Analysis Overview
SHA256
5d0c2eeb2f70aed916bf9a88a4097429e16bfc4e86b74b972b67403f89de8741
Threat Level: No (potentially) malicious behavior was detected
The file a43315e393e6b75f5754132ead177b83_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:28
Reported
2024-06-13 06:30
Platform
win7-20240611-en
Max time kernel
121s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000000be3f3646403b9209994c7ec56f4fdf0bc17f4d7e1b527b2fc14ab517b10085e000000000e8000000002000020000000fda3b75bdd88fd5bc3df3860011873d32acffe9d5b01c3e7bf4c76342a1c5ccf2000000053306bd809e45f769de78730e29c3b3266bee36053ca8c5bec6db8f449ac7af240000000e446df4cfa133aea30372372def4666ebd98fbf182fb85be50215bd1b30f00837be3379f71f8246e1cef750080bd0fcc21b6ade27d90938b8241ce7c7d5ba02e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7023a0f55abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000d38ac9dddffacf7611478c7c0d9335812b435a5251e444b8a020395f00877501000000000e8000000002000020000000397f0045ed4aa0ddc4cf607d4f4672e8b259a3b587089aa6d32cc03a15998bbc90000000613704092de2cad3353779bbabe91a32b56b0f09848b0818be89e18ea80cf1ee1b8266a691a197c6a19fd202428d2022fb98c133ab594b9a912be872fc790b739db2eb70b764371d579abb27b0b5b9663ba287a7c6b3e3858fbf05a35e9eafd9bf799eb712f8bf4cb0634f0527f7ad298990b53d9b8e091957074cb37ad9a6b49e046bc53f95fe8976b0c3af634be73c40000000153587414434d52317b73aabbf738012bd0df5f674b13a58233119498cbbcaa47dd1a950d1d397e0c71f6c35685df50bd9f1892fa18fbdaa8e45dfbeb86cadc1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D13D691-294E-11EF-A05A-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421962" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1556 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1556 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1556 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1556 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43315e393e6b75f5754132ead177b83_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4BFF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4C90.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5330fb07ae0ef6277d2de16b94c426c1 |
| SHA1 | 7e7550667c2a20b01e6aa50c5e0b7473de08786b |
| SHA256 | d3ac44534243576540331529d77e8f11c603a9bb81b6454fc4beebbacd35030c |
| SHA512 | 69146b6211c2516b133257e5c40d8970b724773afd1a495366f8569aaae56e4a0c57d9cc1d012cc6afcc8d19d79613f704f9d976893f4146e5896a7b7bd56c33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a4b2a0518a354bf7ced597a4ffe8adf |
| SHA1 | 50ab34821ce9bb1b25ccf5a8e8f4216576ef6a48 |
| SHA256 | 92371db22f56a09e7a0d10064426e1412a02af0ddcdce65dddb150ef7f0d604f |
| SHA512 | b47dbcf66ca4160f813c246363430587b63792880e5c48c15960df1f7fefa336091282404bba4d0a4ad5a3d7c69079fca2a11a40661735675e391fd12f201410 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 929323d24ea90ff5093509c4243b7d5e |
| SHA1 | c8c7945eca4a737314774f8eee8555fd6b90e83b |
| SHA256 | 1b393af1665ec0c37014b468eeb8e1815a80f5a608c033237e84e89d344649bb |
| SHA512 | 322ea2d40d0ef9986a1045d723ff232fa3ac2705a4f3b76fbfc4283314c875640b5d602a136601c74e7eff127546ecbbd75656a15ae866a0de75bffb2ce15ff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b8e27effbe9ff5c4103d05a82205bcd |
| SHA1 | eb395a278d165860259c321b275d065203b9e774 |
| SHA256 | 5fd316e4090b70d8ad00de122a4615b5bbdf80aa9acd4b1046af5f51c7165102 |
| SHA512 | e607574f8466c788f10ea4013b9c88eb723549093bf56b115a2f606be470517e308a787100bb51deabc4b54393ef1028de51062855fa1dd889c31d3699ce1409 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e12f88067a42b617c6cc7a87545e5b79 |
| SHA1 | 45b3cc3d5807220f3cb6703323c0efda5a88a238 |
| SHA256 | c0cbb1033260ed86d62282a177340155a3ad3e6987fd4b6363a4e44d1d34c02c |
| SHA512 | 53f50a6a744e3f03600d5e5374be1f69a5bdf63558b4bd81c2c2633611c6c0e4fccc45b9ebca3b395e9f4a6f63f206526c51c7fe9db2de2a2a2b7d22dfc30285 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d06db37c155a5ac210c790ff99803ce |
| SHA1 | b876823b312b3a094cc381613551f2fe378c595c |
| SHA256 | b49d641662d8cdd61685cb3e5be8a7fb684ff5d189a9b4b5c3ca6a26f0b8a0f0 |
| SHA512 | 5644521ebbe1eaa999f3808824c67c2ba663681ec0be3e451e51933928ecfcfc32ca72ee880c32dec2f269e43df8253557f4dfe4d153683b7b2c66c3e6a3bdac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 961f7cb564dba919d5c0d99d7ef8b0b4 |
| SHA1 | fda5b79c7ded72f6f6b043100d64aedbfe8a16f9 |
| SHA256 | 4dbfa9637ccc3c8a1feed708468c18ab0d3a09cdcb575b2cf0fa17409e249e67 |
| SHA512 | 8c8ecc8fad683c43504c208d21704254e29167241ec82e72d7ce8f36440821bd7c10103ac6e89b932cabb3486793cdeb329cd54096aa4e9647ab9f8b46c5cabe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8954eb92621994ffccf7863e783f6ac |
| SHA1 | 0676810a6f87626aacdcdd9862c3fc297fd230b6 |
| SHA256 | d8799e39f8deedaefe436448ff7e0aede88f9dc6dbdd2f6c5f315e0502d37fe0 |
| SHA512 | 8c7bfc8c65268f39b87b4509948fb9c92227951a1d093fe45c25ca2fe43aaa90acbdee366b6dcbdee56abfbfec060a1711d9aa927ce2d953443776de34441406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 823b972b6babec42472be9a8dbe1c7a5 |
| SHA1 | d2df54446a7f5f4e01b3c08177036f0c1518d6bb |
| SHA256 | 7640d11da408b6f155b8ad164a5ce3609dc57dc99b5fe322315b7e628d48bdb1 |
| SHA512 | a92f92a8611187480c75c7e90f86ae9a9bb3f2135e135c8a24d6ab0e526d0bc55c1d7e0bd8f3b43d00848c3c7dceff3672fb726c1b71ca0f486c434bdacd0240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af4bb946a5b432a6ef511049adc85264 |
| SHA1 | 71d7bf447d280e189788cb7e0ea1eee57d4a9b64 |
| SHA256 | 65ccb6accd2c3c8b83fa5d1e7d311079d4488af468cc496916d74fa3a4d00b8c |
| SHA512 | 840432df6867e69a6bc654e758b559c7f173df19b47d1fa41568078f5b0b6302a4b2307f8cc0f821d99fea76f03997991b83827ae6c85017259f869c7f480f3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e1124482cf3457717025ae36a5c65f4 |
| SHA1 | bbba0c0cd7a5c1bb4ede6d6efbf68eedaccb3a51 |
| SHA256 | f4530f01622f1c583facfa2e965f4add5d6290d3a4a64fe774e82e6ba3f521dc |
| SHA512 | fce017e10c6e4f718a90994b87c529592f3fa2a1131fcbc1e8a0fbcc2f8d834d5d331a298d5b8d72a1f1753c1d696aa45782dd2cd6ed1b99f46b9d133bee0802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e3c4832223fb4bfe665ee12105913a |
| SHA1 | 2af0b7979e791fb522dc8964cd5e570c153b6557 |
| SHA256 | d24cf11464a50125be280c91bce676d89746647759bb1bb563c246baec85869e |
| SHA512 | 311f1142c9e8d450fedb67e973267d874bb0e0f23b58e38b0dca5602ea572ee5ee55d6c3f1fe64926759176752acef1b94ddb2e1e0e3f4eda31cffaa49d356b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d7dea105dd1908d473e3fb727746d70 |
| SHA1 | e48ecea11af7b5d65664eaacce5adfd73142ddc2 |
| SHA256 | c4680f036cbce355b3a4900c37a643000dcdb084780c136a3d273b535b93a5cd |
| SHA512 | 849c82695dd1f8ba5841f2dce5cb7dc19d055a0f05f635b3ce4c8e6f992fd40798a708050f753e62f213b9b306f03faec8811f3ca445bf227d14531c2d814df6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d8b63c1706ec92849cfed298f241c21 |
| SHA1 | 1db388b6e603bbeb61d5976281efa38c033513ba |
| SHA256 | f8563ed10d548709b5115b4fba67184fc5501227bb44696bc3f5fbd97d238aaf |
| SHA512 | 765188e55d894b3122631ed62c8be421a00fe61b491463fd4dade6bb2d0dcc007a2161e832ac9407cbd479771b242a5224f0548e454b3e1ee66eff5a32d4a51b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3443d5e0fde9afe3e313a26c57bcd85 |
| SHA1 | 6cc16a98926754e1820a180fd40e8a7234e1863a |
| SHA256 | 108f0c867b2740808a054e38a0d1db5748c3463c2935ff890d4e49a38fd6a647 |
| SHA512 | bf33f00ecc67f4276ccaf9baafbab560296db41d0bfbd4c6c567f687dc910c87723d6c2d5a9094e8937cf9ed5b24b6d02432c66c81591f7994d82f7f1538fda0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca505ccd369ce4c11c3b34ed42f2c9f6 |
| SHA1 | f7b9ddd63b6f5abb37cc89e958d8e6383cc9d252 |
| SHA256 | 6670ea6ba69d681176471cb5b5baedeb94f144aa7aabcd95f0cb510dba332b10 |
| SHA512 | 80baa3d5067fb3db3a9b7449d52671a9e69d25b7b5d09d14ebdd2d234e0937ba0673741d6871e858ef99382dc34fbdb873bd0af8174fc6e9afc50094c8957faf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e607c4f3db31f7fab60f265d31752d78 |
| SHA1 | a6a7359720bfe3b6c462dc87e6126a36ec28869b |
| SHA256 | f1c4577a95498461d4d02f799963daeea9bf7fc7e2b78bb2bda8cee7e4779768 |
| SHA512 | 897f589e08c76cb30ee927a3cdcb77e35a4f5402b1184340b8cdb9ea4c9e8f9f1b8994865ff283d81888f19c91e06532262172bb6aff12ef719ab38202de1e67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 595c587eb87c24c191dfe902fddf0c08 |
| SHA1 | 46009ad6444c079855dc8cd7f0d82a09bcfd8093 |
| SHA256 | dc9dba9dd115d2113d114a80875420a160a856e4f55ec995423d3f9234a9a09c |
| SHA512 | f5dff039e922699065ab57ba6d94f59f6ecc5792b54053f7166e3b7d3eac0ce1c876b2ba7f9f99c2a4a843287898d56027475278e8294076d4b3789a1997cdd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 085b6a0fe668a0580fd5abf3f60385da |
| SHA1 | 32b8607a17cc666a674391fb8b141930435dd035 |
| SHA256 | 2dfc6007dc3bf7c21cc2ed4c44eac746535dd081ec0d6b4e3fd575bfe88dc4f6 |
| SHA512 | 4819ad2cfe007630a24a4d26b5e9ec5ab2caeab2c96b2c704f4a1da64ee524c2cc35292486e54afe6f0170433a16306bf48da3c52935ff5070b656e02b818b6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96b349c23ebbef014f9496ba69237487 |
| SHA1 | 254ff2ed45ab4c069085117d9f1a441b7b20ff41 |
| SHA256 | 887e9d2c362719f44a9a4c0eb55ddeffc341fa6480f989cf14b70026e66f8851 |
| SHA512 | 33d8e872234339b22077ed610c19f5904e8a5526f9a7233b62ac5f02fddfba32dc80cc2ea2d5e3329d9edd661e966dfdd63eb02441b98611eb896868655fbb69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca2d7dc31e14b3f4d5687fab87f5df24 |
| SHA1 | 4bd4b7c7957da7cd66624373d271b1e565ef2652 |
| SHA256 | 1c800edcc6095edf95b81a96b2e90c4b29f493350fcc7cd5da100de209bd859e |
| SHA512 | c5a2280b4de474b5e8dfbde2dbade18ce4756b16b73de0f0a9a6d010b2f437c9084f37877c403820ae605dc6c5d30ae5007051da8e207a655c93f6cae19e4f1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f079fcbfa21629b96b98199efc9350f4 |
| SHA1 | 88ddebcbc04c03c84bdc4019a3dd4325ac94cab8 |
| SHA256 | 9896499361834db3bf78bc05b867a4550ce7900fb0457a2ddac132275dc63675 |
| SHA512 | 208aaeffd823bbeb1a962dc82049f13509c599efbd8dcca8991e1fe4676405a644e995ef50416bc32a95f4fca2066c4f674272b68e1d6dff0dc7121065dd0b91 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:28
Reported
2024-06-13 06:30
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
131s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43315e393e6b75f5754132ead177b83_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfb5346f8,0x7ffdfb534708,0x7ffdfb534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,166049506042450379,10389864229085220975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3028_GYMPGVUWRZJYMWCU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7edcd907a5a89e7b9ae7d7e05ed21ea3 |
| SHA1 | 18570b21eea96c47af8ee20636e48e8632fe19cf |
| SHA256 | be0b96352dc6b1a428950ca2feec4f221d4779ab3b0609cf936af439f890a4dd |
| SHA512 | 312612a6f34b9273831834bc031231e39f4dbc10a68a941ad5b59169d2202198d2f6a17073ff69861130ea9ea5e98157bc7992c63306aa2b1938f54aed55c470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c23627437b6f56ec0b46fd0a8cad1b21 |
| SHA1 | 85936eb1b92cce6f0d3c9655ce3604bd01a1f185 |
| SHA256 | edea89f721172a826e3913101feb458e7c2d048180deed83a1e47d664e80da48 |
| SHA512 | 8a963514a5298282d5bb691d33203bc3bbc785593395636a2cbf4490665eb1e41114584a86ee38f07b31d63abbb35c6f93d5cafc1098bc259553d92081c04eac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 003d0da2f20555f3599f4c8d084836b9 |
| SHA1 | 705df7d575758f002e6803c0ab0070ee2f9ce347 |
| SHA256 | f6025b0709fe3ebb27e97230aeb406564cbecbd23db5ff95cbac4a86d9abda9e |
| SHA512 | 5a30f0689b3efc5f9b180bf3f27330f5a996abe84384967340b514f37338888d398ac4aa9669e34f8e2cfaef7eb2cecdcfb47363ad79129cb6d7edbdeb2ea3bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |