Analysis Overview
SHA256
f24e1d55871f07648a409942e364fbc7bcc94b41258604b5919c464ace3a8169
Threat Level: No (potentially) malicious behavior was detected
The file a3e6a5c85e4d05e2bbcfc51a1f68287b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:03
Platform
win7-20240221-en
Max time kernel
117s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051de281972e1d94fa0a82ca78507bd9400000000020000000000106600000001000020000000ce9344f4a32250ea994ce6157d8324512df809c8c46e9b81092fab8473149313000000000e8000000002000020000000681197513a1c29c7425fd34f2f95a6ee9b5cc9d27adbd454486f58ce450d308c2000000017860c1932e41098088c787b903101db4b214f8d5412f6cb14dfd54cb646e41d40000000078d6c93c0664110375eaa0993e1bf6d8407b35d98538f9b2c388f4424a327c15ce063c1789da003b48f63d650fe8d343ce9025c73ff6b25a84fe03c99f77140 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416744" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6514121-2941-11EF-822E-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ceeacc4ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051de281972e1d94fa0a82ca78507bd9400000000020000000000106600000001000020000000fc0b6f95d3d21d03a119841673e2bbc11d4910ee025e683f9aa14e77338579cc000000000e8000000002000020000000240ecd94790608f03f5ab1f70774fd8b32de5ec1300eb0c9e5dd997a90d78d0e90000000eab5afbcce8fe758085122ae0629552e7daf2b540fc8ce1623f01df02aef1e61b86b230613e4e2fae980efad5ec7639b3086ce6eaf1d5637c3d3f07312c84bcf3c70a46762fda868de1e0be4c6235914987f021374964db666932eac769dccc52d520625e9d77b1f22e983052e42fe46d1984d44abc32149f9ef55218d64ee78f3df882fb811b1b61e4fb901c9b9415b40000000588b0c5420096710fbb9058850f66e3e921989abd3e919e6957261fb7d17928c5650843633d8ec1394fd985beba8e9d355068632a4f372e2ac1a9b777fd99153 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3024 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e6a5c85e4d05e2bbcfc51a1f68287b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dgmagency.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| US | 8.8.8.8:53 | www.worldinsurance.com | udp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| US | 199.60.103.226:443 | www.worldinsurance.com | tcp |
| US | 199.60.103.226:443 | www.worldinsurance.com | tcp |
| US | 199.60.103.226:443 | www.worldinsurance.com | tcp |
| US | 199.60.103.226:443 | www.worldinsurance.com | tcp |
| US | 199.60.103.226:443 | www.worldinsurance.com | tcp |
| US | 199.60.103.226:443 | www.worldinsurance.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:80 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| NL | 89.106.200.1:443 | www.dgmagency.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2168.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar218A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab225E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2272.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdcf814f814d0b9b6d3442feb59d59b7 |
| SHA1 | 5c12a3cebecf2e5b08ad63e09af8656db31e687e |
| SHA256 | 0aea43ecb77e416501344763f89f09551fd2db57052cc3a7eedaedef1b9625ca |
| SHA512 | 635c2192ec735e7b14aacff7464e8b20fec0e9cce2441b56c013c1563db7f576ee764fc987425da7892947ce034bdb0f4942f9261db669df8269f869855d2cd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91fc9950fc8f4c23d2a417af27a15f8e |
| SHA1 | 15fb2d6e2308a4a2ef94138d7e0d20b91d24ecd9 |
| SHA256 | af42383d8cd8656476c3607b105d90fcdb395b302bd7c9dcff0ac79356b2822f |
| SHA512 | 2a8c26e15c22b541dcdc1c6b8058b15814673396d2a84dcaa10a2efddd3aac426546bc35ab46d4b1449b4e33036c984de94332af52a86411dceff6833d05dae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32e7cd366faebc971d4d2441109274ca |
| SHA1 | 431e2919ef29d9f0cd2dc21f2ca72cd45774b462 |
| SHA256 | d9673d3c213a8f334c42657b8470f03bcf378918ad183f2da6b0f96942dda698 |
| SHA512 | e58b6dc5d73aecbad7088cd2115f9c4b21e632a6e211b2ecf1154530b7216913f629e76b545238c98c47ba41873c33b70e67ef7170cad696e84a4279270b3a33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdf87536df4d4703cc138d9c85ef4a68 |
| SHA1 | a0b2d3a7c9846d27abd508f9c7499cb985861575 |
| SHA256 | 40e73c8b8f80f2cdfb63e0f6f6b5db2c0c93a69a33d1f85da4787efabe617a30 |
| SHA512 | c83755ff549cbed7b609898c4c2c731d5566492c4b991a111ab488e86d4e82d360c71c63726b63b16b4fdab9cd2da9837f085918c757ea6efcb83cc0ce38e747 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | d6a7b88a386adc5178eca7314e35a287 |
| SHA1 | 4eb74eb5bc0bbd50d81dd28ed5c82ce5f0aa6b34 |
| SHA256 | ab98fce40ef0160a25a9719b041cf7a9ad9359459caf00b9db17a4c9190b6c9f |
| SHA512 | 138017500f4b5bbf6bc3ad464d2dcbd4c0f9ca6a093bad916fdef0418a60f41338c2c701295f387adb1dec71918a41badad9bb2f97f48e2fb8f5e43fd40b3c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_03D1B482EE3032A122274428715A4E19
| MD5 | 4e21f25a0aae60f1d445eb9d7eb57e44 |
| SHA1 | f0cb2fd76cce300b22c70061b898567e0ab1b7a5 |
| SHA256 | 9b603e7b09627477f5a620153fcc841e3518170d62780dd0c63b8a5a07b76580 |
| SHA512 | fb0bb1cc66ef6b50227a1232461bd55c919b1216999c91967167b8e4397438360338f42da0de58b7efb673bc169c59b6d6af805915412d0de5d5fc21d09ef5e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_03D1B482EE3032A122274428715A4E19
| MD5 | 7e16331094533b67c37cb66302bbe687 |
| SHA1 | 7a242cfe486dff8d163c696a8c70d4b3d82d181f |
| SHA256 | 060461e9a9d5e8b7a106b0df94038718f7737bf988136b4afa002a29a7a1f82e |
| SHA512 | d12c5f279390d3d46c7b93bfd4097a741c6a2deb014ec35d897487be2c71172c9f16403fc1d300f64b418df23bc235141f8ef42da2a4ac9c77e6d6cc544b7141 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\2O618ENJ.htm
| MD5 | b8d60ab0425b864cfd7f357ed904c008 |
| SHA1 | 5980df96233dff4e31479efeac13aaf0d0f5bf3b |
| SHA256 | ff148e7ef744f914be0cacfb7c63756948d0143bb3fd957c7aec37a7120b4364 |
| SHA512 | 8fea69dbe73b91f9f85c5b4d85b485ff70e748ccb8bb409bb5456e7bfb6755346a1daf28db4771b083c42941dc0cc24509739c64a233a7c9ebfc4cd754408d3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 552c8b8f6f13b1f337e40322a00d75f3 |
| SHA1 | c6d0ab645308f0257662e0623043133d8db88986 |
| SHA256 | ffa947e4b6775d8926838828fb5d567f03212ee1d084458e9bca2515f5ffd462 |
| SHA512 | b4190a6fec3d233a2285f5011b92382ff22e510977831694f19ac3cc9ecae994f18f490f7acfd0e0f20fc05ba3af05bcbc073bb3eb33c5d1aebb34714e85a6e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 78046d00f1135a354017ea84a4aaeee5 |
| SHA1 | 242c7ff5bd062c1e8c1eb23cc498196751b4b3ae |
| SHA256 | a506db26003452379836e90ac9a5c63669487d062eb77a001e08fbcd272fe921 |
| SHA512 | 513aa6feed0bdaf63ecedcbee556fd125f9afe6c037e53930bc9e04112b5f5866c160c1ac1c2abeda4fdce5e42ea03cfc02866913307299e3b77b6161a948877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6071a0b8fb5b43b11f9ad30434cec06f |
| SHA1 | e4eec8f60fe263b7739e1b58997e060f3129e164 |
| SHA256 | a9792ae45fed3cde5436d62a9589ced1c776b865ac3ea71b5dac89e610213edc |
| SHA512 | 716ca8c3948d0a704ce16e89597a37708c514e4e7b9002a718156b27afab2e8be63d306b2efa40b14bc11de0296db155f6c8a35dd89cdc4d35aadb8d3e1d6b0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 911aa5bc810a5e6d8766122d631685a9 |
| SHA1 | f513507dbe2eb96589c3a8737e2645b1e021040a |
| SHA256 | 1cc823bc813602d303a43efb55e4bd5ca8807da0a98de4062f8bf8a4bf477273 |
| SHA512 | b266b55e25e25646dfa43b17b4b6a71340ae0854f737220891259543ba061b47c6afdab7bf4d9f38ef57f91473d9ae54c865e90544ccb94489b5543c5394d7d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b61ad722fdbe08f3e9c50496ac0c2ae4 |
| SHA1 | 03592f4ad58b6d32fec8ba17114702b7fa60654d |
| SHA256 | 6170a98ea9e9aa7745b6c0ff0455ecd68c4ca1229e2fc4c58c81714b369d6e4b |
| SHA512 | 606a8e0f13bc52632bf6e81575376ed96de7c7f1da7227f54e1e8e7c5d338b8bf7404c00d9bc3913689f849e8a250c204e96fbfd66d9d64ef9214a8598c32a10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c607f74d939d32b650859749eeb48ea5 |
| SHA1 | 9dfd299f0b9394af1369bdf1f21bfe705d50194b |
| SHA256 | 9f6cbd1c8a35d5db2504ea9cdba8acffe5a53f258032a0dd86de2f3d4d17ec7e |
| SHA512 | bad06db3aa162e46d0d463fc097e6e852353b543074d876da943877dba89c34d74449d9f85157fea81faee0dfcf6d003cc7927060013d8d322b2dbd5d0a96983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c576c31228672d1d06624a462ea29527 |
| SHA1 | e31c14c2958a2d752bb740d3eecb36bfa15e771f |
| SHA256 | 117d1e7ceff7b52ee291298b4772f063b570772c01d2fe3b99e07f06a4322909 |
| SHA512 | 462e9dcaa68e1303816e5b322bc325f17c5dbf74d601dbfb28c49d4d95310772c803a4b18a7c3ffd5bd2d9a53b2ddd49d40f1cefce04ddf8b2e04eb072fed3cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c597f60dc74893755600e19867c4f4b |
| SHA1 | 6fc99fe0c172ca813c1e8c395574441c75b61ae5 |
| SHA256 | 31e3667e1b65ed9c6c98c4ff1845e2a039b4752a8d561cef82f5ddeb502331c9 |
| SHA512 | 80ed53fba71af1ff4965b62bade1bc1b74ec7768a373973bfa29cc5aa48b384cea55fa6e11c9c2c3bb1989715a1d506b8570f15653b9c7ac44aced73c6e8acb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 110b6f0e701746f17c3c9cd4faee577c |
| SHA1 | 55472a672b1ea618697255b0996061d7af80a846 |
| SHA256 | 62f31b8e1f90c646293fd2064c35803f07ae1e2ce65dba3f88d0ce12f44070a5 |
| SHA512 | dac36d0fca4ca9f283c121cb07abffef00209f1f91c1005b0d631be08ea26527930314bb7caa551d2b745fdc3d2301e762e8c05618fb299acb6a67806823af3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79b0549155a1b9410ddb638b7294d8b6 |
| SHA1 | 4047c341cf61eb679d14c5e22b89ffa32a621b43 |
| SHA256 | 1836c2692559c96ab5b8e937a5325dc641fb558d2fd4b3cc0528bb770a9ec56f |
| SHA512 | 9a95c3d941e6493a992ed41b640efacc0878c1616a98d8903ddaf89461de192999e41899a18b32060d1cb68e11b8d8c61193f6591dd91f863079f2f5c408daf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 803a8407f18d22906e6d2ab9b635c50f |
| SHA1 | a7d0b5bad197e7955a2bbbe2936b951affc6671b |
| SHA256 | 37966b0a5aa2f43c124d5a8f4ff0857048c10c4a1aebfe42cfa86d4cd2246db9 |
| SHA512 | 944bbcdfb3ef561da47547629308ad4dd81a475ad626accfe493dfdcc34731f39ddcf866072a066e062e25882695a661d8720b8a0a45c83930e3edce136cb2f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36898819ef6e52e49e592c5f8c86f7ba |
| SHA1 | eec9c42fb4dc8961e3f80b92c792784b03ffa6d8 |
| SHA256 | 93dca207c5b63635a05dbd0e4912f33900b0b21893c646c02925be03bd939180 |
| SHA512 | 6d6ac86d1c845cd8712d9f6437caba1ed7fdc7bf51348feaa4fb45cd5ed3080062b2882fb00092fbaa407e60c276891ad32982626877306377310bd170ad5e93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dc63662b77bdd65a00689b97f7277f7 |
| SHA1 | b4aaac0020e56cd3d7b03174ba37eb4e2b0fe631 |
| SHA256 | b3f0ef3d2cbd3f03ff5a64b5f66114580f16f759f555004b3fda69625dabf875 |
| SHA512 | 4b7660e5a9ac5fc6d1bb2ae61688e2a38b43209f8f6963d2bef211e166eed13ddeaadbb9869aa53ce939055fe2225930df40dd6e51a0b82a7af0a6a021b41d14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aac97faeffdde7d872ac1b3ffbb7bb3d |
| SHA1 | 83b8ee9c967705b21d8dd69e4e43ee14d358e833 |
| SHA256 | 5a4a6d2476713ce41de01ce8f019d0720f00965fca9ace9739760d07fd653839 |
| SHA512 | 821805aaa4b777fa832c334921cf72fef21ff1a3b105c70ed0e6a65ff48516edd8729cb2c82ecedba3848aa8f3818c32836e018efa403b1cfcd086c83fb0f13d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1c71625f0bb6a2dea03d368f9960dad2 |
| SHA1 | a30e0ed1418f993d8f52c151a659c8b8d449fa15 |
| SHA256 | f9f443668ab882e55b9cc007056690a4944e02256e4f7aa70ba150fdfc0a9782 |
| SHA512 | 098a931fb446aa5e4a4c397b1a150772dd2fc10845d5a25e5458c4b644f7c61812b268c57e97cceef656ab6607d50056bcb605184a1c3878395b9e3ac4eda73f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac9c8025d249e7eccce22bc278a579f |
| SHA1 | 9b1ece83ae1c9a7244413ce6d03ab7a8f57486cf |
| SHA256 | 2664a474a23b2ffc6b5d7adb9b71c3b7de29557cdff21a9fe5d59e72c056bb6c |
| SHA512 | 466637efcea5c40f7a25d56a9a323e51102ea16037b9b9c8b3b8b2ab360cfd500a6d5c6523b2bc2f14638ccf59496b00770f67465c9d610056b737dcef58d8ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca359bf323191169311381c827fdaa13 |
| SHA1 | f0bc62659296d49dde79b1c30c81866d820f718e |
| SHA256 | f0b8cb5e24e2188956722c2c0d7b5be8fdf1767d401c0c485b83592e98af2638 |
| SHA512 | 689edb1b13e483b1edafc08a401676f5c4edecca110939e830983be6f6fcae16b23b482abab778b4e384aad474b1e3e559977eb7a5243db95f07503b5b3a3f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68f45430c70a98594f739b62e5940195 |
| SHA1 | 2d74f522bb2ec7835d3d871958a2e66afa1e89cf |
| SHA256 | 88cdc8154dd9ab13a440041a9cb9d07e62a80df92c319b8339c1befd91b1bc05 |
| SHA512 | eae5232ba0ab3ac58f07072efd4554aae158d626ae4404309f99d6560d8cf3113de88585a0ed70103f709066ed1e707e00243fb94a55a69f1fc58033d6a73178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40add8638aaac928d72964c9ec017630 |
| SHA1 | 87709010ab8269ef3f879b2f99f73a1d34e7cb37 |
| SHA256 | 086d2cdfb0e4935ab6a09c7f839bdbe57ed57e5ce549d7b90405b9ab864d56c0 |
| SHA512 | 8ffdb71c0d6128d9924d560595d8de66752b7dc427fb53b6162085f3159b49d571be260df2627b9b42ac1a87d8e11b53e18d255d2e08518ae2e26dd7417e5edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06e0dbec5f14317cef2cf5c615c00a9 |
| SHA1 | 99558023493430e4e00b366d7d5eb8f69e93358a |
| SHA256 | 0c2878bc4a9f72dbd86e32cdb04aca9e8f22771f310dc5cd690803d0a46e0d1c |
| SHA512 | 1d269b63bba4621e30ab97aecc99f862af918c3b1135884a44886bef445bdbd49053e4c6dfba90ca2cbe74bef6f0b0aa0bbab752fdad81b07571db5e4096e7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3d7bc030507b4e0da09e244fa4211b9d |
| SHA1 | 30f6c9441fe3e3ec18aac880421cbc9746ebb959 |
| SHA256 | dea345913aa90e0c925940dc83931b5c269ed3867480a3a87613b94796ef75d7 |
| SHA512 | 25ce30837ab9f6c75b03edc4bafb24016c850cf9683dbe0831dc0c712c0fbed833578127612cb49ab423e22d8c6104b1ad7b534f02d68225852b19d83061cea4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad6193030753b5de64d9977df89740a3 |
| SHA1 | b74f7b4697d054e38ffb1fbe69d28be7765cfe1c |
| SHA256 | 72f9ef92e2430709ffdcab76ded19f68e88dc31179245966a22fb5f3d93e456a |
| SHA512 | 9316be2fa353f314e33a90638580f1858f083a06e574662136f5eb839101790a018f896c750e56eaa7de650578bfbe8fd709a5d6e23d899c2d05dd838a041107 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cd52911f91300c7a53e45b4ab35d86f |
| SHA1 | 09fa2e316a801662671119dd1ae1a105e5279dcd |
| SHA256 | 485856fe948116c3a7bddff7a78ed7ba5c3feffb1a07c9c2d84d9bd32698c016 |
| SHA512 | 5d2a106cd6d90024100f34c8840b438de3c3f1bf45b89a64dfc4f3442e09f7ff235304ad5c96f83b0684b7b3b5ddcc09c19d20e007b64f48611d4a9292f2faaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29bfb3bb45345b32eeddf90fa8fa0bb6 |
| SHA1 | 13b5b27c1dc47158440aacc2882fabf68225e96c |
| SHA256 | f5deb4e2fae1b8f0bbee4f54d033637654c35e3e90066af5bfa53ababd584642 |
| SHA512 | 24bce8add80006e985d4ec3376581987b74d3c91faa993a60c1fcbe8b3ab2286e07eafbe7c22cbee4e58b62fef22b83ea1d379f7efe0f7277d22e823a023471d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:03
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e6a5c85e4d05e2bbcfc51a1f68287b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11342182380501438198,10955067225595316148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.livehelpnow.net | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.dgmagency.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.dgmagency.com | udp |
| US | 8.8.8.8:53 | www.dgmagency.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3108_IMMKYEVXUGMLHBKQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77fe1318bb96755e6405e4073d18af02 |
| SHA1 | 62f0a539afd091e823e474f76a237a1427db7ba6 |
| SHA256 | 2bd0382f94c15da4a77642c47daa5deba355161ed3c24e3cd416d4a69e6cd0d0 |
| SHA512 | 8cf2449c02140126fb53fb53b14b8673aa7f794386d0b5e4e12f0c4e9a7b81f01dd01dd74e4cd0e62ae9a18c5d9f95635e91c0dd6c0e38fa34283c712cc83e28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55264d460134ee46eca29ec8604b7675 |
| SHA1 | 589c505d60b2ef8b0340b8a23bb7fa787ee63ab9 |
| SHA256 | 201aeaa1c2a1637e444717e1bf803daeb71778b61e285721e95510928514dc91 |
| SHA512 | be292620c6b6cc9d4a956695a68273998b3acfbe2ad5a2aaab8e5bd890d9f2a27312abce42c980eb33fe12d8cca18b168642e577913c720a51c621ae42867204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ee522b1ec29f28464e6e9ca07bfd92d |
| SHA1 | 88a1bfc08230171d10f9a0c662aca6af132b6ddf |
| SHA256 | 9dfc6231f6a2be7a70c0f39e4fd7d760a35930eb7121817ae2bca55963ef9dde |
| SHA512 | 8cc1b5d436cf703f86908fecc872c01e6f92c80a75bc41356338cb8cfe633da7bbe5cc86577602c847e465b62c45a9f846c06911592f13d5d0d11b1b7fa9bc96 |