Analysis Overview
SHA256
54103a3e515c274b5a5cab19b38e8340978c408bcebf90522342283b34293d17
Threat Level: No (potentially) malicious behavior was detected
The file a42f4376180b5784727399f44c6d5d79_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:23
Reported
2024-06-13 06:26
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008f3327645f9147459973ed50c887221300000000020000000000106600000001000020000000ece14e35c03eac6116d1a88f97306b98ce53299f1aa553fec5d9b403a520b4e4000000000e8000000002000020000000728c965fdadcef7ab2282eb10773c500cee9535d8a3d099633194511fc1e6f4a20000000ab8ccb3e483acb69222cb64bd7b03c11dd43620e3a8f8b7d7f09bcf78fd49539400000001a1e50edc99bc8bae3ec6841fc10f4d11866883de45020c96d7abf2c1d85372be35b5b3bde8689f4f8e95b8bf9d649c9f51491f7d82a68a70fede0c6ad2f4353 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008f3327645f9147459973ed50c8872213000000000200000000001066000000010000200000007fc7000f6e67f50af08cc2ce2b87a5f2f06b29161937412e218e88dbcda872ab000000000e8000000002000020000000c6321ce71d7dfa49ee7084ac856338e59b2f18393a37ed5392dde22d7fe9fe4890000000c92ac5fefac8edd1e2c609f4d232f9a4e8af2c89101e333ba953fcc3609d921d463de7657bb44144355c66e6ad3ffff8fdecb92419b6d2a093542c43dc5511bae87e754a2e58431db23ae9fee63f6876a28b18c59c5d6c6970ff0553e81f5a8275df0df8046ebd527c73d7ed6eb3ba12d51bb0b496a5c8f3ea4bcd5b5e80a6ce0c7465320f4e07df1f4f7a5344d154104000000021f18c15139f31862c9cdbe5f31702a2494062c3f9727bc6307e71fb796246482f85eab2a0cb5fdf862d51b3b6b8420015f82c62bcb986a7a14468c9628b70bd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421693" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CBFC551-294D-11EF-A8CB-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ea92515abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2344 wrote to memory of 1156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 1156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 1156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 1156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42f4376180b5784727399f44c6d5d79_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3621.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec21367f9cdbba6a96cedb308fffddfc |
| SHA1 | 936191b25710f541ebb2b02993d2f06abbbb00d5 |
| SHA256 | 5e4b759bc3a0c2b775a116b3fcaad143a4bb7422a26bd774828a0c92dba9a7a3 |
| SHA512 | 52fada24c28a19ac9f08b069cb509d97c2e828c2b7bf14c4cd89ec9adac5196bdf6bbe6c29d74c5d9ad0fd565ea697aac1d2a2d1634b9c5488586399c353a160 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3702.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd620cd538e3b367708e9675f6ec50ae |
| SHA1 | bf1f00b5eadad2ddc526509a3fee8e18aef13b38 |
| SHA256 | a23097a3554447c9e1ee105ca1e662e806a3a7b04bba0c82e9788061b05533e7 |
| SHA512 | f7d98396bcb4b923d5d4cd935994540d71b2d85883321f76d46997c0d62dd9d2f738c39f3d6f0200049b444f31d3b4b926880bf8cf93254fc6a4ce8c1c136b68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a60590c13b2b995336a9977737f86dff |
| SHA1 | 48e9ec9faa93a56477d13dbfdd3939a849d1a2ea |
| SHA256 | 2d1474dcde165934cfab01b534be9000a6733c6b1a246b01d7fd2c40e2f65388 |
| SHA512 | fdf927158c73c83649188bfe81ea293aa6bec23d9a7b6aa1da87e603af9e2c97d48357c016321d3d4f0e4b3c94ce85fa66c57b34c56fb744edc3d2c7393ec43b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a68f574b4db976f7f8616e5979c78ca |
| SHA1 | 320eb2efbeac27e9834040967cdab9cb74761d12 |
| SHA256 | 19b8865d3a03638171661180e6d58eba613e0715cb4d14e045350641d7317308 |
| SHA512 | 3e9f2dd302ab3712bf1787c3aa59fa86f668ce4fddaa2e3b3ba5f81fd24d19b1404076d5908de7023f18819ace2b18c91d43b4909bffdbc9c1b81ac6e06521bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e58683ed3e466158edfb36f31da14f9 |
| SHA1 | 892cf83db879f9db9658db1be653673f4de3c98d |
| SHA256 | 7cff84ff74f159429450c6112d382fcbf36760236da79bd4890ebe936d1383e0 |
| SHA512 | 0e63b6e337e10bd4b9ecb9dae541030e57d8c6d6fa070555c417a30352da10659debb6b9a8f3ea41e4c02663e87cbad2b0c6be3dbe98ef881550ba03ef70dc9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8e9b0b2964a102eb33b321835477ee5 |
| SHA1 | c49997b3a9591543cb9b49f35927630b9aae9322 |
| SHA256 | 79f53ba48ca982c9393631a39c6b9d1ee802c2f811dd7aaee01394414f7eadd1 |
| SHA512 | eaaf3d22d6911a0fcfb3a1be3b4d6020cac21e1754b6da1084bbad4c425d06967c7c74f460e17a1a48f473a975bb0d2fab65430e3d860c1743c406aa1ead6ce5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59cf6c01a3347c856c8bae782cdb4aee |
| SHA1 | aa13822518bf2b26f6fa875d6518d3c022201dd5 |
| SHA256 | 7a1fc748c44641235c8d7c62ee2b08d6596056e8890037556ee9f7b9f3aaa27f |
| SHA512 | 3a94f1c27e1ee4e9023bf6f9e323369df8d4fbf93f04f446f7482b47972116686f079804d60861960b612ab2684622c1ff71f085b34c4dad0e08cc8a316f27de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91cee16191396a08a2af96de408ba8a2 |
| SHA1 | d2299f516d89cdde18f9a2d7a1e6599456b3b804 |
| SHA256 | db1217f85fddb2180534ca0f5f6aa27e8f2add64fd5b66e8c5b25f26ea722e34 |
| SHA512 | f896afc2130725c3a45ecdface71472038e1e45be0d0b73818c76c256aebc7817a761010dcffb45de6510ae0edb57ed23072aba1bfaace85b43df0043a40cfbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4991f6aa21c3b32fb9d93489bfa9745c |
| SHA1 | f3b5c5ee78cc949fd9b84856c6011742c4430153 |
| SHA256 | ac62880649c35088ac36eb7138508f804359c280ff09b929f2ef5fcdf9e9eae0 |
| SHA512 | c4b5312da382f55b66fbc0bd2669140040a0176967bcedd5fd760fbc5375a001e36b673d9cc838f80fb2552d35d8a169338980a522cfbd2ac36e79030e127eea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab75307d3f5173a3b45ab32fd7d20a28 |
| SHA1 | 0c045bb7670e836799dc81b36637625006b458f2 |
| SHA256 | 6e7f2ee2de16a279e6ff18d7e8bbf896bf706713bd4bef027f43d61af2795761 |
| SHA512 | 83f777c00cc6ab661c2ac5981cc62bb7227a094f1db413d20346df407d6af7de7329c4c107ae569a4caeeefab28bb08418ce6469a7a4d587b3b545ce75c8dd87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e32afc73d00fd7e49925d49ab21d135 |
| SHA1 | ec35cbd24695294c814eced0a92f614ca449474f |
| SHA256 | c68993c883e9e39fcebeae9fd97925bb7ef9467020dfcb758a28aaeea742f6dc |
| SHA512 | 9baaae98401b21b138f86183bb5e7ac08713e4f0989858ccbfbe23e17b94f88076277891c527eca60673b5e6fe329af842c62581c62d86dc4b6bdf2759915d6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4ef84f4a9fd45f454987f191102562f |
| SHA1 | 9b8673428f2bb7c34e5d26494beaeeb04e647a66 |
| SHA256 | 21426feb2e97ecfd0414aff216898378aeea9f6be090b41024eba25788d11037 |
| SHA512 | fa968129dae0f7249cc1d78c9e6c3886e10799d3e19d1e0c69d5bb2973fe0187ab7247df2abe0f3de4e3ef492c5ec06ac6072bffcee7a6ba8ca95021a294bc25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b2b37d98b0d2f140225bad341491620 |
| SHA1 | a3132c2aa87f363b38faebf7b26ec3e8c3d88326 |
| SHA256 | d8746dcc83194bfd2cb0a6770b732d0500b088fa5981ccd941b2d7acc9653fc5 |
| SHA512 | 3bebc3fa2188bcb0fc9da2d21bb6cd926dacda58b28e7e82d5bc5124463a701121399e968a78bfa1a2ecf03bf3dda6c0f6d9f2f325199992ff2686f422f5f0d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4738e0721440667e140ece1bc523a88d |
| SHA1 | f57d667fc09100ef02be9bd74f770c28bf369021 |
| SHA256 | e5099e523c5d17d806b17d2a6a338ff93ad999b6df2449031afc72beb1cbbe25 |
| SHA512 | 153f5a77be82df85425cce2394f66eb92736cb758380f480095f8ddbcdff593b6e30cbf6f299ee89d7baa08ecf67f3b0b3867829fcaba100b6b0e728b0232d37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fa0f0248ab06d75c4460e323dfaefc4 |
| SHA1 | 7886e9bd9a380d6a7fcca169086e7fbbeb9bed4d |
| SHA256 | 657000341c59c6eaa2589b6a5187ba0dc7ff9338f63388f6e00988f202a1a2c4 |
| SHA512 | c5bb34c8a5c5b70fba0fe0439826eb680c21d4631a9b5abd8ea9eb7ccfaf23bef72e463fb10bf00d2ffb882a72bf66a643c53db68a7ec1185bb9724129b9974c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f284f95d8f01bb9a95310c2628961e29 |
| SHA1 | a8522cf0efb4b20b490fcb2065dbce053c8fb50d |
| SHA256 | 929c384dba1ed97dea0f12082b692e0b5d1691829079fc73a32fab94587a32cb |
| SHA512 | 04125f59d827bbc411a68f643cd3aa0df5201d91c42d971f114fdf66e47ad2a63431d95fd10ee3d217c3113874327c118d6731b16ed296d4f693293306843e09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb54adb513dcc4cc42622223680b577c |
| SHA1 | 1e1afd72bddc268825f9b57cf80ab56daa558cc0 |
| SHA256 | c5ba58478eec03ae81c16492b2b71d8e1c41c244b345995ad1ee01e9c18e38f2 |
| SHA512 | ff2621aa094ab3d8847ca25c6ad845d67742e4c6de56e590089b3eb3d17364beb613bd654685a6e4d3f75ef8061791cf0afa8087f26fdc02b1ec7c75d35985d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebb66791dce60abff0eabd3125d3ece4 |
| SHA1 | 9f78ca63b682d3ad27ba12b7ef0e53554122a559 |
| SHA256 | 8bf92273fab77249f21b0645fea4d0b2d5150b364c3a3daaf15fe36462a3957a |
| SHA512 | df07c490f8b2e5c71b39b61cf4ce7fda3965f3329bd5707466aa3d12a0089a0dcf217d6a96fda13b5feaefdc23d1acd88f020805dc1cb95cf4f5bf971aff243b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 902bd9a1a52b54600e115947adb58120 |
| SHA1 | 5b81fa5100880765663f87cc3c097cdfd6bab9bf |
| SHA256 | 6a04b7ffeb1de42e916b8a62d93a17ca2d46299656efe6250627db1cb856f0fe |
| SHA512 | 6ae6aeb6720ad9dd9fd13e7748ba0d3994e107276bb4fbef4b39ca612d9ea54c3876fa586a1deed4c761c582dee5d6e26de2b37ce6fbcc29b28ba169396f4d2b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:23
Reported
2024-06-13 06:26
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42f4376180b5784727399f44c6d5d79_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b744718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3382479710351085289,2956215323422989347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 76.76.21.9:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_2416_IVHJNPRTTEEDIQCZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b78ae73eb86bde6424dec3694c01d5b |
| SHA1 | 43f563b73cb0c6fc4607ee24cbf4142e496047e4 |
| SHA256 | 2ce0bd5ea73ae4343a850c8ef93aee74b99dae3e2adb3de4352d0770117f739b |
| SHA512 | 858fe6e15ed6c6475b87f48dfb0ff615d2145f1ef2b465d8d4cd7eddbfba0a36d4829772e53953fd3ec3eedc6a400a27a3bdc3916fc48d57fd8b851a2da66b8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 713b36b69ff19ab7e8a66156ed9dca30 |
| SHA1 | a8668dbfff5f5cfb0efac564444996bdd2702e76 |
| SHA256 | f4a9ae24907d5db8e832a16404d04f9e8191cac632937d5b175d4a25c1a47972 |
| SHA512 | f82d8c2a39a0d8f712e1705057730665a41085b978a86cc506a61772e430158f7b77623580f8ef083cdbd57fe801045f0a46729e393d85b4e774a1cb1078c0f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7095ce83561f3e16874425dd9d695768 |
| SHA1 | 459a5a4c1d9cd600bdf9dccd4ebe7588eb0eff67 |
| SHA256 | f6208d073b39ef229c98282eeb6af81b0c17efab36c9b04b17989df2bc1d2f7c |
| SHA512 | bc8c98055470a9c426a76a43115d07c28dd04acf61545c8ebf87a67cdf0158d1238e4ab4d38e1ea63c553ee0b824970e522974eb3d99fbaa51d929cdf558bef2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63e94862b42530f86676ad4d8dad984d |
| SHA1 | 3fd2230f79711e641c7d8bc1fc8f6d671319aec8 |
| SHA256 | 02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25 |
| SHA512 | 8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff |