Analysis Overview
SHA256
d0783ba9345163ebf33370ee93aa95a4b778dba5e735e8a2d965483d2103bf7b
Threat Level: No (potentially) malicious behavior was detected
The file a48fb1845b14bae1369f36a1e4f2a029_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:10
Reported
2024-06-13 08:12
Platform
win7-20240221-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a22691d2bb6024e8a73dbf935cdbc0700000000020000000000106600000001000020000000bebc2c4a79919b5b27e84f51840e49a8eecabc9718ab29bb9a3fb06b7b542ca0000000000e8000000002000020000000649af9b98c1d1e6370c2aa65719e704a9cf146f6a3f2a0fad4104527a753e38390000000ad8c95f966171d07cbbe16fe0e264d9003a843eb9252aaa669c2fd5a97b3ad1304fa13a7a827de7d25e54d58d2148fa7b4af47de3e476680b233d71cd550b820bb2c862e39583d8aabb44cb1128cf910bb654cd4d2ebbe108339bdf3855605ec98011071d2a0f87d57a7d1e20addd1a4a72998d6bdc1ff5a079f45dcdd4f73cd929a47802aeeaf5c68ec079e6210878640000000b0cce1a6150c17fc1af38e4b28eb044c4d914da0ab4bd8c564e776e94dd451118e269e8f7c932a1d17fc5412c118219117cdf923886ebd68048c933d6710d609 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55AE19D1-295C-11EF-9387-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406f172c69bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a22691d2bb6024e8a73dbf935cdbc0700000000020000000000106600000001000020000000ac3a42d4ab7fcbda11c9b7128615a7719d4fd176452c841bf106e8e3443129f8000000000e800000000200002000000044acd5159cbe1b4df5be2f57c9c9775eac95ab600482c83aeb9b0d95686bd7b920000000ebfbf31ff57afe10153d2c69bd7afb243f374da8fe4347cb8006f7bf22b5d4d140000000df52cf5db843010fd5ee0c6ac0ab3a16b221f07d733e9caa8d4c6ae3f94bb7505ec1b34bef752112c2508dc90630460dadcea86e683c174a9c30543738348536 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428070" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48fb1845b14bae1369f36a1e4f2a029_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.google.co.id | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | agenprediksibola.net | udp |
| GB | 142.250.187.195:80 | www.google.co.id | tcp |
| GB | 142.250.187.195:80 | www.google.co.id | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| US | 104.20.18.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f69cc4d5ce4dfdbc1cb717845e20a8ef |
| SHA1 | 51baa16e058c96e1874eb2016b72dcb450e8128f |
| SHA256 | 328c5ccaf3ed30e711adf7268e41965f533b16b79ec07667df11f238bcfaf056 |
| SHA512 | 737e8f84497cc7f1685d01c5689661a3dc230869f653ac742376537f2e8ac493c9752f9424b168dbd3fa261db2e3b8f0194db13b904a636fd89ebbc905aa6adf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 93ab8235a3777c61d3d7f88b1d4c9a97 |
| SHA1 | a263c7e919cf031d8b8c49cae573057d36e6a26f |
| SHA256 | 177b2013429a7f636cf91e97f6fc7d2b02c7fdf52760cfbdca2fea0cc635e8ca |
| SHA512 | 5e9d5cc4e5c01c42c0317a1dc2bd6321e30c06a8e790e3f538ba0b2838d21582effb1f4b8bd413d31c5b19333a64f9f2d52b28f12592bd0a541abd0515a08647 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 108b2d3d719449e3b55b8179475c22e0 |
| SHA1 | 19c79e3c8e0166d2f2ccec8c85068ae981445136 |
| SHA256 | ae8fb4857b6ca66fdaeb37bc1d1be169f7405bea3873b02224c3536b8d14cc0f |
| SHA512 | 63faacff3d7c82d51efca011dcc71d6422c849e36ac406fcd1e8adf8d23b1f731c4ed3fa5e0b9af02eb0269eaae85a3289e96582ab1351c2e442cf55866ad013 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 18ee4f202a9042182e14dab7ecf23813 |
| SHA1 | 4c85a6a16c193f30a8d702fa8f85d154f5a33591 |
| SHA256 | 2c4a677407837b886887e9c88ea0c7fa6c5648a36792b9cef224efbf8bcdbe5f |
| SHA512 | 107c824dcab4f0cf1e33c476ce5d1145b924a0f6e444dc4699f682ff3e36cf6ebe4a331dec3ed349eeb5417d4dd5901851c66364077a03c1a28ded228bccc308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\Local\Temp\Cab16AE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar170F.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cabb3f499a337b1f4bbff8ed9f072a46 |
| SHA1 | 599b9385ea22eecd789925ae019fca6e23a8d8a9 |
| SHA256 | ecc057ada9ab8414ba260160d70b05361deab7e15cd1c70264f51b263069f536 |
| SHA512 | 4ebab0abdedbc796a825b2e29d74c0d7c6a71cd18e7b913c18e45ed41803561792e2f7aec27fd390a4b875f53ec1d4a9d214a18791b86fa29e24b84d8fd8dd9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar17A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 070fe8dc2b0f9de2e64ab129f17b6589 |
| SHA1 | fb206553897d83bd92533e9ac534000b4da83fbc |
| SHA256 | 99f51049d68fd5a6e8546d074d6081070484980c99fae7194cd82033d13bbf26 |
| SHA512 | e50c8720f9b5408f200eb4eef12b792d259e68c0a977318c76ba519971fafbfa9d0efec20a9e69137d1cf102b062b4547f15d45ad6f89c916086a3b61edc305c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18f24ec7f811670a4ae71a0f0068f34c |
| SHA1 | ecaf55a8779f72a65edf839089903069521c8fbd |
| SHA256 | 0a03a931c039f9f880135816744a9535b5b902a327169eece360c93b098f29e6 |
| SHA512 | 705dfcb09e58258f96b58247864103cae11d3a1915c05ace6c2dd854e1847287b44a20680c356c97ae4d1d055d61811bcb8c96403738caced41e9393d5e98a89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc03b7194278be229b17448d1991af42 |
| SHA1 | 81350d182cd65c6edbe837afcb50f7a6923fdee9 |
| SHA256 | 39039266ebee88e261ab6f943f608d0869793c83ce0766e00a5e0dca1866b6a0 |
| SHA512 | 977033eed3e948f0d794f25924d57da8ecee4ce2ac52507164c7e846cf900897c3c9131c070fbc5b17aaf503058ef9541a558f81ae66c993cc8aaa293840b3c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeaa43ef5203722692b63cce635d3f55 |
| SHA1 | 9b5c2eff385fed5b38e7a8423f8a967d82ce014a |
| SHA256 | 58ac2ec23d5c2756e99e99881c4380145699b5559dfce37798b106078dc7fe1c |
| SHA512 | 71e7aea017e511ab07b3ad998552ac339e847d53af538cd352d8b382ac84044aec64db42a7295c0c85c1b30711432e026af784367944262d155a3ef6ef34ca0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23be4a3e62362788c3f1ce4d2b94d3c4 |
| SHA1 | 5ad52c4435478d2f8373a55788183aea5073ad74 |
| SHA256 | 643109e15c15c704e8187a743b09bc3de9ef816cb72de7520b95e02b32bb39e8 |
| SHA512 | a05da318af417edc812b0849f3c5b9a6e643a6e92587cde392eb33f2fbe53b3b6a603336dffbee20e3b4ed47e754e7912c6d7d00d0f661ebd23971cf23928939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b972472e257bdbacee9565d0f97bf03e |
| SHA1 | c782cd4cb2af4ceb81c0804f6c1331aafd8f105e |
| SHA256 | 47370eed0c7374a5cfc3d4a4551bc0f4819615c68d811d96926e02449ff2a8d3 |
| SHA512 | 4ff66a27f0c28337e6285dd93d5c593c62c5d60214296daf049031442714aedff11156ee373c41a40f11d809d9a60595bfbdece9b90d902d93b081ca7d9dda8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 160ebfbf8a676c4dd7ffd0e8544aa78b |
| SHA1 | 4000ece8837dd1b8299efef04fe9990a04acb395 |
| SHA256 | 867f33bb9c377079ee5b78394e2b9d6bfe312d81b85ff83eabeadf1e89b9e23d |
| SHA512 | 15700a643ee8f6f6689435281790839e8ce87bb77f29bd324c838cae43386f249b7c3a80ccb47121776ff571ceefe44981a7d9f8e7e581338dad5b5ba46eeafa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14a25391129291328f5aaa4e890a26a8 |
| SHA1 | e80812c2d3bef40d7059a6b0a1f4b9bed06dec21 |
| SHA256 | e45b60feab9814597010876f2855b17285531f344dc6492237940b4af8afb3a7 |
| SHA512 | 7b650fa1165e6090dec2630eb4421a097bb41570b410e05c591e3a34aedc679333baf97c1c063f48f664e1010fdbb0ac5df96a08e6ffdf1bccde5ac53828c5f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9a3f581be58b980725055d0cf4fe361 |
| SHA1 | 21942168a8c2ba1d8c60bbf182f5aa24e5e734b1 |
| SHA256 | 28076e1244e50a092ed98ae429563dfa43eaf987c7f245ccbb435b4495d217d6 |
| SHA512 | f9a594746eb924edb25ce85d33f188b45029631621cdf0b1109a37d42ee45ed00c4d9b2123fca3e0d93fae55298761f22ad605a7d2f2b788443b9ba62cbbe10d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86128d83c3353a028c80700981878958 |
| SHA1 | f54e65ad083648726422cf17ef7a3e40a2e0067f |
| SHA256 | 7d53cc933d3f064c3c7fd5bb2292092ad770b709d3b707bebbe4c498c19b6b2c |
| SHA512 | b5df2f6e42c802d1a2a45730edeb8c51f3a53bc89e02e1454767e8f1a587bff64e8815b49eddf8926c101a001af263c2feffd1551f01eb40a49cc7984b806d81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa5040d8e98790b6433c1d930026ef8c |
| SHA1 | ac494cbe4888ee053f3b4545cc0af874e9fa6d93 |
| SHA256 | f98a570d4a6dda81125b01b82e23230ec53ca1375c982d73228b613e43b065ec |
| SHA512 | 0e5ea3ef450961e940074efca7372d3d182063eecfd4418c373726d24ed47c4c131b89cc3f0c4ec5cdb1f52fc4f934e030f848f6ad8ef54794a981ad5733d5c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1fb684bd15a32cacccc05fc7b1e03f |
| SHA1 | 7cd9a247697f83e21e76edfd6d48f75a51791669 |
| SHA256 | 678b37b07c69e67c268a59ad42ecc20e6d9d135672fdcd430eff0d26af46eb35 |
| SHA512 | 17a3dcfff2efb579f0c5778c441e4de3f6f0b5239c89485c5bad8c2c04e0ee05ac41d237c7edec576b95c4ff1f95ea39f6760fc2a92bf8c805842fe60b9feab5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b48dfa77bbe07aa4dcdae36b26e2e3a |
| SHA1 | 216778df3ce87c711ecf2888f9891d03754eb0d9 |
| SHA256 | 7e96b9e010e20733e2077c09e1c85c2063723202f9015bbe5796f700e4cdc031 |
| SHA512 | 0735b7b8fd0a4016bd84e8f6ac9e35d0f9c425159bc9b748181533f61190f154e42060bc2bae1b1edc58c6bf2429133978673845c1815041cef14275e2e4d799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a360b91034d98986645c221fcbf879 |
| SHA1 | bf3eb0056bbcecdac2dbbd787c3518d08be0feff |
| SHA256 | f1854d839c66681136a94ca796122ede7807ad62ec37b16d6d0099b45570d11e |
| SHA512 | 8320a13e0dc1bd2eb453b719afa06a27cdc5cfc53c408a1f154fcdd47b9c0aece98ed5d7d28f3ae77efe7b5e423bb8478e36893a6fd372be8687495ca66480a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0236f886e0b186acfc855da5a0960ef5 |
| SHA1 | 59568c301b9a5d928bea868369a55bdd10d0ffe1 |
| SHA256 | 7b8f2e83fafdd780dfac6440446a217dc3b5ad124f1d2c471b58b9098c896270 |
| SHA512 | 9bda0f455af18290126827529db05e95f94cd6d95cd6c847c9ee1e1d903e92393b608d0f46c501daadcca7530ca65af32ba6417d6fc6fe5afe4857f0b284b569 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c06a907a14c34e6c15cbfec90d5de745 |
| SHA1 | 8897cfceb27db525e8ade630188aceb4eada6b0b |
| SHA256 | 4a2c62f5dc982753df019a3267df3134e54cf9a90b4e77260bf0180e6be0228f |
| SHA512 | 2ac67890cfb27e042e9fc846d10309809cd9110eff8e31775f73c0da895439d9cf4e0b3ae4ef76513716e58af0659cf528b70682360e89d8ccbb321b629276cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b371f29f50492827bc28a11c4bf78c16 |
| SHA1 | c30d6185270ffe3bd22af162a7838ea463e82513 |
| SHA256 | d9c2cf93290862ebd71c74bf4897dc759d69d08e4868df74638b6e3bac7a962c |
| SHA512 | d10ddc1d550ff33af02f048dedf9a24b2a80459e683602db21fe1def834ea9a3f65e7df5234288805fabf0a0e673953a1ed57c7d8795b8f3bc8c4ca433564702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64f4d03957d1c4e28e14bc150bb2c2ba |
| SHA1 | fc71d81724cf23be5929e6697d348a468005ac0e |
| SHA256 | affc45316356b8c60e75143c817615f9799218e5901cb29f78301bc5d01cb7cc |
| SHA512 | ff55b4a1ac3ed30becadc779d244cb95d3747cd1abfd5f0b48e04c29a15432b6a6866e98c6d508a6f222e338fb205a1ebcd21c1b0103b6a8e5c67356ef15d6fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 01738c00895da344540740402a6b547f |
| SHA1 | 115affe750d166b44803c1e097655c4c0e88fe10 |
| SHA256 | cb57ca3a582c2463ec56aa380c74187838f2483c2da2564dfc2b048238cdb9a1 |
| SHA512 | f53ceb801aac63b66c68f2e06b4ab33b92e816d034d70e85006813b350b73641906084171c6bbf30544396f0e85f2a9d47fb834dfa8d6ebb6f6dde0daecc9d21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 800038079a4557deab294c3edd240641 |
| SHA1 | 37e22f2ccccd27505fc2a6a07115228033e3556b |
| SHA256 | 88cd60a912718089ba160a144521daad9480716d30e588c90f14b61b531222a1 |
| SHA512 | fe63247f460a6345fab80d68ba9772d262e65fc69f2133e2c1419d07552f90e0a7c67cb86c95f036db4dedc0b616153ef97f4d35024ee4210f8ac3434b0ce484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e138c6989a7bc2c3643b44d35516ba62 |
| SHA1 | 40b31e149c45e63efbc64eb0518f02adaf266247 |
| SHA256 | 147a7c01b4fe35e0ef62211bb7ac848c324644d893911981f6f0c1fc609dcb5d |
| SHA512 | e8e1fb5fa44f29643f416d2137aa754a04b8ff023f0bcfde3e08a5ba031e36a57c35b14718a0ef80b13ea653dedfbb2468679a584e68abb044dc4a87023266fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba41f380a86da79dfccc7cc6caf12ba2 |
| SHA1 | d4d11e28cdeef46c51f42c58bb7992bb08333724 |
| SHA256 | 4b4fca6c59ea1f600137561803d5aa6401233fb3b1116c0e786cf1c62daa74a9 |
| SHA512 | 83cdbad34e7eb4f2511a47598053dc2cf7c45e1861c8304099f51b758bb616fb0e9d0498276a74885c55825053f50702202e496b2b6f6ef8dca43034caa81c20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3dd7fc985de61f8d47d9e4bc1fa646e |
| SHA1 | 1d2f3b06ef7769cbdbc9dec07c09a4bb81fac91d |
| SHA256 | 4b9b362fb23f04379959bf1df1f9fab9c82075e919fbf75f1ca348d4b5d825bd |
| SHA512 | 70273fd788055ce0b125ccf9ee529b2790170b312b44cb1657f7e119786af4f211e43bebe6f87648ec17be0b52cf43fc3a4139a3630e576c0659e3eec0af300a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abc3eeca13f24c05f1febb0f9316463b |
| SHA1 | f9905710394e0c59b21cdf66fd8da5ee503dc27b |
| SHA256 | 68f6685771e65537f1ea27f2047371040a2d30b7402f2ffb280e960ddf348d13 |
| SHA512 | 4bd06d939daea47a60c27a4f2f96d00365ecec4af711ea406ec5d9706c94889104726b5a45ceee443ffe04fe76ec37c553895aa14a4bb8dba2cd149fa437597a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 48f891aa6b0eab82db4090ea5d0c26fd |
| SHA1 | de2fb572d4f2f2eaf7d76f57bc0ccfe0644c16d7 |
| SHA256 | b9ab3f516516743ae88657287f72093414271646489dc5ee2d2016110cf56fd4 |
| SHA512 | f74d0b8a4e402ec22356fdf213e0031f1c6dae17d7d29d4a4b33d999d2a2d8c61889a610b66f53adb32b902a9abb7639781efbbdb50af8e9fc99e478ac665cef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fd7429452a575f95f4c8f98a1f55026 |
| SHA1 | d169607f4b4afa7ad650f5771d06883bd6585187 |
| SHA256 | d8c0cd5c256f9fee793e8bd85d8e678e882c4b2a7eed28a23ea79399e4df30f9 |
| SHA512 | 1ce8f8194f161d7afd6811a39d61e4db6f7b01150c251445ddf60e5223c41f99ee859a8853a8c8ab0c80f8ce320a22b98dcdb67232c4b96d6f20b97e01471c12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3584d1570d36dbe7e2223df3b53da682 |
| SHA1 | dbc804f83019e6902c5483ef00c73b7d2ea8e230 |
| SHA256 | b2039e8c36a759e66c716b93b750c3a5f05b09b19b2711a5a9f3514669f7535b |
| SHA512 | 2d76abd99ca441e671cc271eeab572f35530263646ad26ef029bbe21f8b3046727b0a45e8d08f0fa67ad09f26e524fcc2c8744d772af7c00bca81637e7ea35f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4985e29d1fccbd645f8dbd9c9d0fe28d |
| SHA1 | 67281baf01828476315902356f443928fa783395 |
| SHA256 | b50ddeee18879f79aba36c4bd67137c5e83b275b523a5a6c9e52e41699b3a51b |
| SHA512 | b550a15446b00dc2021d73b82c6815964e5d19ad0866992012ec047d74514d2dadb0ede9dba813217098ff2423fd372d3c35865699005f9d031ecccd15324659 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:10
Reported
2024-06-13 08:12
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48fb1845b14bae1369f36a1e4f2a029_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16421050443315990869,17296342621073765108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.google.co.id | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | agenprediksibola.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1328_BZHDYRLNRRVDOHUD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14f5f95806268b541e3c4e9d6f67c4bd |
| SHA1 | fbfea68f543a25941dfe00be0b226e4211ceabcd |
| SHA256 | 4243c703ce8b7a961ed1d47fbbf15c4ff1d5d506c9c22fc5d3d45845b5b13a0a |
| SHA512 | a7a1f7d38b11917e4bbab1c5025383fabea2a5e6d56f0c2aa27e54fa6d21f3dfea14b541b82877a888baefd4ab7e23b9b6c6878764ef619bf6546dbe94409952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 303c221ad5c95ec11656faff6a5728ae |
| SHA1 | 7ef8ee3254368f078e418821a63c2f97edd83886 |
| SHA256 | 7f2a534e6933cb1fd8b21eaa48fe7a17f876e9a50326f31db0a20630c3733541 |
| SHA512 | 3f56e85a7bc1ba2720a0c1edd11242bdf40229ce8a72ae747cb3b535177f0671f041707ce7de86a9c1fbce2fe9e837d359aec32a71c10a0f38f3093c4c471c8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |