Analysis Overview
SHA256
4bb2863597419454811589b802d4d625fb5f4b1ce6a78e44f1b93444d2c2885d
Threat Level: No (potentially) malicious behavior was detected
The file a3e6e150572af06b3567993a48059a9c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:04
Platform
win7-20240611-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000029030735581f818bf4ddabe7a83a0da095ed4468282fb0f66a92c81be363c764000000000e800000000200002000000021bfa029882f34fd277161b8a4e1d64146a3b0278f025c98031c869bc019f1e920000000dcd82fa30cacca7a8f641c71f013696cd3092b3e6fe07d42bb58b70deb37e56440000000628eabef90f379be1cc1ea88d5f06dc43a1ecd32174b633e947ab8ee039188f0e2f74ff6db85584b3f4582275d0be1ffc45efa58d723045ae7555b15c1d4f422 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0841fdd4ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416773" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{082CD171-2942-11EF-A490-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008786ed2768ccaf81a1dddb895a2f7a81cdc9b505e57d3452e79f99a95841cc89000000000e8000000002000020000000ff82c8a3698f4b06c8314f5b86df89bb6f7ba9eae5abe2e1fdff0d6b2bf4dae490000000b586fa88c777b91286a79764774f8a8b6906c4d696e6fbbf7cf2f035166d70c69877b2f807c2c31a8d1e3fcfcf3193e448915013b13ce6f1d38362df2e9c043ce16df6d93fb5f7c7733f345acbefa449e239b5f39fb6bb6d205015ccffcd40cb32af40db4a5270cd8fcb6c4ce1d10ac2c7455271b268d56292dcb1aa596c1ed00e3e21dc25d7ac089dd1d5112db93a3d40000000eb6874bf61c9307a2a04a6771e554953dc033bd6376bfb83b272933d54ae4db968f543940337903827cbed4e451635dde9f03802aa21bb44dfe1863bca5cd101 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e6e150572af06b3567993a48059a9c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1784b891d9bd1017ba62145a5f00f42 |
| SHA1 | ad251ad9eac21d2624095afdea25c088828d4b3f |
| SHA256 | b19d1ad2f2f74ea052cd92eba55f35e85e194e721342e9633cef3d81087c78fc |
| SHA512 | fe402994431d064d93e08e6fcd96c47c4991c84518db089467daadbcedbe3ad5a1eb32ccebbf5fc05acda4e4b74e0d2507740263d67f248075b2fd77000ab0c1 |
C:\Users\Admin\AppData\Local\Temp\Cab2676.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2677.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7546ea7f8a6a366f5386ba5e40aadbbc |
| SHA1 | c6cc8cd660deda7333e5e082da4469116c638ea8 |
| SHA256 | c6c0a8dc06c266731ef2f4183b1af0af8b7fdaec83170ac1ab30b17277991e37 |
| SHA512 | 969458889cf9acf9e9951b07f1bed1ee883027bb8690b231051200673cfa912bd4adee2604dd97e4ee0f39bb7e565c8cf84185ace2012b6bcc9a320c7a8964d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 075c00a84db10be70decb83fead6ecf8 |
| SHA1 | 527ae05d726928df10f70bac49f15d76bf47afc5 |
| SHA256 | bce64a9f1c48e7a6e3a6dc6c1aef519e86c4fd2e03d04f59b724bbce8cde822f |
| SHA512 | 88f6a38b90b6e9f87bf9fccbcbe63c489709b8537246193079be979f4f49c03d8e5ff7cc96be6447c31648a3cfcaf2dba1c9a2a554008fc474be209ef583ead6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 436eb1627ebc6a4a85db388ff1de40fb |
| SHA1 | 7740f3e484779bdf6d662937b0462128d6789636 |
| SHA256 | 1a64b2b50c2ae22b4409c412cb0c0e4a33d44e8d6b0b12c10f3a364cf6b3c7c2 |
| SHA512 | ec0cfd70e4452a53b0e528eba3c58e4565e094c8bf4ac7e8e6f1199ae05adba5c1229639fccfa4803a6e963b0e4eb6716a621060132ab45094031166800dd436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 040b3669f8dbe1191524467a63d567c9 |
| SHA1 | cabf7cb317f73a36eb25ff007949e4bfffd79984 |
| SHA256 | f1bf3cd96b80aac3dfc65f06d8c4b479fad5b97e61578f3aff22fef3db9c9ea6 |
| SHA512 | 7583e771be83bb39c4dba3bc1f90a97df903d20fe6ba766457288581acee136fc4482ae79b47a3a3f2567c33f78ef7598a49a76958cb1b0ed4b5571e6549fa61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0329d658b8ab7903168bd186229aa271 |
| SHA1 | b7543cdd52d080bb4f991ec92cceca2f15e906c4 |
| SHA256 | 2d5383e02a6c6076a6bf72f536516265cc7016cfd84604540a51a103704f8934 |
| SHA512 | 0658e1258c792b131d4af6db7d4d7cb82baf6c0fc3be7fa5711a97c0f8819e4cef1ab37179d1fe7c735dda487c0d9e497a85381b19ec5d5d961790927915b38a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4615e88b057acb91d86f672697cce348 |
| SHA1 | b81791590e61c3e5db7caabdb58748cc754cfb34 |
| SHA256 | 1fe25bd656907ebd6d1ef0b5d1e5e113399db4f8d5e8a22d8188350ea0634fc7 |
| SHA512 | 2ea5c01ade6deb6c7fec08a98643d9ea83ea95a2cf3c156aa80c6023c8df0fde010a663f5c9156f34b71cd0e2d818510934f38b471aba82d33d92ec3f4ecbb29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10d4e08e3bcc585da36c2834e67b2a02 |
| SHA1 | 895c62f618aec8cf5ff61f1f873ecc36bdc65593 |
| SHA256 | 803a1b37861351e9165e6807c35d1c9805125bd752d061b01625bd20f76823a7 |
| SHA512 | 7321e451fb947e699667f6246a42ec1112e947d0cfb3d89c1cf7c466ebbce79902b0d0c41eaf5958167bce3ecd33d9393417814f6ce1b3fd624018034d3c0bf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ec7525336601e90aa3c5c909cd279cb |
| SHA1 | 2304a5eca28ba3233407aae2a496dfd17e786f41 |
| SHA256 | 55d587d72d51467699c666cb048c338eb5b8b2fecc0209e0d6909eacc520735a |
| SHA512 | 118f674a2f45d574a851ded40362694b3919da35a7e886ef86e6c161660537a5caf4956a3bb9596e5f4cee7bfa0cb80aee1c5481aa977c7a69d861dad275b9f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e9f90552520cfca43ba2d1f5640faa |
| SHA1 | c631954f80eb6f0d453ca499af400790e8c2ce06 |
| SHA256 | 76f2b0f216a36febdea00c560c56b44df024106387ed11197a35280ed0f13d8f |
| SHA512 | 76c75e596a7f899fc48e9da1957c435ce0710115e35c5b1a9cfb101f17663f5610e26bee33c45438f94669fd8254857a758fe88860ace9421aeac2b1b3e60be4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3365b7c6d5f472f9ceec396b5035339 |
| SHA1 | e114bdbf303b0cb8db6286e00c70a8cc462f133b |
| SHA256 | 4cad21cf3e52fc8bd23aa5f8a862e9bb7b395458709a367c180c8efdac25a7d4 |
| SHA512 | e67a423f8cb8fa1b78d6857ff29ea11f11cf3ab6e5cbe4a8e21c8d5cc5d3b8b50bdd51a52b2c99ee4853dbc6e0aba92fa72eb5856356344b843f19d21a8295c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f31137b6566dc2fdef772ed5e26bf26 |
| SHA1 | eacf26a4a887e612c3d75e36f1c17d5bad80c1be |
| SHA256 | 77856ae25159465eb384b93c471da16a114076b77c475e312d928f6dc678a2e0 |
| SHA512 | 455d5632e6729fd3440dbef02116175c9b4691cf168c51229aa0b7f38a240fb67f5b852fcfacca36fbce2d951c7bc49b12b046887dde6ad794b7aa0265a2fe8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f44c23767918d2ad4d2e672a8762092 |
| SHA1 | 98c1f13c50715b2235cb0ba006469251d7d4f2b8 |
| SHA256 | 590d5cc8bbcb0395aaf46dafe1e2dbf341c9b148abc6f5c1b67b06f9d05304c9 |
| SHA512 | 939415f219ef75e23985a00340aabc171faec8aa92f1997f21e711f1145fb62df4fee610992042c0dcd8a303c66e5fe51afbda25a09f666b4fd56148c5fda0f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fed80eca5222afb829a1134cc77a388a |
| SHA1 | 3de5cb565694e9eac9b4ddf4d7cce9b460a1dd9c |
| SHA256 | 6170b4175872c1cebb6ea7fdaac89b803f2c653cd2115a25106c6cf6fb127c6d |
| SHA512 | b8c9074f03220463ed4593d505fbd5baa0deed0a20b0804a7b1eb4f6a7ce40d0769cc0b309ea8ec6581b711d7b4a4a36c02d00ad531f4c79710113aa1c770ab6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92c2ab01a21cbf26275bf9f957a6bc8b |
| SHA1 | dd00c53a405ec9a8b20f4c12de183db903dfb564 |
| SHA256 | e291d2fb6d29e11108f40642bf3fd43cd0bf47b6d91e57dd05153b6ef26288b2 |
| SHA512 | 9e3729fba870cab169752129d7c1e094d93b8d826d5c7f2a4b38c0bc4039f7322c395aa58e0429a6834188e37dcdd7fd95e77490c2ed0680243776a64a9eb3f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3b6f5b985368827890af74046783acc |
| SHA1 | a853e35703ee49f80b517833a1e172f2a758c8b1 |
| SHA256 | 1ec2280e0547ef22ef5508654f596e6a4772cf651d43df08e9a9681f8f87047a |
| SHA512 | 13d1f44f07b68d63e3b0ef663425606154266cfe8cd207ada4fee4d1c72b795059284e247e28dbfe9a4e7d28d8ea96401f377bcbe07d5575f43ab6769abac46a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ec10ba4931b3d6f9ad9ab1c34a9fc12 |
| SHA1 | d024acbd7aa7dbd8cc156b440a931baa986ea9a1 |
| SHA256 | 4c35c5b63a50b86e4431507da9c02e6a95bf5804dc7f823a696e7a707f10fea5 |
| SHA512 | 8b31e2e4196c168fe88ee99886a155f1fe6f2207f4e3a631b92fe0772603d0c512f2cd1efd05082aa60001e2fc5f0ff784b1684a7ed6248997540eab277bf7dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b246f31f94d8aa069bc4df3353d96854 |
| SHA1 | 5d0c03a54b9687381eecb6ccbc6930de516e6451 |
| SHA256 | 6b70284fb6b5fd29a98550870680192b0cce2fc90f29320343688cc3ff4f0bb2 |
| SHA512 | aadec5ac74f2356e3dab12f503261674ebfcf7053c6a54be8e0e9ceb00ac67244e91618e5e61d4fa1fa282e535340d018dfe34255018f18e4205ceea560e0c1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 077098698f390f432a65fe1f69ff2180 |
| SHA1 | 906c687d75d9068cef750e545f2661bae784f9fe |
| SHA256 | c9a7bd7d326f21aef99a55493cb672561ee823c9daf5dd17cb11b480b3f1f9a5 |
| SHA512 | 1082f95365f640832a218884bfa131f68752effda4b41a14da32ef71455ab486e6b6cbc069c45e62390c66c789637ac45976fba7c23236ce11fd8211714cd41e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b736f13a3e6f4ea7bbd7e551f0394e3c |
| SHA1 | 5a680ed994f559c205adb2266adf7e49f133f4fa |
| SHA256 | 2289c60082d0eddd9a187a44a09ecc2232d922f8e9b994e7d1000caf216c5b1b |
| SHA512 | 3cbc1de93be171c74808c77adee641e91bcb7ec8ce4cdb27e9980e1ab02b90d7e50a1087e798035a9d488bbc12ad55b1d54081ec2442e6f7157289438b27cc2b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:04
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e6e150572af06b3567993a48059a9c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ffaf64446f8,0x7ffaf6444708,0x7ffaf6444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,3548217164019237390,14443783469738047272,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4280_KFSKLOGARWAXMITB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78bdaad23676a1cdc6e87b2f38b313ea |
| SHA1 | b28074e1bbd8efb54528933b75d94b3544e43a2f |
| SHA256 | 10c10a0b450196389e2fe1b81234f36f32170e8c36e2dfa42c704931cf25acde |
| SHA512 | dab3471441570610e257149b4b3b40f8d2bc6db67f18db2d66668f3dd4198f5852be8fba4b47db8df17884f2e507ec79fd6a47110a577375972cfbfb87c2f2f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e505231815fc8be4386585e72319755 |
| SHA1 | 2840c05719e257bc80152973cbf51c1b4d777438 |
| SHA256 | c644fa3c2518fdf279971b0d60865d03cb49845ba106b3b1aacfc20a72767245 |
| SHA512 | 3d796e2a1e086278d71a78c8ce72c8be677de38cc7e607c8bed41539ea3a7bb5e35664556ba4e38a3daec20387f1cb0d6deb53436e0c6be21f2dd972680e3323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c4c7347636ab97a500f1cffe94f858a |
| SHA1 | e3515eb2bebdd3549da335ebd2bd22ac6008c47e |
| SHA256 | 71fe2853fa50166089ca82c402dacf3e2e0d7a7e3e1059ae83c1454cfc593231 |
| SHA512 | bd41762aa0babdfe39cc90055b37d7a6f50d289eaeafffe3b3f8cc3eab188320904ce31f1aff7ca814d6e59e3d7afffc5811b0d86cf475629720d8ba26078e80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2fef06c4ccf36f2fcf13e265b6a2851f |
| SHA1 | 6b1a124d3db47281496d0fe81680e1d19c518c80 |
| SHA256 | c257e89edab859fa5d6aa78150aeea4f259f068d2d909fe4067fc1cdf7396016 |
| SHA512 | 31264add93d04233ac2d4fbb15c99a8d9ad0d8b3e1bdb54c7f306b757e292783d9ae6e54a23096554e97e51236152f6f6a0f05bc2ea39e2f32e142b8102efd4f |