Analysis Overview
SHA256
bf31cb93893a2b223f954ca91145e1153fab52b3531d367770df7b3aca3dbb7b
Threat Level: No (potentially) malicious behavior was detected
The file a4773218eef4e675a31a1389f5b4cace_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win7-20240611-en
Max time kernel
139s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E2FB091-2958-11EF-964E-D2952450F783} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426232" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2088 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4773218eef4e675a31a1389f5b4cace_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cpro.baidustatic.com | udp |
| US | 8.8.8.8:53 | shangbawe.qiniudn.com | udp |
| US | 8.8.8.8:53 | gravatar.duoshuo.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | 38we.com | udp |
| US | 163.181.154.231:80 | js.users.51.la | tcp |
| US | 163.181.154.231:80 | js.users.51.la | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| US | 38.28.219.157:80 | 38we.com | tcp |
| US | 38.28.219.157:80 | 38we.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 60.188.118.221:80 | shangbawe.qiniudn.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| CN | 60.188.118.222:80 | shangbawe.qiniudn.com | tcp |
| US | 8.8.8.8:53 | marville.be | udp |
| FR | 213.186.33.18:80 | marville.be | tcp |
| FR | 213.186.33.18:80 | marville.be | tcp |
| FR | 213.186.33.18:443 | marville.be | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE91.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF42.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f0bbb07d87a6b6fc199caacbc2555d3 |
| SHA1 | 4cfacc0e845b2a3a074ccccbc98d5e9d1385637e |
| SHA256 | 455f0bbdbb7ee2aa0d09eb69a7092942b447ba1a62d0e7cfeae1f0123116d049 |
| SHA512 | 309b47d1bb0d98ec2f2c8b4b1c45f0d498cf0314fa2439adaf6b1828e7d807aa973c56a648856826d40781a2547b399107c9538a1c389a63c3c423881bf07748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87b212bb66567d26419f0b5e053f73d0 |
| SHA1 | 2e9740764897f85a7c47ff7049e5beffca94d1fa |
| SHA256 | 3b3398ca47dce569a1a48ae2f21479c5f522dc924f6677e3263e293110be3207 |
| SHA512 | 4bd9357d5d2f0228afb93e8fa5455c996fd702a1cda23d04cf6c015506fd6b144cea0e313103183373125411d9c1bc9fe1cc0264fb219bad47a57df36cfe6512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f211441c329c4ea80fba8eeb9c3fbbe8 |
| SHA1 | ef9028218b604659469d177bbafec068f766c238 |
| SHA256 | cf1fc178e6bbc4784a16bb7413506b62183382eebec4cbdd6ff45aa54dac8043 |
| SHA512 | 2bdf5a0867a7260293a5ed33548be35ff8a408c436a6f302f522ff6654d717fa6ad903127a0e5dee39e295af76b1999ae61d6d3b517d46856e0507694d79eb19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 890e84b5cb9f03f5d7fcd248b6ea7774 |
| SHA1 | 42828d5d2ed0234f26a9080f62614bab3158e9e8 |
| SHA256 | ab39ebd8e6aeb091e9c193be6b32466fdabb2ab5df3396c350574d28c67fd3c5 |
| SHA512 | 783126099763449deddb9bc52e5ae3543e16fa050d3a798eac382003ba40c65d956162d3f099e3d11bdab6c902a5091604d06ba3d05d390f4f38e6aad4d14400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f84e744247ba308f676eddbbd779e151 |
| SHA1 | f34daa0685d15f80e1aa14fa1b4af84f40ccffe3 |
| SHA256 | 9e9bad70e3c15aa59284a05055077599f47d730d980fb3e8dc6843059654f9f9 |
| SHA512 | 054adbeba910dcd053bd29171ba13e7beccdc594bc5cc887074dbb3432d2ea32e0bdff3afa5c1869c822fa84fcbc512fce9841acec530e6a63fe61ac1e810744 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 774ddaed3cb1b8d31b577bafcf5ce3fd |
| SHA1 | e65cf968d793f10e6a84115b9e3ab6b17fad9500 |
| SHA256 | ff513497ad4380cd94b0b901782f03f72286339f269f66ed255663994b5fa9e1 |
| SHA512 | c34252f5b9b45ea1f3a65b4971d74178998d7e3b6c4a57bacc50bea2de24b2d97d31524b9cfb1823cd0968fdb4a0c3df3a01ad4db784244bfd3d17298e9aa590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99bcadb697f94309d62aec15a3eb9218 |
| SHA1 | b8fec2d280bbc308a24a9bf90688f187ea0fae79 |
| SHA256 | de37e45c938922c77c308bee9bc864b19309d6a5d7c60e26ae7ef0fbd6198b26 |
| SHA512 | 8f404f504daf30d7c0f92fb47567c609f82a5768ec294330e0f4af4ca95f1cdaee7ae1a5c5cb70541a260f07dea31f7fcf5ea651b1c6acd904fe27b017d4d0f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b631332bd0d96e72d184d0f11503a53 |
| SHA1 | 32d11dd5355e4037c18ff54e1d460b0f08263465 |
| SHA256 | ebf78da26dc16ef51b6f0e6248444453cc31bd5347f951bac790184fc09b52c8 |
| SHA512 | 914b4b728756d116904586fc6537716dd76dcd496db4e3dad68e82af14748416200e66e986858d6271cdc633c199e2344137207fa5524d8934ca644dc0003883 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e35bc6d36e3c343a03ba5664a308cfb |
| SHA1 | 3631518788b5bdb6d28b910d430a82d7a7d44c57 |
| SHA256 | 7359810654f275596644618c8f2abe98be56994b9ff9e3a80e29ed3b150ce98e |
| SHA512 | 4954752eec0bfd209fa3d13de3d3bc68cea8d542452e8992ef9f919ae6ef461c8e77998036c0501452efbfaa1318abe25bac430a8b3ef903d8ac21034c022828 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 783430a4c5955f3578deb2595bd952b3 |
| SHA1 | a881d082acb50c2e50a9f137efc195fd42ecf489 |
| SHA256 | 3a294d3a6ce3d2566ef7e29596bf8028b08727031d6932b072c15a778a5a6e1a |
| SHA512 | 85a0f1613d66c5e6314be2a3f96be052ddc278b9baf5f9fb3a0c25e760325762a0e338dc5c7a5983ad7e3c43e69470bbe4bcd17aee7daceb089c05d4499c08b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9432b6b8bdf22d5eeb77b839dbb08c3 |
| SHA1 | 97c04b3885817cb919ad790a9ca6ceed90cbc912 |
| SHA256 | 45692b584c66eff01fb94481899095d49d92e1112ac08ac6ac5aed70f5644d66 |
| SHA512 | bde38a63f89a85fc211d08d8c443500b3fc619f087c04814613e97eefc48ce94adcba52272dbbe7b2016e22f89e174260ed1120e832da83e03341f724ed55a5e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4773218eef4e675a31a1389f5b4cace_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13126778822356440454,6144201143963356796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4408 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | shangbawe.qiniudn.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | shangbawe.qiniudn.com | udp |
| US | 8.8.8.8:53 | shangbawe.qiniudn.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4892_AAHXAEMGXQDNDYEX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64cb2e7a860a8090a3212ec72a158881 |
| SHA1 | d3b33881e3a28fc1bc762efd9e1e89d7d3371988 |
| SHA256 | e1ed99c378c8875d9d07d534098b9588eb4c01c48e209a91e6a19271fffa6f9d |
| SHA512 | a6434e64ed4f4a9f87847e8b53f4d4caad9ad70b6a49a6988509d22f97df925aa3b042f6c24f110e502d38048ab1362ea8a3599a523dc90507bd9fc144787a13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4b6bfea424f1fdd79a47ace042a977c |
| SHA1 | f5b5506a81d851ea83a0926c52144e413575bafc |
| SHA256 | 65e48e392bb5a3fd9fae793e6f97672fb817af834a4289a5ab78960f970f3dda |
| SHA512 | 283a47cb814e5b59329431cc235e013897c2f60f1fea6da0a16d718d8b509d77dd414e9276027f7c5a6af9e2eb0b3b1ec284156d9cf7786f686fb1e048149b73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9bec0228665a8386516d0d19d827935 |
| SHA1 | 699fac1a13a5add4d5cdbc9ab670fc14da1d1c78 |
| SHA256 | 8f8802d265b40c9dbe38cec47252c2123e33eca7c1b1a7b00094d3701d746a1f |
| SHA512 | 58cd4f0585bdf68ee8a18ac69cced6a7a8241f7806fc9c5f04cb7af6baa395f16795d7abad84f0ee6516869bc41920c91e86bac87d2fcd842ec3ebba0225cd22 |