Analysis Overview
SHA256
90af4e5037eb93aca2203c9b77d7b2105c35d8396896e94de89b8cf3ca75f72e
Threat Level: No (potentially) malicious behavior was detected
The file a43305292348b46860a6a3ee4ddfef69_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:28
Reported
2024-06-13 06:30
Platform
win7-20240611-en
Max time kernel
117s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A1D5AB1-294E-11EF-A85D-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000efd4764b2e800c1f3314cf838c02f852578a5f68a075aebfc016617560a10ef8000000000e800000000200002000000035bcc6e864d84bda88afd1ed4e8e2d0703b55a1d924f658ba46fc1daa33e6f5520000000e2875a77ef2d2006a6ab8e8fac5d6440456c374aa08145fc3990137acb12027740000000a7f6ae6be68a2552d0f2852a3e68de9ef54c57d1c05c0fa9fbbc2fd3ec4543269d4ae075899f017069a74998aee1f42fd46ab10f151e6fd4a0557aa2b986e823 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8074abf25abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000644566ddb80954c3268f7ab0683b2f88634b31cf6bb4fffaa1fea7691b74437d000000000e8000000002000020000000d5a854b3b01de6f7f424fc4188a1691cf82a9e60e1a4e023e382cbf733354f559000000030553631e3ff92ee4de464580f9b6072a4d77be69268831f74a964efee2e1a67138ca569d92418d9bbe3eaa0fc07f5815ee8fa82f6c4f517e05131072b24d977c624e2b42d6a9880d185c673b6f6f35b9e4bdee3a0a92394e84e4af27b744d9552a5b9600283c9bdd39d0c7f3bacdb0da5b272da0fa61fc73d2569e25f435f99f22c59782c0d0ef2bb5c84608d90e63d400000004542cc30a96f9240b5dde78d08bd24fc13fd195da87a0a9b164774a32a24be0e15b63075c9bce4a828b4a8ba067af3bfc34c4e7ab625dfaa16ba21c613a56a95 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421956" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 948 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 948 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 948 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 948 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43305292348b46860a6a3ee4ddfef69_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4F1C.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4daeb8b98c96c46b79e3fa3049af6497 |
| SHA1 | cb338f5814aef37ae7a753ced3a9c8348a8d8288 |
| SHA256 | c76e6ba2518a57ca9ddd09742ce1deab81dd88031f01eb2c1807a28e302b88cc |
| SHA512 | 289a2dd4804776862f187bc5c5a403de0422b26fe1d4bd75840c189decc5a7330906165bcf7095d16c38b3674cca2de09383c47f413f3aa42f8ef40c55716b29 |
C:\Users\Admin\AppData\Local\Temp\Tar4FE0.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88445866c310ab5377abc98651610ed4 |
| SHA1 | aa41a5c30b82216b32db11741a8c19cec88d5692 |
| SHA256 | e555776725146e5c5b051d5ab50c75db87d3ab6e606b470c8d4195ad98767cfd |
| SHA512 | 1171547997c42556a7c57c2718cba212de6db3aabe125d58022eb84bae022a7f51963daf53aeb8e4c784ace76ee7bab397c4a11bf608ee7b2feae1f483fa5b67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1162e24c65fdbedf97db69311bd768a |
| SHA1 | 78c3e9180c9e78c762aaa8dbabfe5019f5cdf588 |
| SHA256 | ff803127aeb8c03ee54430b29b86994b52913e4088ea6e4ef3a7a26ab2626bdc |
| SHA512 | e47994a3949f4da816c41d4aa22a85c1a08c0f067bd533c72ede47ac3fb81029f430511cbc6e83695e56028aeff849d1fb9ec4580c97aa03071b6fb99145a172 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a738b93ffda1b8a0aae78ae5e07075b |
| SHA1 | 40348efdc821dacce82d951e2e4e623880bd87a1 |
| SHA256 | 574d292d04d2805d179977d59625e2b5d23363c1c28a4f45c499996484e0d57e |
| SHA512 | 2cd7280574ba18fa3137a7cf44dbcb29f396d29cc72c6bfd9ef9208033ada923c0ac5b0efd886a9390ec1631f51d72c1a721b68dd9b8f2ea9c95d58d442feaf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7afc669c09ac3dbbba466c7f9f92355f |
| SHA1 | b51e880ef05626dc890fc31193cd011ec3e08840 |
| SHA256 | 553fe257489a06a4a3237be6fb0b3326309d0810151d738116a289991869629b |
| SHA512 | 7298bc9a50f39eedd3db97182c338fc2c8c6330fc6aae4cc3ec10527fc631fb116e6f68ee8612038ca779c3d43afc33cce47128f6c7048d0423ae9938dbbf522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d249bee358ab93766dea7a5c528d47ce |
| SHA1 | b75375b8983a11703af7e0bbb307278646cd5d45 |
| SHA256 | c804a88dbe315b605994b15b57c82e311c75ac787d2f2fb5e1362f11377574c0 |
| SHA512 | ef079c844e8e4faa12f3b945ba7944033bffe08c0ce8e1d4a056eb8a86a88ba9f6bdd0281acefbd395933dd10b725628072cb7791c05c10b077f3f6cb44337ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2750ba1dd01cdac4b80161c4dfb3a15f |
| SHA1 | 7d0864bfb8d6e8405a28c6fee459dfa24128dc18 |
| SHA256 | 9ae50a34c6c2321ec833c577db557203909c44c599ec13530e21468f67b01f50 |
| SHA512 | 8211dc28c1dbeea53eccbb463604a31870aca6c72f5fefbf6d0c2f125c89fdc0d6a768a37fd9f2918ae7e178900cb37fac579cc82ff043bac841fd8270437248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bef6776295134dcf93dd6e513387ab19 |
| SHA1 | 1fc239fc9403884c49da347763d845c2b26edf2e |
| SHA256 | 8221e3c013d600c8cfeca4c42f15e9cf01155f736d8022eebf8a06171ba29670 |
| SHA512 | ee0e97dfa4d9495dfa2b9de42ab027d7186b3f779c3258865e91c285433323462fca8438176f4ee4214086fa96843c8a807c71cf26d47e0a4e850d7f915b09ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e0be1fad89c5c7828d5899706a01d8 |
| SHA1 | 399ce27acea7ad9ed0c93dea189667559da12c39 |
| SHA256 | c8dc362b55bdbd15e4e374194d974ed57d6d0900e77e8c2f34431844cbd9aded |
| SHA512 | 0668373b75baea8f4e6d50ebec1619686f346efd39aac08e1df104eced56ca7eb54458b09a17a7e22232d70360b1c6c359f05d0a98b2ce066934058e001c6c56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b907cdbf92f1cf7bb86356b58501285e |
| SHA1 | 5a213df8c61dfdf4729262ceab54eb12256ac767 |
| SHA256 | dd3399016e2105ea52440d897b117f08499e37706abf94c387e7e4c9264e42a0 |
| SHA512 | 3bad7a34e82be9fed0af7857fffdc3ec4b7b1ebff39c7014270e381479e121692cc712b692f60972124e00f732cd297386ed0edc3afa5260251ebb6b2bed8dcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c474b263ecac9f30a9b969c628e3fff |
| SHA1 | 83a33561f4803dc9d8381f955bf66f45611e3727 |
| SHA256 | 620f1d36716780b45211d4b0f000e67f6fe9451c6b1630e0c1c3ef66fb1dc702 |
| SHA512 | afc8a393ec240e021b148c82aec21da4efcf74df877db07e612867dc5c6acdd5c76ea282a775786680e8cf612293ca7a3c56baff8c6ba7da19b98174a4b4ac2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce25b270126f306e4ed49ff945fa4be3 |
| SHA1 | 40f4101ac37760954ad3da534113625ca7171d05 |
| SHA256 | d6bdc4821916ffcbcae0596e4d1c85b7414fd260c4962e9678fd13b56ee84814 |
| SHA512 | 9c489fafca9c96d715ba14e76362ec649b06881fe26ea88a1df27463d43d19c3b1e4f155aed124ef7da1661d5b41a027bab992d2c600f06b1cc4c1f3bdd70932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b35e8f12fb5295134614c846a9c4b6c4 |
| SHA1 | 08d821c6c72ec30c828207b4248f7ecae78c7efa |
| SHA256 | 1dd5591795c4f59eb6e86d7c15503f5f8cbeb1b91301bea33322ebfe971ac178 |
| SHA512 | e4213b0a3a652180f1a56b73c88ade263f87f5f2e832b54dd37a3217add695983db1dbb51c9eaeeeca5c18707f3a2abf4318ffa65ece5058354adf921a221935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16c8854c5bd4c46f86d3fd9f9eeb7e7 |
| SHA1 | 074fd38cb9f60ed380e25739f61f9c1103d74a41 |
| SHA256 | 6f20f3cfa963d73d01f78974b99cb8909323cab18c6ae5638afb8b4df8df320d |
| SHA512 | 0bc2f39ba23ec47550ecf1811c3ecb1f64225cc45012c7806eac116eaaeff168dc274d5feb3f47029de2a7198ac6920e65af3e8db47fff256cdc621f61ab3cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95d1ea2595b2caaf6e9e6edf2c0a7ac3 |
| SHA1 | 78e9b2beebb9b1c588789340833cd102ecf8b4e4 |
| SHA256 | 676ebf2e3ae09d8f28cfa346ed557c7b7ee1f4e2366db8df6d8bbdb390c4166a |
| SHA512 | 70474a2e20a64fe06ec9cb5ef9175788358c2c0191c020fc9cd10297120fc7ce256865fb7af25d022eb05715cd7324ef00ccb73e3eab8523decd7b54caa28915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66fabe40bcb844b72fc5d069dc46929e |
| SHA1 | 1e7553df6cef5b1d6d668e81be6f0c9f3274b0ab |
| SHA256 | 7f2efabbe041a94d3d147c6c02a223263f76912f3b017e0e672e48e4119adf94 |
| SHA512 | e84b2ed29ba47de704392062f78e33e9bceb126a41b6e9645a3fedffee0f83515b7be5454a28331fc1006d827a129a5c47995087cbab7f55645c8c48ed755f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e115d59a6f197c0d36e49a80d6b74f8 |
| SHA1 | da577dd451f309d12e9e6a949fe0e45c881884cd |
| SHA256 | 14f33c8fb2a86d8640d520892cf012f3394a95e313e6e0d474a68d0ccdc7a37d |
| SHA512 | 5e795ce15052b9d6b8cd16e8ea424db5b32afc47662c3e1f0682e75b17bba28c893a60440225359579a0c8c50c51d19c30ed5545785661ec50e46fb655ae63f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da56f5dfe43208bcfcc75af188035896 |
| SHA1 | ea89bff90cba976c1f2de34ba278c5959bf41da2 |
| SHA256 | d325e876534faae560d0bdb2df0e625d78be6c37b96356b551ecd7f06da9fe14 |
| SHA512 | af38371bbd7ed313658a58cd3193ba5c16f0f015a0ed3eba411f14a9742ae5092ac82432325269b005821c614c495e22ebee8f82e8aa8da280aa935526487107 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 107ec8b8106e0e9932b5bc75b036ba1f |
| SHA1 | 8e637c2c2d99664e8a0ccd74f4696d73912d0145 |
| SHA256 | 0b654193b611e30e4f980d68a535d50a791fa7c95f5d5d5ae5aeb869efe2e0eb |
| SHA512 | db87254d1d1fc1ad143b8017a50ed65558ba2491c7a6b5dd20b6f595cb3d638c6c3dde34a994197e51101db0d6d95531ff1626e52f32439588f0dcf68cd9dd68 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:28
Reported
2024-06-13 06:30
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43305292348b46860a6a3ee4ddfef69_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17544179619586613620,12507089510048390902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 23.53.113.159:80 | tcp | |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2620_XSPUOVFUGYREXZIQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fed2e997f34e0e1f6778350a78b6bccd |
| SHA1 | a91d1d9ab7d3c2947f24071db32603bbd9a0a7b6 |
| SHA256 | bc458fccf9c77d2c9543bc38f06346e6e365516d2b3d3e7de2c37a7db1e357a1 |
| SHA512 | 72f97d4af6cc9cde068c0a475ca0c7cc47005c2fe086b473459f2d04be980dc3dac6436ada0b0af19fb87119e9fa7d6a58747420d7cceb2430180ea893e24f6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cff08adea1503005781cfb72865e3f9a |
| SHA1 | 39918078e4e241f9b678a3dea3e95e4cf4a5f126 |
| SHA256 | 0f84a4af6bb6c898b33e38cc43282ceca92e53d71f2fca16b69c56ff5cb37eaa |
| SHA512 | 53be414c1c2c69be969cb7b03c42f95f8feadaff79105ae461727d00d2aa8ad6f1fc84a281532d3fe24967fef9c6e9d13d61830f9a9ecb057897f1b83526a9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d03c2b4fe4bec1e010095017b057e734 |
| SHA1 | d397e5e95be23c69f338b4d6c618bbdecfb54f88 |
| SHA256 | c87d882ab13a7d0aa27175872df53461cea81aa83406bc636f9a9db5b67b22a8 |
| SHA512 | f84c7b958ca13b17d896773093c9c5ab53c834ef33e6ad3a206aaf8f80f75ade8084f37189fd86b9656689dd0f7dbe5bfc45376a1fc64e31a2e45f6774f70e2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |