Analysis Overview
SHA256
caa4335b761ff6f3c8f32a2d171efd6ca111867c1ce955c593959e33dbe611bb
Threat Level: No (potentially) malicious behavior was detected
The file a43034ec71f6255c77ee7df06048128c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:27
Platform
win7-20240611-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000b2373a381e2f7c9f15b99b16e305fce6910726ee7cc3879360ab2063d79aeb86000000000e8000000002000020000000c769033c737242638c8784858b5dc0669dd731193abae566bf599562ef3d393020000000951969cc3088d4fb2404b11054b87dac066805a0e059e33e9273760300be3d6a40000000678f7c67e1e896b3c6d7594990be39e2eb542e372dcd1c7497a501c08f1c630dd9bbc7ba6b09bfa1337894833ccf27471b5500e5d3d70af9f11ed73592929f29 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000009c6eaf67edf8ff556e23576592bbdf7826fe5d6c0ce2af111732d969e2e3f1df000000000e8000000002000020000000a7cfbc763add8d3969aeda5c64f7d25e01e762538fba9dc98371d5408354ed5f900000000a2caf71a7db7113531ccbf8e900c1d717c4db01e5ee9706e6915bc34a6b8c1fc0ec7c3c57402e156027c0cc02c3e99a5b18a072bb5ad9c3e304dd04492fac9c895f6ba56a1a64fd193281b79602df65d772df72244f7c2f9ac029a43b1ee82f497a437e5bd9aee3e84128f319324e9a1c88f21bd92677e9c5d47b88f184c5fad54a8e726452e7ad68fe5b11ee8ca6c5400000002c7b429214f50f866c1a33b8b8f462fa00ab3c7f5d2d674963c2c926967cd8a5a3fb2caaf3b775d115d837598c252c8fa669c056b6485d5c7f2508a74f308001 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A70B6081-294D-11EF-B477-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d28a7c5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2108 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43034ec71f6255c77ee7df06048128c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cultclassicsmovies.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | malsup.github.io | udp |
| US | 185.199.111.153:80 | malsup.github.io | tcp |
| US | 185.199.111.153:80 | malsup.github.io | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | wroclaw.paulini.pl | udp |
| US | 34.149.87.45:80 | wroclaw.paulini.pl | tcp |
| US | 34.149.87.45:80 | wroclaw.paulini.pl | tcp |
| US | 34.149.87.45:443 | wroclaw.paulini.pl | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\jquery.min[1].js
| MD5 | 73a9c334c5ca71d70d092b42064f6476 |
| SHA1 | b75990598ee8d3895448ed9d08726af63109f842 |
| SHA256 | 517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c |
| SHA512 | b5c7b19a6d0f05cfa33a7f54c1b8075698d922578429789fd4c0a4ce035f563857283c7062e9ab08ec61679b486971f3d83a44135e217e3167e49fada5a1520a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06cef3cc98b865a83adce2733fed8a78 |
| SHA1 | baf0e577f518163fdc30d1fb2105a30c27a6e8ee |
| SHA256 | 72ed9085906f8b476c59f8d29b88943c89e4f79515affa597fb418ad55903109 |
| SHA512 | b791759b3ee4c28c6573d578ab6371226431e257bffe8ec8dcb0800c84c108fefa2f2abcaace5996fac61b67d44418a0786aebc7ae23781c0cce6f4ab853c0ed |
C:\Users\Admin\AppData\Local\Temp\Cab2A6B.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4e15464bc1185c6c5ec7210a1506817 |
| SHA1 | df1aa1d9e5dba75dbff37ed08824b4a2ef0c319b |
| SHA256 | 5fb3c5133b3c49f034765187f904197c03507adc9da47ed100c82977398bb1d3 |
| SHA512 | 5e680c37ba4c98e39a6a90b7a4546c43c47f6daad7c6105407bd88d3fb78771de6700c798c1cb6323dcc36fb317e3b4812dc35837f1846adc262a9ffcf59d5b8 |
C:\Users\Admin\AppData\Local\Temp\Tar2B0E.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 420a37aa0ef41a48daa04b6440818d39 |
| SHA1 | 8b8d158ddfaf9b05a2e771284f61ddfa0f4d644c |
| SHA256 | 416b410dc58cb2a2fb282e7e884a2a8c0c4ccaff2d308842bcaa95df176a0175 |
| SHA512 | d5ab5c37a5a3a936567032c304d4300b26f950ee12f9ef606ca758e8e2e84768d97383811ad3cb00d20acc118c3c32a1bb7c1a28ca049fcfda296fccd1f34dae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45a647fe5843323593ad6d599a189fc1 |
| SHA1 | 2d8b06b73a07191b8f67471151920c833583746d |
| SHA256 | 8fe99b4f0c7f1f94fefc5211918bfdbe972bc6bdf3990ee389324fb8047a7c22 |
| SHA512 | 34ca59b1beb511ca639ae767242dcbd8789ea0af801f306860df7a88b470b2c99c92fb71f8e7102a749a8b0f68227f0f354cc394a0791d3cf17e1ffc2a5e753a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a1fa0242c1a731683c73313c854968d |
| SHA1 | 251d68e255f00b3f91ed629a9a932653fee57b4b |
| SHA256 | 8843874dff4371e53ecafa6182eb14048458847f83cc52daefff824d8d8c995a |
| SHA512 | 9091f073ff5557d8fda0846366b29f90840c615c645ae92559337bcd3790fcfaf9f0686282751a85fa5ba7415eeaf324d9b78efb5786228690c3a8dc4e802e3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 450fca680d4df8b7d4bd47645ceccff0 |
| SHA1 | 672c3e88f4ca8c251cfd9bc30a0b415fa3baa0b3 |
| SHA256 | 29b771abcfdd9adb54aa9c61a14aa57b10e5ae509be97ba5a15f9938379aca0d |
| SHA512 | 156ced3a3e078bbc8d6926b42ed29d10a393ca50a2d56db5d4738183c744145f0792c78524b8976425b5469875de54f2fbb2a300d9263b76c1e553b01e8a8c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1eaca3d777c4777dacb4e4c62b42073 |
| SHA1 | 32f506e7e71c393f5a34caa96fc93963d19db12d |
| SHA256 | 259b3917232aaf82ff3ba63746bbb61128064415754b8b308a27a9596839ddd9 |
| SHA512 | 26cd5091a44b649449c9201947b90b01537389645fb17b4d6968eda4c633ecc0f3fb724e3920ddbb8622abfd869d90c5d7a47ef9d29dd3ee8b96122252e45c8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 645e5fd4353390ae48c37f7eed215825 |
| SHA1 | 5850788819f2b3df2922049b2c784a43f67466ee |
| SHA256 | d0aeb56486189d903bffde9cfe13777e2b37c57ff41ab805254274cf43a349b1 |
| SHA512 | 090b77ac88a75d154da740be20233f365844e4b0033d81744f8e33d611696012556071f43af16252792fd178b9a15f07af7f00d2ecebca87e8fc6b80abbab09f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1a80cd7b2457cf168bee30687df3809 |
| SHA1 | a171ba2efe545244fc3ec595c31b95ad452ff0a2 |
| SHA256 | e92794e06920a02b409f9ecde54ea4316662a9a3f7555097562233af6d17dc4d |
| SHA512 | 1208662749c399a4c467bb75235f193b300b2cd53c203634ff206a2db33f2cb24d85e878e23035bdfeb5af38c67f7c95279c1211817c3b6419d7de61b71d3ce1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f70c3e4f727383cd3e990be76eea626 |
| SHA1 | e01a1605f71b9e94acd94e2a7121d5fa7850b1d6 |
| SHA256 | ddc1546c2e11ebed3c359fb4c2f4721678a5786548cd6b54b0541f92e8416b57 |
| SHA512 | d9c200d0404372ccf1e598a9e7fec90647c43f16a29e4c2ad13dfc01aea936c3493294052ca56e75b2e47194d1e4b1f320923906f3cbcffb51e36c71969ea3f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91b054b46986e8974cafb0152ba7e6c0 |
| SHA1 | cedb35fbcae54b5e13a2e0c448e936a86f30f474 |
| SHA256 | be529a34cfa56810ade75cdb2a887df7606723b74f43f1f263d2e2e1c7bbcd37 |
| SHA512 | 52a7d663f447b1a82461447755bb31fe702da10cec2ba6aef22b92a0c1b7061cbac20b8b6ef3d4334605417d185a10e06058c6fc41bcf491a867c589c7d3b1df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3520adaceaf95887b4b1be59ede15fbb |
| SHA1 | cd551130c7b4356d9e00b896086ffab15ffaaf3b |
| SHA256 | 4f5b84f5a7007131e1189f57d22548e927bc473151fe74c0ac98b725d0faec0e |
| SHA512 | 76439211df2872cabc656869d6d3bc08e2b058b8ca8f3a9428cd7e99e2dd82f0d29e96fe175fc08e3610baf8429ccfcb5781c362596728126d72d5294f45928f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e84109f9f9081ef5b42bdede7e20ae7 |
| SHA1 | 48c840fe89edaf577acf4a9d1c85776805498b0e |
| SHA256 | 56f7196f1938839657787da9760354373af58ce381cc1e44a1bfe8244f27d9b5 |
| SHA512 | b2c7607556165c529aa7604865dc6ab376f6a2d90ca96ce85a4a1aa3c41f3ad69f4c58814e09b7f701232ce0e778d156f94f998794b3a64b289d1142438cd13e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5071115276aac1dee70be48511498d6b |
| SHA1 | 836b20e180855d7ce3b91df9cc96ffc0fcc27a71 |
| SHA256 | eb7644f2fddefab669654580f720f0aaac9c889b0d76eb3b04abd937ff8f1dcf |
| SHA512 | 163c8349435ddfb5594dc87e3bc2e2db1241749fa9406d1fc0a0cfe841f1850fbc165301b2c5948db889c9d0358b2edb1568fcd529d698fa8494844172e58c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a782e0df12ee36fcabd64adc4916b90 |
| SHA1 | c6fb227ba42b514fdbf048a52c4f5de654fd33e8 |
| SHA256 | f2835262d1bb2352155997117de5ebc12a6ef93a2cbea2429d7005c033fe8e75 |
| SHA512 | 4d11f7b01c60ef7b6460198573bb8b12daca4932251128dfa4ba363e334e80644c5af5be84f1846152378589e42f4e1b26ee77c1ef5d91b000edf7f18d70e143 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e33a2cdfaa6875c3f2eeea030d96a05c |
| SHA1 | 22af44180260976afa66c20650ae88742b7c4c9d |
| SHA256 | c90f916c4efcb8fa961c3f49563882cd357e38d95be1d9626e053daaf70bb333 |
| SHA512 | 900aec834b7c05a74ca6b8fd1940ff0256cec3697679e55a52ad546a8dda83ef0139a9825d6e604ce9a2cc5451bb064cf1d849ebca1c923c4ef0abf3a65da872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf8918da896520ff7d5ae131ced48901 |
| SHA1 | e237c9a0b568ce2842698b7d1f54b46e86e7a766 |
| SHA256 | f45845467a3558f2a078d4197bfe5c2ec259900e870db8b10dab2975cd26eded |
| SHA512 | f35e9a407c2e7f402f342dee8eacc19b94de4e7390bff822dcf2b78244a624ccebcc61b4f1cc75ec85e40a08ee4f8a913178cc6bbdd868df230c819d3549c3b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79e675b4a6e71ef78310e1db02f30226 |
| SHA1 | 6156e850eb102a2ac6627a9616e5f3f25e1afe1b |
| SHA256 | 919da2bb7e147a9cbc86e0490a38c92d1215a2c4ce26e363ff79fda0e6ddd2d0 |
| SHA512 | 6253bc7af58a0c822aa5929362fea2214e1fefbaecb41c993433a2c4af14cd836a40d1469d4d5d522a1bb6eb03991daea2f35c29547f9ae6014ba9a58ffe9011 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c2dcfba7e1b75883cba07ec7842bc5b |
| SHA1 | b0bd3f1013b5f1b0c5f88ce3b4bd86a834384ada |
| SHA256 | 4a200b413e602d087ec1a668cecbaf5d1910df630f07e94d8dc67098178c99c9 |
| SHA512 | f10e3173f5f81fda029dd7512ba0f9a85b6f76910c94158d9713f510b6527188a34be65f962aa395bb37b1261b25827346cb6406c39b7ae1ad5dce7ed966e5a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 451bd63b3a3d219f2668624d18bab97c |
| SHA1 | 4455c0cba788d662e3c0cfed358635b0908f1888 |
| SHA256 | 5bc87fc641f18948e245322b5a82edcf88fdb423859b5a20c1e2f4e5e823a0cb |
| SHA512 | 2d9af55813791fef768e3940d2805d74fda46fa4963e93d9927d580cee89567c4b7c64225d863775417b28dead4b6e7c5bdaabed3960888ede58830753b4e96b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:27
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43034ec71f6255c77ee7df06048128c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa72446f8,0x7fffa7244708,0x7fffa7244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,7807788044194886978,10130680509836993140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malsup.github.io | udp |
| US | 8.8.8.8:53 | cultclassicsmovies.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cultclassicsmovies.com | udp |
| US | 8.8.8.8:53 | cultclassicsmovies.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2276_VSZBKPNQALQNIZXJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7ac968ecc11b8b4f541d32988d08e27 |
| SHA1 | 18c35d625d83870caa82c9e2eaad76e5501f6bb9 |
| SHA256 | 99e71324fa8566aa53d77a9f6191c68be64bb77f41ddea1841b752ab9d8ca813 |
| SHA512 | 07fad363886eeff38d6446cb6a305b9c7ca7381a293db3d19fc0f5ddcb1de418475e35ba17a9b748491ab70f8c0d47c07c5bd093408f25638e7d64947f489049 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2c8c89fcc2297bc3afe608f20c4bb2e6 |
| SHA1 | e044ab6c48ab45f5c90c6aaa38484079e5e9f270 |
| SHA256 | a3f128a05a9bd69a7f4f3efb39c9576d359e17b6f7352bea68a457498c3da312 |
| SHA512 | 3a5e2b8db87134f286949f1ae2e068d31142a165ab4adee36b196e967fb2b3e8cfeacfcb19dbd42722506b28deb79ae7d815a8ebe644b286c9b46b369a06d647 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |