Analysis Overview
SHA256
74fe944cfb45aa2920d4b19c1d4318def83f0663cbbba22d33ce83a5f16a878c
Threat Level: No (potentially) malicious behavior was detected
The file a3ead675e3e431176b41369c8b801712_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:06
Reported
2024-06-13 05:09
Platform
win7-20240611-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF00FCA1-2942-11EF-B98D-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2436 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3ead675e3e431176b41369c8b801712_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.52z.com | udp |
| US | 8.8.8.8:53 | data.9xiazaiqi.com | udp |
| US | 8.8.8.8:53 | jspassport.ssl.qhimg.com | udp |
| US | 8.8.8.8:53 | tt.emw927.com | udp |
| HR | 65.9.189.16:443 | jspassport.ssl.qhimg.com | tcp |
| US | 72.52.178.23:80 | tt.emw927.com | tcp |
| HR | 65.9.189.16:443 | jspassport.ssl.qhimg.com | tcp |
| US | 72.52.178.23:80 | tt.emw927.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 8.8.8.8:53 | s.ssl.qhres2.com | udp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| HR | 65.9.189.51:443 | s.ssl.qhres2.com | tcp |
| HR | 65.9.189.51:443 | s.ssl.qhres2.com | tcp |
| US | 8.8.8.8:53 | ocsp.crlocsp.cn | udp |
| US | 8.8.8.8:53 | zz.bdstatic.com | udp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| US | 101.198.193.5:80 | ocsp.crlocsp.cn | tcp |
| US | 8.8.8.8:53 | crl.crlocsp.cn | udp |
| CN | 180.163.251.149:80 | crl.crlocsp.cn | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| CN | 171.8.167.65:80 | crl.crlocsp.cn | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 101.198.2.196:80 | crl.crlocsp.cn | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 101.198.193.5:80 | crl.crlocsp.cn | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | tcp | |
| CN | 103.215.36.179:443 | tcp | |
| CN | 103.215.36.179:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5AFE.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5BBC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7fc3b660d45fa876737ed8126f1f001 |
| SHA1 | 9dcb60128b6b2f4e849aa22d19323d079c906ba1 |
| SHA256 | 3bb0f92592e4cbd2b5a44bd565c9e400660e0ea6bc1c2b2ae23c2ad55938962a |
| SHA512 | 3c48143005c703ca1f8aafba0281ae9958b01692d1455ddfbc61078a09b9531616986ce3fcfc68b20ee7845ecb45dbe82097e78783d695ae9e90a30d36591402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 858a8f0a3dba1fd1aea3a7da9dc2a8e1 |
| SHA1 | 952ed64c56bec7a18027b43094605acd77228538 |
| SHA256 | 169d661e710d66c94080f7eab971f1b7d473226d6500b70742bf8c5e6cd58c6a |
| SHA512 | 851378afb1dc5c759d6b5e2feb40376af8b14460d013ede08c0ce4b86e3df0ac91b0fc46798a47a645c0b7cc9e4f169297bb8291491df99d7e5a0a845f137bf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32a2f4b8b174aa854beeb279835b990b |
| SHA1 | 72740c9a1f6e4c275cf0226fed6f496353f7e822 |
| SHA256 | c9de370d51c99c6b14d7db567c328460a87705114e44970d71a1d8a047e4630a |
| SHA512 | a4b690af7a840e5500f558d88c06cecc5616691207a3d3813cdc512b5e976458817b93bc535432657df489655cc17ae5afa3704203426e3f1c2027338579fdf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40362ac672807d5c84c3c9b9aecb9a02 |
| SHA1 | 91a7a8c318a30ca7be45b49b1f511980eacbef86 |
| SHA256 | 91efc3d1f2dc97e6651a7bf694271ccbb73f7b5742f735d8af447ef94fd7c4b2 |
| SHA512 | a21a8db54929920b9b992de2c2c858b04d555ef593b172b7a1cb8267c4e464aed5fa82d2566df78aa39efe598c0ee3f8569797275f08dc20ba76ef7f370794cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46e1a4e352fc6d8154578618d125c6ce |
| SHA1 | 6434350de33a2fab2547e1b70eb68478518adf24 |
| SHA256 | 0bd1a9055619ee6edc0efcc302968cdcfd769b58512f833c5d4687a186ecc36c |
| SHA512 | c37c8b5446b6733a0f54de61f10ab375efb7950d772658555bdc464be79b2a8362c4d145e57f8e2287b0678045028619091478c4416366ed4e32d098cc967f77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12cf21651b5432f88d6786c2ed4e2b3d |
| SHA1 | e12676d82c8c55cb1fcfd6d5c6db3865052e89f3 |
| SHA256 | e4e15a3b4ee2e1144da9b56a021a63fb7d5cccc7c250ae9e42f1c3075d1e090a |
| SHA512 | 32bc76aafdcc2af66f7276e5e17aa3b0d7bcb3103a07cea11de46ed7df015fbb8acb4be413edcba97ada79b1763f61a0314a63e28261c9ea532c7165da0c5cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b32046d6ee8944f87f3d147eb4ceff8 |
| SHA1 | 3fcdc58fff183f1140cd34a56129c9677a201667 |
| SHA256 | 11a7d5f9be42dfc49a5256dc43ed5b04611f85a9ccbf6d372a8cf488dadb4d45 |
| SHA512 | 761198ee0106aba15484da9dd57bb99da8a5719a976cf2a42106f2561578e0c7e8f381f7a09d84e5cafb2c569c84c770e8705ea91e54bcbf9ba029ec9db04586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66615b656b7a62df6b498212aaec9dfd |
| SHA1 | 1649c03a18aab4e3b87220628e43815a0b11e240 |
| SHA256 | 7fee2df9ec8aed68b026b933f304ae67fe8ed5defee89b7b4fea1bc93001f4d0 |
| SHA512 | fd62dfc986abdbe6d9020cf2ef1b4658bec5b0226decd131f550684b5b4aa710f46213ceccf963388933f0855648c4a4ba2e1aa01940211c7f282654dee5712c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc57338751be2232b8794f70f6f1baea |
| SHA1 | 0db9b72ba8155028ec0b30bde3cdab0f0897d1ec |
| SHA256 | ae2344157c71ffe2b398d83826248949c06e850fc64af51073c1c5d1cfacdd75 |
| SHA512 | 56e7f06b51c6e112f6319201d6bb9e20edabac8b9423f684ae368a1490ff777c7ce90b7817186727b2f8d709a98eba38e0172126a22a8035772ce082f4f09112 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00d79c1b9ebb53118c9285e4020a58e5 |
| SHA1 | e3fd0d029cb6c544ca19aed121103957297292d7 |
| SHA256 | 962e23fa5de16fb768cb096c289a2e579f574917111df4ed7d86c895b55ace5f |
| SHA512 | 60c49eb299d0f6b920084dc75d079b6fdf35436c57dbfa401e51b986f5b916ea542a2be7e58fbe9d016464f9db1adb2189c1c5cea9ceac1e416cd9f8ba972428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb9cdf3c1bf030f4b79d3429aa833eed |
| SHA1 | 17b694a6b129e11fc2599d14c56916c0ad0041ae |
| SHA256 | b3486120f8fd4dd6628e2e318ebeca5bef465c3db55912b27f5b476a1d9d2b61 |
| SHA512 | d99b261ed981d82221c62f68c0678770a27db4372497b6343133623d9a17ab5df6ee8fa019b0e7e214941bf8a935df83dba8d5278ea3bfee29ef7d6c5427245f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c2656d60e6cbc065cbf11ee018530d6 |
| SHA1 | 0f5d6e91814a8e4bffa3c51b2408d28676e850f7 |
| SHA256 | 2a0fc186164c7b3080e47061f23ac7bca3c576f22034fc9ade42b416c7092d27 |
| SHA512 | 2d7de218e9d98613ad7a91c662978d02f13f3910cb34de7f939d6f41f6cb08a2c25ed61c8d869769e4c78006c52804e212295c7c324dc053f420b00b29e19402 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:06
Reported
2024-06-13 05:09
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3ead675e3e431176b41369c8b801712_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd510a46f8,0x7ffd510a4708,0x7ffd510a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18227460443614639703,1361285386150751929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18227460443614639703,1361285386150751929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18227460443614639703,1361285386150751929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18227460443614639703,1361285386150751929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18227460443614639703,1361285386150751929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18227460443614639703,1361285386150751929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | data.9xiazaiqi.com | udp |
| US | 8.8.8.8:53 | img.52z.com | udp |
| US | 8.8.8.8:53 | jspassport.ssl.qhimg.com | udp |
| US | 8.8.8.8:53 | tt.emw927.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 72.52.178.23:80 | tt.emw927.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 72.52.178.23:80 | tt.emw927.com | tcp |
| CN | 14.215.182.140:445 | hm.baidu.com | tcp |
| HR | 65.9.189.16:443 | jspassport.ssl.qhimg.com | tcp |
| US | 8.8.8.8:53 | ww1.emw927.com | udp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.189.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.ssl.qhres2.com | udp |
| DE | 64.190.63.136:80 | ww1.emw927.com | tcp |
| CN | 14.215.183.79:445 | hm.baidu.com | tcp |
| CN | 111.45.3.198:445 | hm.baidu.com | tcp |
| CN | 111.45.11.83:445 | hm.baidu.com | tcp |
| CN | 183.240.98.228:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| HR | 65.9.189.22:443 | s.ssl.qhres2.com | tcp |
| US | 8.8.8.8:53 | zz.bdstatic.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| US | 8.8.8.8:53 | 22.189.9.65.in-addr.arpa | udp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 8.8.8.8:53 | s.360.cn | udp |
| CN | 171.8.167.90:445 | s.360.cn | tcp |
| CN | 171.13.14.66:445 | s.360.cn | tcp |
| CN | 171.8.167.89:445 | s.360.cn | tcp |
| CN | 101.198.2.147:445 | s.360.cn | tcp |
| US | 8.8.8.8:53 | s.360.cn | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
| CN | 103.215.36.179:443 | img.52z.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1644_AHHXMARDSCKOYKBC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 194ef5399502321e10542b39353956bc |
| SHA1 | b8ff3ed4a84697cb5a66d10976f10a052b1f0ed7 |
| SHA256 | 86cf17a89550ce425d5d2caaf6bd4e26ae4ace7739f8168cc345e5fdeadef1c7 |
| SHA512 | c43501ee5f8cda083d65c22cc42509fbdf2a914a99d3208693560f9953bf03ebfda5df01957af6ad40315a7e5b8d03213cb385928db45750c7d0669669b76ed5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eb28ee3e882cc3b8a5ca670c883cd939 |
| SHA1 | 9c1d92e8d671e70b48768010285896b4858e6205 |
| SHA256 | 21814eaf0d11243727327a0fe3b3425958a6b4563f260cab0b3f322592a061fa |
| SHA512 | e4a60e97776fa1fce92f39b488e26102ee2a8140885413ef8187ef2cf120e0e6a1b09bdf22c58a5ef1319236405e464df6b6f40610f99d15b1d33ac90f0bb196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb4a1033fd771af8b85b6e7da12dd866 |
| SHA1 | 3b28735b80121aff5c207f13ccf39ecd971b7f9c |
| SHA256 | 1a10b76e7c4b586d37d0cc0efce79ddefe9ffaf90f1863337c860b10a2f28bfd |
| SHA512 | 25fcbf67d6f23855318c0ec136c23cef6c18646e87e44784f648d0b57c4819e476b1743fafad7a7ec0fb8d08cacebf7a8ae48cf5e041cafc109192c908e92f89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 89b056240af807a1278d46f325dc5f62 |
| SHA1 | 1e66dd4c9e030c5d2c23047a085822a372f17887 |
| SHA256 | f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7 |
| SHA512 | 109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044 |