Analysis Overview
SHA256
f0a2836bc76985da3017d4fdf483e07dee8700aa6e55ed05e322db1cb6cc6ce0
Threat Level: No (potentially) malicious behavior was detected
The file a432a6d999a594c62332fb47d1da77e1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:27
Reported
2024-06-13 06:30
Platform
win7-20240611-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{065CD5F1-294E-11EF-8A4F-62EADBC3072C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421926" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000e251de741101142ff2d75744b5ddec9cfc285231c7a55f9620525ba45fa1426000000000e8000000002000020000000a74f2f914c8e31d103146c3cae2656850168e65c34c72a422e7f485faa73d8c9900000002a432e0c2a7637ba963e2e0f5a5b325d30f1b2c5d67621b044d1b233c667c035554e219a1efeba9f55d72652b0c9a3b9c1cedc8b718e15b29e1b58cf5b8477225aacad45c0416a98b5e93b97ebea9f800bede011919018a537ed8ccbac111ae7d0d471252ca16257006620f62c565be42927e4a7703bc3f61233075927a4cb46aa3269c64d8e1ea8326aba40b1fe272840000000382a540e1ab58dd3da7d8b3faded39e905b4e98f210ed5444c45a78b23e3efbea194359a9b1d8d39c4772782fbd99cdd0325fe19d4b7a40957a04b957f98f390 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702f28df5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003c2d44526ca1945b9dfaf4c7af28e302ea60f528e8359a9f951d401988d7abc6000000000e80000000020000200000009c25ae528d399aab5b3bbd5093164cee57f2c814d47b928b5a36e41209e5ce1820000000174b4d2bfe6ec3508f00ed052290f31afc2fdecd2a31d26502e9f5d1a7a5ed0f400000003196e115468bc611eaa321f343ab5782d78673ae77276df330a0ae03e88d9b8938e8690d5f3a22b6ba16501b127066f5ae114941ff5cc57c75cbc6fa75993d07 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 1716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 1716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 1716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 1716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a432a6d999a594c62332fb47d1da77e1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA824.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA8D3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b72491c09ea77f95966eff6be6b8effc |
| SHA1 | b9d8173a27c564fbd543c7aac242ea4a0a19a49f |
| SHA256 | 17ddcba838a3ea6dd87f2980f7d549549e47f4da3b91522d5c8d28f6ae10ca81 |
| SHA512 | 4011b894c6a2dc44b8f131cc12c813503debea21dfb5c138eadb68adca0213c1e47f0535ad2ec6155429eb1af318bbadd55358b5e235bc4103006bc756c10f8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6597531d86a32977ae64a33ae733d889 |
| SHA1 | 69751c68c8dceb03b7de86814bea7e289d9a314b |
| SHA256 | 5f1db4dce95d3efd823ad0e1c7f73f866fbcd6b1cac1eb4429e5840baab542f7 |
| SHA512 | ba2b867153f0dff4318fdf0fc5bf718f111c1972000214e84b3b3bec7fafac59d5927723d771a04ea74338aaf66f69bc6066a31da36c2cc8e30ae5c21656c575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 724b9e8084ef47b9253a99a824de8829 |
| SHA1 | 7ff6dc604e1ea663071016b567bac357dc657e8b |
| SHA256 | fd0da5d1e00c77728564c3f9141b7f589bf11e9d287356adfd8d8f07f0e166a4 |
| SHA512 | 70e207de390ecc5ce6c824204910af01f4767974b72f4a1fd3085ba364d60ce064cdc6d3d36cdb399b378eb306eda875b3e7243b29a41150381d4af4d821ab9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65f523016b5489becac4e60feaec0bd3 |
| SHA1 | d2c425d147ea493fac5f795d629d74871d84a7d8 |
| SHA256 | 71bdd14a79ea6db614de39ac50acd112d8ab686de7a37c0c973b77a43804c04a |
| SHA512 | 606594ae4f907a5756fd24b02699a5cb1a2bcfd436cbca1d2913a950eea585c520f511990b8f6a38737273c44f0cad8dc7a8375bcb3bc033031cb3739c9d3919 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 808c70b1debb3476dd0d1b0fb195b45e |
| SHA1 | 3a38ed5b0a71f1ecea2d241835c6189cac8c1dd3 |
| SHA256 | ae9b821cd59cde7063241b58d20e3106ac601f977ea6146397550764a2f88d93 |
| SHA512 | bb562b3818d6f82eb0ecc9e62f361b7a766c8ff70710bda53bf5997b1aa343cf5e25f8ac0b3d46e137862802bf4ab80ea8651dbda07a91b6010aa011c316e062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aaa146e3f0fa1f35d16957711ec6f8e |
| SHA1 | f550fc3577c7fae14fddd04c12571adf89babd90 |
| SHA256 | 6b02e574ac7ab727bcb6c730c54d91db4ad1914a4d853c88c6a71532b54ef6b0 |
| SHA512 | ee7e36c2c5e3eae5e8dec5fa64f9581409583a5f4d80934f388c7ec56f3dc38f6637006ba6e85cd53cc3f70bee1e9e386fb24a6eb95811612a5b865666dabd7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc1313524ce6f4ff16a068423aafd161 |
| SHA1 | 30769802415b0051e292d171c09d2759f008bb8f |
| SHA256 | 33f439f2ad3e57242f5686364cb0d4e5b64a36cd400a73eb186c2c6ab9ae9bb4 |
| SHA512 | adc42d08497027aa95cd4a4549fd2f62697af7fa1226c5741594c729ce309c2d76c33a63874e3203525ce85f79c07fb1b5d63b0e03b2c3521b59ec46047ee0ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 571a9a0692a45792329f5646104de3a9 |
| SHA1 | c370d7062652780c01f89e6e0ee3d9a2b69c0566 |
| SHA256 | 0bad6c67f260db585c96c20a9ae53b03f6933f791d4f0abf97c41a4fda1577e3 |
| SHA512 | 79d5331e520e53b82d4f2ab35e1d86ee52dd8bc70dfc5261ec602552a5b067f9e83623f4ed559770c68a16d2dd7f0377e761e3337bc61f802907bc6fb1fe0a6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a042109af313ba238f85aadc8edc0601 |
| SHA1 | d26237aa3cc85bd6a305c0a6ff33f112808639d0 |
| SHA256 | 7f9d8fcfb96f43161a0099c779b950f5393cc6d25fe04ab211cbd06b9571345a |
| SHA512 | 22dd777cb1d843b3a276d08ba541cbcab78cfad318d8c701f22f36d40e65508fa4ec10f201f27214d96b760fc48bf02eb7c90f2df017f6b8acfa00dca1978f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba9b26d72e3b401258f58b1f10b3fb5e |
| SHA1 | 57087142d6ba772b7af3ed8b681f2c8049a5a960 |
| SHA256 | 6c43f27e949ea0ed586268273d0bd3a7e09ba4f8c6a4792e4bc51afe24982698 |
| SHA512 | 03025e00fb70c48072dff81ad593b26d5ebccaa7d70205644c5e6a5ec5d72ad3fd5daf7646aa432a4b9d43338fd3cba33ff8db054eb495e52d35605006cd4049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31757a871dece58ba22da7197302a91c |
| SHA1 | 3f6d9fd53e39dc9018cae95e802cf5355146b3f9 |
| SHA256 | 80df3af0eff74e922e0af94237092ae7a1399d8ccab1bfbbada72ec8b5132281 |
| SHA512 | 0ab34538c181c3688de254ea82bca18d41d05923a58e161545da653a864f6aa5be034157f6fd428a79a14991dbc0b0ee6e432f23e08af3fa9a9308f4b6f500f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03d2ea48ba447f3954a72b211b87352e |
| SHA1 | 09ed16e23fb970b759f1c9581822190f5495c017 |
| SHA256 | 380dc7a980600d569054f4bcd1479e6afba2e95a26d98f27a88853d7aa56c21a |
| SHA512 | 4ffa9776492c3cf85af050faab292b37f59eae44af37d7777712dbcdd4b8483056869ad1e39c90cacde3850b4b4ec1c16d4b156ff94c08c1b845c3193e88fe47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c86796eb2027c62abd916dc9f4a25f23 |
| SHA1 | 8999c9fcb0c80c81bbfbf8f54417ecc9e268348b |
| SHA256 | e1af15548cf3d9f3264f3f531530a42761053f6fe55c31e98c6b6e6a50f21fdd |
| SHA512 | e657286f8177e57cf5f6e88d964e3bd2bbf58eb0d829d2dbc295da320ce8f4f1d93a7953b9ce2b3e79df6b0e2583ae7d9d36cd63d25ac1f3c41bed99f2244cc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab2c71a124d8e075377177db6db8c636 |
| SHA1 | 15f09be12838890144c57c20d6cf4e1cab0029ba |
| SHA256 | f77f6bb2faf6e85625073d8c1fe047bca8c8f0733f4cd28d01ffe95052984c47 |
| SHA512 | bd23a30f0846a5647d16802dc1dc7586928b8c40caa57758026de00b71f3e4184d38a04044fda6e94820e6c73c48c7d5acaadfa1dc236e24d02f982b488b08e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a52c6a230fb9f81211800cc18e5026 |
| SHA1 | 7bc8791d1ffedeaa86d6bd5646f7ee330139e35c |
| SHA256 | 66a89dbae7346eccde424c06ecf6fb40f7dccb5063c3f8b6ef3044fbdd75f387 |
| SHA512 | 0f9a74403378ff5041221e8aa5619bc034f1a6d5252a62ee4477d9a92fa62d13fced35ef049c112671670a7d9a6d3f96dd47fc6d672278772e0e7b48ce788dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d277743c206117b2ebefa45a8cbc442 |
| SHA1 | ee58f343a0942ad26198565c7aceec0291c12fb3 |
| SHA256 | 802612768c66d230cf7f5319e40f1eb5dff656d8fb6087b09856a586288f55af |
| SHA512 | f53efef3336e388a0f24a743e76061b1dd6f901af3ad4a5d9ba28dbf977f23eabf69d3cb1a85ba8d0afeb8311ea2e7853b3827d80419945d28ed354dfe1fe71b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47469dbc7fea582c54eb56479d87969b |
| SHA1 | f4501bab2aba402a3e1c2ad5e189ecaf4de88209 |
| SHA256 | 825206d21587cb8f2b02918320098221ba259430ad8bf052524bde9f925b7964 |
| SHA512 | 87508bd1e0b327f2333a006690ffd06947b15ac15301c83dc1f3ffb35aefff158d1159dd2494b6df29e099d06e109ae030b710aaaf1fdc471b64f71c95ccfbbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb8af185d72d4e18f88ec3c0d770b412 |
| SHA1 | 3481dfed00b4edf9ad7d9814edda7e6fe342e75d |
| SHA256 | 97adfeebfd011c338be6f343fca115412808f83c56951536a782b8c20fbf8e5f |
| SHA512 | 54511a5eaaaba56954a661dc8f53c6b622ed68075a169bdf97f1ef41bf92ec3810fadcab7bb39efad4e5b2133fa3240c38b872649444c9fd63617e6962c86f62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10bc15a8d25faaa1a16bf17d7f9e76f5 |
| SHA1 | 0a1c00aa748260ffeecd46b465b13cfedb995e22 |
| SHA256 | 812f08de1b5e26bf5d583b423d4c77ac73e3476ed4b164a1e2dedcc016b0e51c |
| SHA512 | 5c0bf54c8e5358329462dbdd2f7a6720acade0548937c66f18e7be2da2d8e5cf4a2e72f656e3f7157a14d946efc99d03a7816f48a9cb11c9f2f272558bf1d561 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c42ba69aabb42ba4dd63278e65cca15 |
| SHA1 | 89ff10094bad81fcffafe328432713006cd15813 |
| SHA256 | b382dbffb906de13ec50fa940eb286a33005aa72c0755043dabe165fcb54df02 |
| SHA512 | 50069dab3679bab5e061446d2f01eb3c0e57512f167b95585397cffc226f69e1b1f1fedb69476d8d3ea2081da1c7c1bcbc02fe5a72738785582408cd4ae6a795 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44e6ec2468c3f942bbb2e8f61b94dd20 |
| SHA1 | 9a926b6aa075cf48a2e20ea7ed78b9ae82fc7c0e |
| SHA256 | 01291db0431373496057395fe87bc5a44cc3e5929a975e63b4756d0e2c1413ea |
| SHA512 | 8e19fb828c904163df01e782d28314c3414878e07aad8364bc1c22745157a8aa6a8d195ed5b739bcd8ec31ffd83657b1f17f0c8c219be373e9bd1048d75cdfcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fededea10d905fee013437a0efcb625 |
| SHA1 | 605a0c7479494ed54f246660c2c1edeb350ac87c |
| SHA256 | a1271e8e38380ae5969ba49d77be0fe34a6c68a16926208a2e67427d97910ac5 |
| SHA512 | fae00ec180b959484297c73957cc207a34fae02426c6d9373b1cf1147ce1ccd6fccf4149bb7353d7768705ccc2b0f5281be58c0242e915da1c461fb246893972 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:27
Reported
2024-06-13 06:30
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a432a6d999a594c62332fb47d1da77e1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4795148086707509115,9811771579030927238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3492 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_896_PDQMBWWMMNQSSYJI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2b6673724405a00ff868249ff9db2c3 |
| SHA1 | 7e32e533953912f736edec3ab0c1ceacbf56d9da |
| SHA256 | c107cf1cda70584dcab64c00432131f8bceb680f90c96c1490675b5bf6cda960 |
| SHA512 | d6b1406cc6f520080bd15363e569e3e0a4241998a5a2984f48a8e5bf206b90d6d5ff5e119be923bd385cce2424871bd0febf158ef85e43f979c4e514eb8c2ef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20658e825dbcf8e0f19201e2c1de9ea6 |
| SHA1 | f7faa5bd09caf15d0ba947fd425354775aa1fadf |
| SHA256 | 8d8c167d46bcb66b992efc9c9efd63d6cb568c0659a1d9a62fe54871615804d9 |
| SHA512 | 1d717ac8b21899f8498909411dc3daf4947ef3ec0982b1ea37d7b8d860eb4b70e0608679a08ec9d5445cc7eda05a43dc3d74dcb6c23e4f7600e5fb316917375c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55a67a7b00356a293e0f7b4f4d97d428 |
| SHA1 | 7bf095f36f93e41afb6e385b535af1eb14e57f31 |
| SHA256 | ce72a77b03861e644f4c86e056988f37ae1b8eb764bb77491483a4f883a63845 |
| SHA512 | ec12fa9c936918c633b514cb4788ac3b63f7c719f5739a9fd25477bd98da9749e75c13b6af170b27c1bc5f3a0ee55f459d3403968b5a661b113f87cccb8b1748 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |