysis Overview
SHA256
cb4199d7071fb2349266768715e4475ba7e523af4c81d631e3397944ff796b5b
Threat Level: No (potentially) malicious behavior was detected
The file a3d64669492512b6c6d95dc701795d07_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:35
Reported
2024-06-13 04:37
Platform
win7-20240611-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{56D7F741-293E-11EF-9520-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ecd02b4bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000375960356e6ee09c9239c0ccbc35a3e5f8edbd0468794ad945bb2976d31ada08000000000e8000000002000020000000864688d653b0eaeaf0126365a140df4cf566287b309e0e84e998ea86e889a738900000004fca39efc490248036237f878ac281c3de4e71c3cf56553f4aa2f9fcd7ae53a34577ecaf7863d7627b0f0c703fa1b2d6b9c89678f7ff34bc9070d9078d5cb7c79621c5fd5813432071d6332e770e29754644e6b786505a6cdffcebab0db908d6882f42fee86e042df7654ee54c69e10119738daeaf6050f0f7ae6ed7846e1ab23a4df939af31a88bed3a76acb77bb31f400000001da01702793df2fc0ea26798ae4ee43000104abb6af56b092083bf7097f58565fbe2694ba97f7a2920e64358efb603a242694140690ae4f2c95e3f42dcf70515 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000092c1a49401ab9188ab7fcda77c0a1b557c3e450b8cfa0e93e25e6d52c87ca5b8000000000e8000000002000020000000555a7e245ee132eeda8c307b08316ee93c51efc59021cccc17fadd942208a5a320000000cdb3f85914297248ff9e3bbbeab6cad8c282214db85006b9687736ffd0846f3c40000000b33790df6d26f3a56832c8df238f20c233fb408420d9433cc6bbbf1d30a157705921a08026f680aea7e721221d6118c35e0f52788542572ec942a260070a90ae | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415186" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d64669492512b6c6d95dc701795d07_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.212.202:443 | ajax.googleapis.com | tcp |
| GB | 216.58.212.202:443 | ajax.googleapis.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 015b1f2f8686321059509bc5c7d83fd0 |
| SHA1 | 05e6d4fe8a600ba4a1c17d99b3bae8c5ef6e5394 |
| SHA256 | 3c5df028968ebfce9959c48ed2fcde856daf63f33e5dbebf9c2c3acd469ce985 |
| SHA512 | 34d69990f2c1beb6dd5614af1f19873d4d71b4186002672df882997d72481c61822cc8ed936258c9134d84f943eba81d74677ac3e690b6ac4d9e7eae4c04af5b |
C:\Users\Admin\AppData\Local\Temp\Cab316E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3180.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96964dc7d50a1a09f7d13a2183dca0f6 |
| SHA1 | 08af3c23e52b1e6e70e2271644349827940c4d84 |
| SHA256 | 305788353d6bcf7226dbb13e2d3ea35115b14bcb8038da579658b8b4bfa9fcc5 |
| SHA512 | 28a19dca9092f5e78212bda55f385d5b247a51457e2065c5c5cad2c009af4aff95affdf1b200edc80081c7b58d0f1f7be914c8f7b430c8cd60c02b31c80dd2c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f941ea66c1944746c441c57b3ea8507 |
| SHA1 | da60fd87391436f83f2ba4c5f582d7adc936b345 |
| SHA256 | 80e23a56564321c78ff7ae0d208ff5866e2fe47955d33de2d641e5bfe94f0c6d |
| SHA512 | 2189766fe2137372d70ad88e61620c9e687644eda77ea29edd99e7c125549a613e665b45ef773ce394cf8c2a45dea44bc24c6192d00bfcb119da4aa3e3526478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ce0cdec23fe319e02f9273c862eba2d |
| SHA1 | 8720c9f94378b642ca6f523e1a3d416c518cddfa |
| SHA256 | 2d4608b3b0e5832ba27d6ff49539d5518b877c666f3d6349ec5e796f670e0f28 |
| SHA512 | a697db03dff342bf0f134f91efdfa3e1ce4a0f22408048ffca04c961d88e850fbf36db529a5f4e672bb588309477dd535ae4a2c0584fe4da012b96fbfae16413 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 919978e48b72dda11ae036296381e2cd |
| SHA1 | 1ecef1eed705d3eb1c1700154d197f47a9a44aec |
| SHA256 | 19466f35fd64123c9505d160c88b02fe83419cb91f1c45385bc3b0c1f4bc259e |
| SHA512 | 75c4c864d89e40eb5586e4c75d6cc88d6e261a16fd982cda5bc203ea62cfcfae35fb8ebf8be27d86052bf8bee283f9024d09f275a428b7d4c0a2f40a7ed9ee5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcf7f4fac725c1295376e743fd1bcad7 |
| SHA1 | 574b5725a608f56720f6eb98be61424b6a6b254c |
| SHA256 | c211d348c9c4996b776c3c49ea5fb270e03105d407c90b8f89ea1334f5db99fc |
| SHA512 | d752a0e6974a5ec20ae99b1745349554dcabbecef281579d4e4c625fe80acfb5c1c9a24004ab7325e55f9b9d5b89e3127fcaf0d9aa07da734cb65af1c2b4058c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 870fd5f99a68a656a99aa6f9701f6cdb |
| SHA1 | f4a48368449916555295675edd0cfdd3b8dd7562 |
| SHA256 | efce0d658acb53a5a32fcc9df30599f320ce9313db98c15b4e2efe66a1c39190 |
| SHA512 | 131bc9157d5e4f524221e9d795fc6283457185629cf076938f78c472185825645c7b9952edc3fd3f51942526bca10f6f1c10e75b7254364ec0e5650880452ec0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0576ed78e36ab01078ad0d6ef934204d |
| SHA1 | 9236454a3a92bee5698aee4a7f8ea1abecdf8b1a |
| SHA256 | 03e00dcc1cbe16013f6880b14678319f1b3adbdd443df73267e7e70009f614fa |
| SHA512 | 4cb2dcb12998bc6216c44a44f523f7ceaaecaba3cc43ce2c0959ddcce5adc79e332a61e48271de25eff73070fded5fcb37c6905552ac0a5903f3d8ea02b1a6f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 022b45f6adbba615f3fd0be650fc7c87 |
| SHA1 | 1cf5be89dc11b16f04e99bf175b108a04e45befa |
| SHA256 | c2321011f7e35af27857261540c2ab249feeac75877ce465ae864b25f0ed058e |
| SHA512 | 53476a3d5d132ebad21513daba371316ba20ab2e5b4397b69fc1a931068657844c12843b62675c5a201da21b3d1f21a4829212879e0426f968f7ab5c22406340 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb2ceef7b38ff17ed40ef862b5e78ca8 |
| SHA1 | 0448ed212846b299a97b5659301ba7bfc0e73a1f |
| SHA256 | 903d4ea2c703130a8316d4124b75c53e06c58099d2125bf7ee7dfda4634f1a9f |
| SHA512 | 4af454db15df34fa09c2aa9645dc8bb2283dfb7424f3e4ddb7bc51813117f6b2fe58fa94562d24197c9be110fa294eb0055d1218b9a1e35ffcdbfbb683581cd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d288f380be6649fc9203df77d0389303 |
| SHA1 | e893c45fcf389696bb3a4f7cc0cb57f8969c450f |
| SHA256 | a2dc1039fa2e21bc77861ebd15f115edb057763ba16baf27f736635629d1029d |
| SHA512 | bdee048c1b91cf3951149d08ac1e45790e16a79baf9c4aa6d08bb4c7165026f9463556d6792a504e5456f8442acaec70844d0baa6b4e7225fdc60cffe8cfd3a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6302cab4dc62adfb0dcf603429cec55c |
| SHA1 | bc97d1c9abb3d07e79095265b0f4bc847e369862 |
| SHA256 | d4fda7dd5e2d615db5fac812bc6c48b0d1af6af7e3fa2371deb65f494da8f852 |
| SHA512 | 077bd4d0fe851bea14bc56799080f33d3349b22a8e877733a509ca5194f01d3c2d1603a0bbb36730e556590d6c327beb98e02064d201e242958b6a06926a4ef0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66a81f968d8898e0c6de054e99ce4559 |
| SHA1 | 43abdec4f5c7f6b2279d00acfedee6302cb9c877 |
| SHA256 | 05cef71c42e330a68f9d8c07d8616ea039478b44d54a2c6f08746bf933b93efd |
| SHA512 | 07b3d07723b0e6890d62d609bc4aaf96f08857d1035fbe4fad0ccb201f78320435d59827374c0e2ae0d0f3c48c8bb132d5f5f702d968feeae347083e62b9913a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8da640d441d5c8955dcdb23b5cdeb238 |
| SHA1 | 98bbd7c12b0365876e8c7550b791f670f80398dc |
| SHA256 | 7c0ff4cdc4028522429c59a98bb34219e3bb1262f9e01b87d5d1b6a88b31b37a |
| SHA512 | 6252f4428992571c1c3f044c5b0d999968eab963d15b89f5fa73671dfff6827dbe970249f4bac3ffc72767bced82f1ef42689b31c8bb2ef38fa94289a75f4052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f54be38558618b2681368601f5bfbb7 |
| SHA1 | 37f2f2fac380091872cfa7aedecda33238961b67 |
| SHA256 | eea8db67ac24573fd856e2517eb9cbec997dac36600f40c8c3c2bf7b140ad136 |
| SHA512 | 43d4c27aad8958baefc83b1df27817972af4bd428e161ed4fee46cc825af391e6b44a3b15e640008c81150d17299590995a735881206de18ca0e4a1eb7b2c3e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68f1739e28cf6fd8d0ae4388d5d0f285 |
| SHA1 | caa8cf76ad1c71f7b925992065c783f69c4b361f |
| SHA256 | d4c5c514b64bcabc7b5f0800b3957560c7df756a5fb716e2a622b4a26d058b9a |
| SHA512 | 1fa01fb02e7c73a4dc0808d3d8d53f73b378030a8a5ad91765997d5d7db44f184bb6fa121a6624f11ee07744795af7cefd5e3d90282450d39bd156f15a9d1ec6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0ff5ecd81fcfa9da304b03ab3c8a4a8 |
| SHA1 | c2f03ea0d630ae9b188dae1c823adca3980e69a2 |
| SHA256 | 2cf24b71f2e42208ed02e7858e23363efe876a93e73dfab26d473a27de6bf46e |
| SHA512 | fd276cd61dec84620327f76fdc2f952bfbf67b4ba49f7ad0930627c1fcaa628e8cc55f931aa4258c8b42117a61f16894e8a48313dcbace833447f6d0c013bf16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e5b9f471155a9c847c518f3c21d7ef4 |
| SHA1 | 17dd92e9a42f3512b00cd02272ddb128b6af498a |
| SHA256 | 4baa767debb81d939d3eec9e28dbb134bcb8dec59a53c9466971bda4598e9743 |
| SHA512 | 3645a5223a5078272be557bf59d70657334737199d2e435b40ea432e5c7f69c5aa02ac24fd2f3517a7ac7fbd689308563bd64a435074a6fa2d2218c35c4433bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f2cb06059e8a74f960222ad03a5bfd3 |
| SHA1 | 9f6fcf093bdd3dce2bd24d9c55fece8a3b30aa4e |
| SHA256 | 0c90188a5e95fcedd4d32276fd78f68f17466e0650751b1c811d5621e214d4df |
| SHA512 | 531ceb02ce02fb900ea6bcb938fdb7c811c1644dc5f3980aaa8d7d4cb4731043dbdba90887edb4f4fc866925679dc333dd41b014a6c1676c3727fdb7c21e2972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 715489eb35bce10d1bd3a5a2e48d830b |
| SHA1 | bb28fe6253ca0e1928f2b8195056fa70bde5b650 |
| SHA256 | 99d421e7e39d14b072a042de622d714f90ec8717c12ea4c4474932fab53e6759 |
| SHA512 | e8e2bc4a00d775502d6aad1752eaa0e4e59ac210cbf5639c1f40b13c8f8d486b26985adb7d993890bb51d305ef57ee673fd9e29ea836ea676b2b583eba7db05b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69288b65670770008c1423663cf5a896 |
| SHA1 | d3832eb23c899e4663e0c823e62c37da218767d4 |
| SHA256 | be7ff4a734139fa51826e4b9d1569358f3af7726e5c5f231779a2ad066f108f6 |
| SHA512 | 6accd89b51cc8f9a7fbbcc3a8e57cd7d7eff0d1a4084619c7cedc8dd0c81e97566ba72230d07239eb198f7cf248425a45e076c33feab4e5d037566797dd07144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd2df2a73e2eabf26b0737b2f432f66b |
| SHA1 | 455df961b378ef125abcb1cb0d2b0443bb7ba4e6 |
| SHA256 | 694b2dc55455642f0f726957eaaeb201e4e63ffe37853ee32cd78f60ec39a44d |
| SHA512 | 3d760b0e1072cfff2e72d5ae91dfcb619ddec42eeac79dbcbc41496a5acf22ac302ec429b8553b0796bf3b2d9155611a6732079d2519f741f4e2492d974c5dc4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:35
Reported
2024-06-13 04:37
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d64669492512b6c6d95dc701795d07_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b3546f8,0x7ffc0b354708,0x7ffc0b354718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1212_KIRXDQEWULKWYOAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24d66429ca42cd73b92ab01fa2f9bf61 |
| SHA1 | eff3ea75005fd919d1b37891c39c79c81273b78b |
| SHA256 | 4927e3f2855a2ecb2e41a464b078f22e9d0d04e8ba0baa73724d157f7a17de0f |
| SHA512 | b065f5f6b6acbedab7302bc3340684c301047af6e15f293abfa4268d7730409fee1a8123a2f4fc40d5275e3bde8c43253642d963bcb1e1df05a6f15a1e117670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39d137e09f008bf000116e08c5d476fe |
| SHA1 | cc328abb739486424996fbd7db2e1c61cbe368fb |
| SHA256 | e3d2c999f010c65cb4f017ca34a0265e273d8e87e905931125c41429bf86df61 |
| SHA512 | c6216b81837f910f48445fdbb6cd1708fdebd03c58a8bb9fdb096db9326c85f01e100949618aa5afb9161445985306832f2d8cba6dcb79ce5fc4931e66412286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1dd54b144e86ea853fcea67492ca4694 |
| SHA1 | 3c7fd2f5a77c46b3f8cc6a31fbe91bc7bf101f7f |
| SHA256 | 4c7e402f31dead0e9509afb596188ad62c130da6210895aa855b1bc4220ceaac |
| SHA512 | f660ff47fae7b0638c0fc034d2dac702eea79e731912f915f34c4f5978cfe9a94363a458936fa4436445f0e79552980ba95277032418b61650a7846f6864ce8d |