Analysis Overview
SHA256
64bfc0c59bbe3d7da0d4bf9823910c17cc8970b6585d03254e85279194840446
Threat Level: No (potentially) malicious behavior was detected
The file a48fd5e32084d1984e9bf78cdac5fabd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:10
Reported
2024-06-13 08:12
Platform
win7-20240611-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428077" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000090cce85bb01c6a0a69f3cd88cfda6354a0243ebb79b6cfff4a97dfd038298674000000000e8000000002000020000000fc0bde32c555e21e8defacc2e643adda1068934c5ceba3361337116059a772f590000000260fee380f23b84e01a87b4f54d86299def242e93608683286b8fccd304c5ae4d50b0d5f4cb0a14e0ee737f484db484b31efeef5e041eab6f59f4b3de5de1c1a10082a4deac6c02c8e2209dfa67805e9cac2c2ed747b6795a258c5b6b6ea4255c4d675fcc39e3bb0bd28f3ec2a46b8b2838b3fe6e82d228594ea682250964b84b5c42312b86ce86e98e272050cac33b740000000900f962aeb7ad625e81126aa6fec0c131683e76544e140f44c4b8d617ad409180372bde837278d78ad42a98b237913267e920df74fddaa15c7ae62de321ad1be | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59E3EBB1-295C-11EF-BEBB-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bb1e2f69bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000ee5a5482faf7a9cde6fdea6298b23ebb0020bbe830b1bca281eec77a7dc2a4fa000000000e8000000002000020000000115b3ef1e9bb4f5aa5193cbb1856a31f1c55e99eacdc85638a2ca77eca29e08e200000000e96c29433ef319d5f2076b3a2948487ebb73627e246fc104e0e23ee3947ce8240000000d13ad974dd13d630611d9712a9fb4e71393684d6237269127ab9e2cc70aeff5607b362dab1953685b1f426aca7f572076c67a83e79f95c83fa430dd97e654c73 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3056 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48fd5e32084d1984e9bf78cdac5fabd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.bestcamerareviewsite.net | udp |
| US | 8.8.8.8:53 | ecx.images-amazon.com | udp |
| FR | 13.249.14.225:80 | ecx.images-amazon.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| FR | 13.249.14.225:80 | ecx.images-amazon.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | jamtower.com | udp |
| US | 3.140.13.188:80 | jamtower.com | tcp |
| US | 3.140.13.188:80 | jamtower.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd101828f194bb2d4f3b46599324bacc |
| SHA1 | e89f952896ec2387b75366d51ff57dd488fab307 |
| SHA256 | 98bc9caccae75909c370e99e17222392e653270c67afa0f1c18b02a3e86fc885 |
| SHA512 | d85cff201002c532e7e63d95ac1efafb05a216fe4c6d00c36a5126984e84b1b7d6927c06cd8cd018b7c4d1f84be4fb1da2884261acf8f799b6262c30c828c824 |
C:\Users\Admin\AppData\Local\Temp\Cab3297.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63a6e07d6b985476410ea6af565263d1 |
| SHA1 | 1dd7a41b32b36bf8783ab6bb58dcc670bc4de57b |
| SHA256 | 5f030a7f9b49090d54ac6a96e7141fc7df8d3f1abb4488010063d9d3952fe1c9 |
| SHA512 | e73a780f00bafd9327fa2a381cc072bc0f898d785ca92df39eef986aa1c158c57c1bef9ea3f7f899d7be64171b78d115eaa327f74e76b2e235b9f264b689969c |
C:\Users\Admin\AppData\Local\Temp\Tar3358.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc79a28198814e49a2d274adbd81ae08 |
| SHA1 | a2a1ef250f08852a467d77461a851ad00dc11dd3 |
| SHA256 | a0b192d1928d9d1f6b4007947cb3eeb0180941a5e6d83c3b26f5eb2a77aa6d28 |
| SHA512 | 0812d632b1f21082fc3aa35e12549cd70f1cf2cbc57c4a8963c8a95df25d093e0194afa1138636d5c0b8c90605013632d3b51ea60915dca51967a1034314a51f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08ae63355527c13d9c958cb02fd350f6 |
| SHA1 | 693039b23f2e7c149b68f4906e7df736d65969d5 |
| SHA256 | da30fb2e221f9732a3b2dbfcf8daee0969ab0593eaf37d0d36e12241e8404c71 |
| SHA512 | 324385263d2c0fdffd0b9a18fa23b323343ed2a478426c7f533e7c0a0972c2d7ceccca7d9b6c67e593c82a25c2972f00f788ca0476336584658265c1c259c742 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ccd916a24ded6c66cd5dcd06254dcf9 |
| SHA1 | 9e9cbb9319cd9bb8d595db5bc52cd28c577f6bb8 |
| SHA256 | c9406b93d1c43b4e59577bf0270e344943f5b7237b09752587c3a0930322c3ea |
| SHA512 | 70b1a250f623337e7afa1d250d78e69948b001d94bc0df3ff7713017824adf0493eda81c054e78bcfd2c3efeb5ec123a5e552771d309d5f25c855ff07fe09775 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33b51fa402e4b6c9104d20f67ec31f04 |
| SHA1 | 2af3dc18bac94cd9df914781107a701b1867e7c6 |
| SHA256 | a1888344eeedf26e8fa2e81d77539c6165d413fbd511a6b7fd9048fed7c6aaf1 |
| SHA512 | e5e34b56c383e1121c829b6bb25398d661e9fa9a42fef64c6bd07bba7f17ff48f779fd251b387907aa2b38ca7e68c16ba048734373f35d846c3de856f0bbd9cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ee54cf2a90fb95c1804d6adf9998b5 |
| SHA1 | 336e90bdf6817c228d53eef07b00a4732f382ab8 |
| SHA256 | 76be1c6e78f7a2d076b558479688e8ed9214f53caee65e869d9a03601962ce46 |
| SHA512 | 5f1fb71548a4df228917bcd612bc0b29e3523eb4e9dd96ca449f5b75f019d46b9b30b6a9c4a6d8a7959fef43d9b0644a340c34c904c0a49bf01a2de386a85211 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d38bc427f3a282a584971b564808b46e |
| SHA1 | ca392113d82f79308e6ab62a24cb8821b4e070ed |
| SHA256 | b718f56ced06389d33c78dd48e43d45bb40ce1d31a3f78b9825ca1cfc18b45a0 |
| SHA512 | ea71cedeae7b6d10dff33e60c1b49489f2a6fb75b57cadc65c077d4927ae46538ad066cf0acd81faa034a3ef9fd85c673f23c4f2cf2487316c45f7d1fe0a839b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 537e2a1d286f703c4491f405b0badd94 |
| SHA1 | 95d81b53f94f9151ca2e0286e406303015eb495a |
| SHA256 | 0b4d0e432ea18cf8ace31b0308bc58851bc82c41c9fd55c9cfa18cfc254be833 |
| SHA512 | 2d187603d3aa3e8bc61e2ccbc91095c074ca7ebd1750010802f0fb67e7a02e240d02661e7d8f054643f6f89624680c25c76dad5cbd51a06983faa29a61edb0c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e8609b3ec6aae1be4c4ec3b81c33f45 |
| SHA1 | 4403c6039f6ecf1d64c8ca8d9f9c0e881b3d46f5 |
| SHA256 | c9fdcdbcac12d2f6d7d7463eaa3c07811042df475fc77eca822d754e115fe29a |
| SHA512 | 2640ad000bac89adbf5b184f7b9b30170a006ea26e45f669ac56569cb0f8e62de431e7a8b87486330cd1e8ecd8015813a19c4f263eaa59644bbed9125ba63e86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fd711a87edeeca11c9e7e26b6c4413b |
| SHA1 | 3d66da8bb8f65f43cb117755d7926627fb52310b |
| SHA256 | 99b6212465253389ab790326c71599d3c2963600be26167b12ec8ab72eb759a1 |
| SHA512 | b5e37463b81dc6f9fc25960e66de043e8cacef6475a2f7c20471e4be195fdfe845ae1c8895fd82ae2a284fb9dd304751d34c3547db66b583f58553078a26ab24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29be60a9562823ebaa535243b5c0609d |
| SHA1 | 28d6ee3b4b56871e539684bf37f2f28814da51fe |
| SHA256 | 3c5389a3d82d9dacb5d61ae03a1d75772fbc862611a50fb6da65af1384fdc28a |
| SHA512 | 959394eec802c84ad49caddd1c79163c21448b44639c7cca57f279b801f432faf27a85303b5d5a903e56307ef07977e99a6b6477eb39724bd016914c38bc08a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 734d71f4cc658c9a9362e5af5e8d43cd |
| SHA1 | 343b58410567d34c0a0f350d91ffd4f37bf37074 |
| SHA256 | edcc070e4c684e139bdb8547c13c3971193f1eebbd977850ae76d3e9ca73c014 |
| SHA512 | ee5b99276506e31731cea91ffa46e9754a8bd1bdf33ce47d31c11c303b17b023fe32cde70767105ac90705bf73e8e7dc198f93e0dfee7a0920aa729e5c2523d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fc14da508fccb87caac4f6d8dde4554 |
| SHA1 | 51d239d9e95b6879c97b957afff430a96c6819ad |
| SHA256 | ccce5c2f864fc24308fd75b5aef10c62b7c2a3b9cf5cc5684d0c272a81c6ae23 |
| SHA512 | b4711c3c8acebee2eb96578e9eb7ac9d69ed20e0b4d650df67c98166989e42abd28dd35cf0f4bb55abf490d870db40bc55f810daf8b1b42d967f281512b35fc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b299a17b66d81887ab7b61ff77b7752 |
| SHA1 | 32d36eac0273a38c8f8ba84034cdd300b915b432 |
| SHA256 | a20b1b714e5ef6642ff11d5d45964f916091b516b2fe193abf916e41315ef24c |
| SHA512 | 9549ffe48725094b1f33ce6bac1974b74c2f17a82db4e2bf270dae0871a5aa8bd47f3caaf768d048332f06c46254c5f2fcb8499d4b75cf817d532fa38e119f72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a321ee625130c4d09d83220321d94a36 |
| SHA1 | 0a37a889dd7a15807f75d1c220f496f6bac2bc7e |
| SHA256 | 95e76f55bf385b6ee38ee5597f39e28455cca7a6cad2123916bcde24f22a3e8b |
| SHA512 | 7bbebeeeb5f763416162293c2ecf171e02eca812ec13fea8e23a0adfc659a53abfd4f2e048246cbddb8038d03408342c50b190c53e2946ec8a0d199c146f1712 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92fc47e422c6890eb57da639ca75bb68 |
| SHA1 | 85c4d0ac6790204f65d91c541a8d3702f43690e1 |
| SHA256 | 1b4d1706a2d761bd6fc0b009bf94a447361592c5d4dedb2deca1aac5b5d6b1df |
| SHA512 | 840b2ada85900eecc10e7f38d5916698d9ee99582a51bb7425e0ca61bd1e3f75edba50c952a0ef8f95c40230ced988283d3abd3a10e6a3cbdf5cb16f21cc1d16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6108b9327ef068d7fd392454687cfcc |
| SHA1 | e036c6623d83b946db1f3faba8f26a8c64b78961 |
| SHA256 | acd5f6b1c368ae0f474c894df583c603204e76d8f24607a63ba8b968af898f48 |
| SHA512 | 347eaa3f235ea07899f9ab1474ad587b85d78de7377432d3c1e4519e866131c7c7266f5cacecc845dcf504dbfd373aac91afc6e428f6db5b42262d04c2e168d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33a93c0a87023003640b91c5b5fbb3e4 |
| SHA1 | 4e9006055e1a727f988a7d62de769d057eeb30e7 |
| SHA256 | 04745a300376693c6a5c634d6862bc5e26f7468b7642d5732eab78cc6715898f |
| SHA512 | a6af1ec5085b686dfaefce6071c4969d6b99bbc70f69656ee354f92516bdc78f96c95a6f5f66e6ba8be2a2919c080b32cca2248a71048ab33e239b9bf4d5525b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b254189d9828d7eb33adb6fa4c96210 |
| SHA1 | 742a4bf813a23b006c52727b499e446534f29357 |
| SHA256 | 6c546067dfce319e1474a3e2ca5e0567761ad9444e947d8725ab215f4b010d8e |
| SHA512 | 908105ad909408a836df9433db5317045744cd35d6bd0c506375a7337150ce04b4507a3ae5272c6b4a831e50f9f26d8d80887721ac1b4a0b7270b4f143b117da |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:10
Reported
2024-06-13 08:12
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48fd5e32084d1984e9bf78cdac5fabd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14744161585423679215,7200766932560206528,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bestcamerareviewsite.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.bestcamerareviewsite.net | udp |
| US | 8.8.8.8:53 | jamtower.com | udp |
| US | 8.8.8.8:53 | ecx.images-amazon.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1804_PFDMOGYVEFTXHYEO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1095e9bf458f3b2057a6b43c5e4e614 |
| SHA1 | c302d2de4d7fb7dba1db695af4b0fbcce8eba8fb |
| SHA256 | 154026ac590b15f7ce94eb83db228731e71bea52ede7c3d67d901ebe80e7210a |
| SHA512 | 0e96c030c084a5fd89787100d86f04ed504dead2ef989a7bb69bf908ea5adaf3c993dcbad00f54db3b0eec6a7b5a72d4f978dfbff7c7c32113f732a2121cbbf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6667159d73d8de698aca9953cd7bc7a1 |
| SHA1 | 3bf6bd305226a0fe6c2ae052f40dd622b58e273a |
| SHA256 | 3c998fecdf8aaff0ae8fbe1978a7dbc8ad7d7ea9761d5679e0fbe3709e1840c9 |
| SHA512 | 06f30a5b263c27945e2925673182f6f19e5b5338884107400e5dc289ea6198d3c00b47df0ba350bea12261e6ceb42532b33aa009551527129cda4da348869409 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e869e7a55beb8a4b22eb1f9bc2b54f9 |
| SHA1 | 634f6ee07f525058100c7503cd5e3e47413d734d |
| SHA256 | 5a495397891001dbc8f00a4e1fb40b1e225df33c1a7438552d2fe2eb04a7ab70 |
| SHA512 | a5a1c9bfd073543dda2f8d5ed67b6ba60db12a991a8f5271bc5723bffe630181ee4ff992fd1fe25b98714f0b2b59a235ebceb35363ebc1a72f20e6de89969051 |