Analysis Overview
SHA256
cb438c9d979199f827210beefcd708dd63fe25947321585f3360fe1426caf5d2
Threat Level: No (potentially) malicious behavior was detected
The file a436ae4b6b72b4998135f9695e06cae3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:33
Platform
win7-20240611-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000083c30583063fb8be88dab0b8274b348f38ac5b1c21af492d701239d32e92bedd000000000e8000000002000020000000d667d79bfd5b62e198fed92056a1491d00cd1895e8abe913f6f81cc10642003f90000000d637dbabea64b9c67db7b8fb1e502959426493341a01a30c6ca4c4f8ffefc5dc777abafd574a71c59c171e46f781528ca71ffb551e3965301a5e2db044a8177160b983ef64a5fdcf50b9fd66ec1d42d64ae96854ff07f5eb04684e57c62783c6fab090ce0b4689b105c336b367a7169d6229585a2a5cfc0e59fbadd2fcde191a62427e281cb6a2ca401686025baf58fe40000000dfbde53595107836d118e9c8a27ca033573dbab4a603719a50c308d747fdddfb0cecc823d6743c5cf2ea7f7c5069e28b37f3b017a56f4bfa6fa3806445028d83 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422138" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85F7DBC1-294E-11EF-9A0D-7EE57A38E3C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000056b78b7089a87191116d469e0eaac4fb6b4c62ae5d0e62691ad47b382352b78c000000000e8000000002000020000000fffeb0cc363017f8be185b36f5d1ee02c854952911e82aaa1a70a9b37219cff42000000012158aef1bae3a565d07fcd688b0466ec57222d1923ac55fd8e748bdabea1933400000003659bd0a65deef3b0c4d70e3e54c3a331cd6d7036890f6c0747a6b2feceecc08613aa6f61be4d48dd9257089931096f597ca4c4051049a96261433abde236944 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0351c5b5bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a436ae4b6b72b4998135f9695e06cae3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.modulepush.com | udp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.243.59.13:80 | www.modulepush.com | tcp |
| US | 192.243.59.13:80 | www.modulepush.com | tcp |
| US | 8.8.8.8:53 | www.bnserving.com | udp |
| US | 192.243.59.20:80 | www.bnserving.com | tcp |
| US | 192.243.59.20:80 | www.bnserving.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18af57076c826effd18070d63b71ad31 |
| SHA1 | e6d0b7588eb9e11dc163a4d80e880e39334db3a1 |
| SHA256 | 352fd5109b52adfad8595a9b454f8ea539a48adf030cb2848fa08f6deaaf5411 |
| SHA512 | d4868549880753924a07e5919a4b2db23f0d8afe65082eb226aac673d955a2bc40123a4bff2e1fd7f56d63ec5b01a3bb3282470e72616694511aa503841cc050 |
C:\Users\Admin\AppData\Local\Temp\Cab2B84.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar2C18.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83d846c72b17edfddc7c74755801e1bf |
| SHA1 | e3e3eff1c4b81556c008d1a93e602918ad295e6e |
| SHA256 | fe92ce2e721b09d7f3fbd37dba09a5d2e8a1bc9900d0e08d95f56aa7bd781ba4 |
| SHA512 | 70d44792549826eefcc288ee69725deedf8b814ce678b8ee00b9e085e78e6c11193ff1d08bf637958f3c0c799d36a15386da884712e127cb0daca1c95d89d55a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 768449ffbdb68d390ef23fb8b0f65c46 |
| SHA1 | b33ab186ed8203dce0dc9b8877516352552e9b1a |
| SHA256 | 33514c56bb1809ab7fe4774b4c452f5b347840377e51ec13ec100048bfaaaa04 |
| SHA512 | 8bc00c8832a5c089530757b77f0b239bfa8bd76d9656dcf5ca528305153c5c17eb5171218c2e3c8a6679aea6890868e27f6224c78c3505383dbbf33d28b5217e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb5fb5a65ea20eeadb2c1c952389a166 |
| SHA1 | d9909c5ecbafa1c1a005aaf44eab7b24499da576 |
| SHA256 | 467f585f2d3ad14080e0d22fbf57d6c902e81c0b13fe7f0dd899ec0fc08d931b |
| SHA512 | 8763c3850234b10194b6d597c49916325d106f09c174b986ddd0ce2546a9dc512ded26ce546d909d298e3cef8a01341e4b577a82ade024b4c5408520cb8d07c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ed62534ebf00db803e8b10ae05fe248 |
| SHA1 | 67a28e7e2016460348f00447f2977c61c445e8c1 |
| SHA256 | 76b16929a57d4677ed2ebc8fac6eddeca0a15bcf000b286d09607ab943e787ac |
| SHA512 | dce1a85062eb821a1ecbbf236df87765427dde837c0c8745dde00edab67611816f579d2e2c44f5c62ec29e6c396f1e2cad1a7803ba6adc118b87264382e31c28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17c91c4152d0ee880dd4fbf0b02f6f3b |
| SHA1 | f90f06334644894cffd785ed4d4b31e282df5799 |
| SHA256 | 76ccede7d4771a3cf6bd75c7d64d1a263c71a30bd038fbf00782475175a4f454 |
| SHA512 | 35de6b27996395b00d7df21a915ff174feb0e14ae4ba3007f0197786b13ef23b16c22a317bd0c816973a6abff825f0e2cf05eac97d0e1630e45f1569b540ad2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dc79bfb32103712ae2edeb9c9907a28 |
| SHA1 | 61f28269c3f18ef8fa3fc6d6108c8aecf54aae8a |
| SHA256 | de2eeaf3a820720054424fb55ea41f264fcca113fcb38968b52d196be96550b6 |
| SHA512 | 691d2d00f64df9e93c70dcc46b44afabbf5c590fd27b9e708a8e6483580e15da0dde728b0f7c518d1a80e2e53fbe3e0853bb3351ef4cc340018b3efcd599b5e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89ecb6232704d03852c5ad6a48f6c1e5 |
| SHA1 | f146f8f6e47f03683aa63c90f0df7038515bda33 |
| SHA256 | 3a6e852510adbe3a20dcead5c1108e21534fa7deb9cf90ad771f89e82d08bff2 |
| SHA512 | 185da74fd53ffaed04a49a2962cfad5183bc3b77582f46f2241edd216660c2164a8e0c818d6e8808d17bb0da746ada29e18170467cb4acb6c6ef076ff1dd4923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 197a45f6812e99040bb2ac579a2d4999 |
| SHA1 | 0e9a9e71910811eb7a7272c5360dcb4a8b3d08d4 |
| SHA256 | 89a7f459fe596c105dd5c711b712ba9a83d80f8c00a1405400799d0cd8c10e86 |
| SHA512 | 05722ac1f968fd2ab2389e4b58693d5af6a3f9d54f67eef770552f0490b97150e978a125321fb7c320123ce24b7e618b8e45fd7af459583ff8aab3d39447d6fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39b1a7c396c7da99e92f3a4d55dae278 |
| SHA1 | 38a2384efee9436588e84d430b4561f0ec13329b |
| SHA256 | 3db4e104009dd9a78e2384e095973debbbe1d71ddde35a99049234c4f5619493 |
| SHA512 | 7b9de1d638dda57f48dbbacff6187e73a7d4d027d82a9ec9ced1feb137b483745777bac839f2b722bb216ee43b508168d2a48267957f8f7494d9c18c99b38d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb8010b435b06f0e3bf1573ce704874b |
| SHA1 | d1521ac8b94db76462dac246f2e471ffe9d4277c |
| SHA256 | 5c932dafc6cdaaaeb6b5ecd9eb5b56dccdc3b059eb7d923517907ae67b281732 |
| SHA512 | 943b6bd07fe9d6e16f509f1ce6978b4056b173e3c6390f6acd35ac289176f5538e20e6f010b245102e0c861807d698a13b0fc76109dec732beadde396a956c37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba833c1fccd134dc80e8470df9463dab |
| SHA1 | a844e463d585d8649c11d9d754db47662ed7dd40 |
| SHA256 | 03a9fe6e79d3826e0700eeb619719605ba1af1b5397a8945e01ac7d4b58609c5 |
| SHA512 | 9a1a62045bca9a722276d2c122bde3213a28086708d4c7227ec82511518ba12aad113292bcdd816533565d5f9df81ccbf526977183183d540077659301d205c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 193e0c890f9a7d987529afbe79a90d82 |
| SHA1 | 3142449aa64802bf47816c4cf73ff67bb2906ba6 |
| SHA256 | 99049c02d018e377dbea41373cd3d4783cc22af9f9006c69eac2312f32e31b7e |
| SHA512 | 45cd11d97257e9a2098b4b08fa22133b21308f32683df19ea6959486a4436649e1a6976dff36bd24238c1cb360f01f5e7e1fd78836aaecb8f36663cb07f6ad4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 933a20e6b2e896be2915178e72df9157 |
| SHA1 | 830ae917a95b013ff1ce3456ce58415f5986ed46 |
| SHA256 | 630bf15e0b8692a4d645480598dfee7286ca4ffa0a5c35145557a5c3af361b1e |
| SHA512 | 6454fdf5cb32838a114fe8857c9253640c800c232620e7f2b806ff062959e3e98722bf51364986859938a4e5eb221f4dd21cc9f9795efec8b916e25ec746b85d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7dd4864a3d19361aa6f572d5e8d8dfd |
| SHA1 | 45235debb064ff9ddeb0190b3b8dea35300e76da |
| SHA256 | f2c8813bfa5bc7a2066c2817aac7e3f2e334d2205c13297330c64895188e8ef6 |
| SHA512 | 191c8a4d74863c66e89745a01df179b02aae8a4d799c306ba270293066ff8be67027805a1f9215b48e50d99ea024a252d98f0c75c469787a445fa3968c9b642f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08dbe9da729c25d982ac4a529aac52f3 |
| SHA1 | ba6f95fb1b73b190029c1b7949aa08f732272af3 |
| SHA256 | c2b31564e01665b76b4310dbd99929443a2efe481c3222a7819300991f88bdda |
| SHA512 | 8091a1ed1e3fd2278da524fa036c722313010984e4a84dfe7a27c4bf07e8f63eff05eb6cd7451c40236f1caf0aa7112dac7cc1f6ee343c9662caeb2cad238f45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3f6da346b3bf9e13ff25d0508ae9825 |
| SHA1 | 96a459b669efb59471a97872ba18c1a01ad34d34 |
| SHA256 | d76013ebbfb6cce209f2c7d99281750769881cce82f370bb0054983b7a8b1175 |
| SHA512 | ad93e446b75c1534f399569a31ee2b8f6412872a9e2b19846b4ebbc0e0e196e0fa735b80cf4c7211a3c1c5bb335bef260ce0d5911933eb232855cb4a377f045f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4c99da0ec132d0840f9bd9ababd4109 |
| SHA1 | bcbff4df1e8d35c1302b3baeaa98469398207213 |
| SHA256 | 2f2f1e859fb576c61832930c4c4fa353cc70e1675c0d703855ab13e25954380e |
| SHA512 | 1f08b0d8d66750137305c73ba05410572ae50a592bbab5aa90a2bb68facf632e25469d630bb5683e39421b5bb5091da3ba310f705c3df4e95543f21f9323c863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fcfba04de6819e15efdc242fa0f77ed |
| SHA1 | fd1a19a3ad670f7d0b2e1057a1de7df0116f4818 |
| SHA256 | 450174ef52c50c7856d3f95fc49bcb665ae15967a4bd36d363743476fec46e38 |
| SHA512 | 7b6df4e336734280445f2bdd4a27e62123e90961e26df68f5b67df5e7c0410b58cb96ea7d470ee7430887bd843cd48c04e346f541f7ba0b320900242915dc878 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1b4eed3a202b049cc56644d4d4b08f9 |
| SHA1 | b359be8cbb68dc0c737f3f7fab65b42ec4b6f318 |
| SHA256 | bed0ce972b1415455289b8ade76fba841068721f568c744992b40004f0e35404 |
| SHA512 | 40014a146c60e3e5655603b185f3578b06498af55b5b7ae7b6aac4adeabc8642e18551b0d46bd7709131108b853c0bed0a8fce57151c32cf1bd06ef680983f2c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:33
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a436ae4b6b72b4998135f9695e06cae3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11220962278841598452,2098381350059728808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4564 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yvzgazds6d.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.modulepush.com | udp |
| US | 8.8.8.8:53 | www.bnserving.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3564_DOPCFESXKRQJCQBY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42e3417cf61881927d2d6067c1d27e0f |
| SHA1 | 3fac79cab2c106cb5fe10712d6db7e771e99c619 |
| SHA256 | bfe705723888ae61fb343ebc6687e041a1a856cf50a04930611c70f685a60ad4 |
| SHA512 | 99c008a75188a8d2b4b5240d6abab63f9e14253c814514515c51ecc600f80d1baed98d90b089eefaa5d814469df2867c17089a1a3c3f010fd03321a65cbb48c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 717eac94767b247854aae09aee43b90e |
| SHA1 | 812b2c7dbc98c51dbcde390f98dc2724c1a7d95d |
| SHA256 | 287f3a7efecb5eb00b5c4f4aa8f887958d773e00677b0d6f107e8dbb16b6041c |
| SHA512 | 80622ce3d451777aed9a4bd8f8c103e9d2d465f0961d37d3a74800d2c43aeea8357e459bfec8f173bad53175ceaeed35f2416e393a675b2c09f6fe4bb0cd8c87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a9dfc457cda2f494a431525fc98cdcb1 |
| SHA1 | c3564344f26761822a012e7380e930bdb11aed86 |
| SHA256 | ed70bf09ea51a98e34f5caf91bbcc36013c5ea6e53f0b483ec3d39ff5748f83e |
| SHA512 | 38f45b36287e078ba926939623848d29b0404310a73a972f1305cd856e0dd64c0cd66ac30aee63c2977d2dae76128c7764ec4c06920c47e67def5a63fe5bc76f |