Analysis Overview
SHA256
ee1b15703d978cac697b63e9acf8c1ecd4fadb27d8f0d17f65487d0ff9ebbb13
Threat Level: No (potentially) malicious behavior was detected
The file a47dc4436e54c497c46dcf3cc1572cae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:47
Reported
2024-06-13 07:50
Platform
win7-20240611-en
Max time kernel
118s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0f70f1666bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000131b38990847582a20cec6198cd92f3170cc1aa0fd36946de343c2b330ecea0b000000000e8000000002000020000000eea24bdc7c2fe56014b8e4593758c4c3ac94a222f754211541bfde9dd09d14a3900000005a0ce4a5ec34a3284f548262c3662c3d0c48f5a658e7e35fdaa2d88084f2d71d528fea880921a76f8206ea98cafea6e8f87a1cf86a7ec73a38d1bcbfc4fb940949437e0a0f2725eb244f36bfceafa5b0d4dc174d51aa710e41a424771d7b8d4f9db1de03cd6abe02f86c5821097bdd9b907109c7dea6403beb0f5ac4814db3a1b436a1b3a831ab2e450c3be40b8b11cb400000005529c3f9a68064c66b3ac784d662c4724f7abc695f30cf1bcf6fa1af47894608ca2e8feec1b9b3802dee931b15fbf7b99483c932da811faf859741bed9ea881f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000045a2b1cfc9e5712f2a0039154dddd73c2680b4e2a239263d980dd43aab0e92bc000000000e8000000002000020000000e1e4e4d505133b2ada171281db02b26e8094d499093ad732c28e13272a72ed66200000002687231ce0f9410772aa7315653d4c901025f40fd8e473b1a7b8323d16a056d2400000006582b028b0c1dace1064c180ea98000af7f32ed24c3a77f96a4e4cc0bc886ef179ec4917fde9a1ce6fdcf1c64afc0ee8f70c2302efb2afb18a97698e525a9b99 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D102881-2959-11EF-B47E-DA79F2D4D836} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426742" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2420 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47dc4436e54c497c46dcf3cc1572cae_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8191.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8281.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99341ca2e7ebbd971d56de2057edbec6 |
| SHA1 | 1dcf2ef3523a3945df17fc0ad1db2d6bd54801a3 |
| SHA256 | e21933f8125fe4e89ed56e3806cba66b58f30743dd7cb86f86335fbe15946904 |
| SHA512 | 736fb8ef6984a457b16a5442d26cc7c47cab545d0ffdb1d05b9b42a720605bc7ebd10d31f6c7b308a84aaae60cae09dc1f68cefd484158bcd2de971d624ee46b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85b0403ca2f9074899cc9d716ce196ec |
| SHA1 | 20377ba84ec1b7d18818c0ace233779c33b49eab |
| SHA256 | bc9bbb92a17c36c048c9386e45cae63d55f3ca7032445998d609f5a11f3e0dec |
| SHA512 | 68e150967d1cd088566de2e344723ce4a1e2d0e27bf72eb34f01ec77b25ff993557c89caa051fc08de5f93d13477abab4a8a0b38ff99d39b45b03cd3425611a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 096771983179c71ef68f485e2f7f248f |
| SHA1 | 2cd93a8fd1933de473f1c2bc955b0b997ef57224 |
| SHA256 | 5e7a16c6a45daa74b9f80a8ad832e717aadc42e449ef1cb2aec20d995c10c0d6 |
| SHA512 | 2a24b8402f426ee45cefa0969a5d5a32609429dba52bc645d2df7632459e960bbc1903aa2b08e658bcd451247b593b4397d72b42d924560b01f2fbd29ad94e08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bc3bc3fff673f150de2e490f9d6ace6 |
| SHA1 | e140a58948218ae1d5a18ed6a64f6f91ce8eab34 |
| SHA256 | 5e23b28e4751a552f3249f976f288d1ceb7657acbc6e8df4a4e2025ea4dc22ba |
| SHA512 | 3e930ba6fb62537a575adbdd5ac8437769b0f56c022146f2c3cef13cc3cd2d074c6838e3719978962a4bd966635bfc0c6544bce55eabf729271fb6bbc13632df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c743ef49017ea40a396683d871c1464c |
| SHA1 | a35d476cd21dd256b904bf682c3e6889d2322cd1 |
| SHA256 | 8867306706f2fc296a7f63b5d76d38c68e980d4ba83334cde2c3d73d3f30ee9d |
| SHA512 | d14520797cc6a825efe48527ed66c0f23117dde49716ec9faccd604fc7146d4121ae4a003296d8baa763490d9099e8cbf334e939302c3189231bddac74571177 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bd5a3cee71212471bdfdb8faecb65c7 |
| SHA1 | 6280d74d5d62ce26e0dc8f3f09414ba3bb03aa11 |
| SHA256 | f00febfe65b92a2c3bd3d39e847771a6cb888f90983fe5e4daad0e050c856dd8 |
| SHA512 | 02d914104382e124b3cdc106de1337b9a02a66526b0749cf094c0a193528dd47a553dc312a4c3431f302dd288897b70da59c757a79b5ebaa5d62aa602e7bd50e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45eac6015eab806a45638fe08b7ebf91 |
| SHA1 | bc68984e13dfd7a7d2c864ccaa4b0f4b3689ba02 |
| SHA256 | 4f215b0404eafd629eb226bbe5cc76537c0e161fb48273f381f809ad98690f7a |
| SHA512 | fb5ff626ed66871d02599e3937aaaf5eafe31877ca650f23a09f5a64c1a29b637654355fd9627f6f2141201e42865f7b0f1b432930c82149c7e892ef99840318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 097d90c9864f4d70d5e160c0b5a06b31 |
| SHA1 | 2408190284c5345af2e6561b0b6c0eded4359d3c |
| SHA256 | 7e1b40f77c64ffe3311c08a8f11b42ab06e88357f8b37919b424d32eb2046692 |
| SHA512 | f80c8862ebacc108181a3460c78985e64dd37ebdf2732047976f07d34459e5f7abe61183a5314ef2efd5aebb27967caeb927da7ed0bf261d6fc3abd0a9824b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a44bff8b9338e70fa95e03d673d1217f |
| SHA1 | c5178137b66d795136957ccf572616578629ba81 |
| SHA256 | d62e8a21789137ec4358fdccc34d2788108254856189de725e09e886dca57236 |
| SHA512 | 53d8a6711e8838796479ca9914c7d50b875178afcb3948fbf792c11739750282203c30d223d18348f89dcb061b8ec76eb666b077e88f637d691a0d56343cc739 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d335db734bd4f35a5c5658031db1c49 |
| SHA1 | 26ac367c7448903aaedf3df399829a3a54dc75ce |
| SHA256 | c750424f343c46a5b0a2703421aa685c3d028b1e2faffed0aa219c35ec89d83c |
| SHA512 | b6ace8280bfbe7045654d3c416c04f580eb1e682bc9fde324dd6b420233a73ba9a6c7d0905b871e914c1217939741ca97eff2a39516451cc284a771d55cd396b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53cd798a05f230872f90d7ad4e5e8097 |
| SHA1 | e5c404df98472648373be93d723b2dd483b6cb71 |
| SHA256 | d37518c55660a483ee6ec97d67f9424af31f9adc1edf40dbf755ed85b1a0db10 |
| SHA512 | b7955af887105d0245279047e0e50393d40be8a0d54f5c841fd24db5dc9a12b1ee3f7ef4d374599ce34e8f4ec1c2f1f797f1b995b86c610da7253a024f4175fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84ea549b4a6645a2b93769e588483e48 |
| SHA1 | b4ed83398df041b9169c1ea07ae0106db88a8dbd |
| SHA256 | b37eb811946ec5960c65f4543aaa11778fc06d1987d4c10337942408f39b87bf |
| SHA512 | 44d76a83a1e670485135736414e2bce3fd9049f102144c20fb597504b1027dd8a2e0e81c96c7960df916ff6ba43a2eeb1bfe24d129a3bd3fff09aa484d9d130e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41c0ccac6a033f27388bcce31ba650bb |
| SHA1 | e25df2be2b50dcd6e2106f13a10be80046dd6b81 |
| SHA256 | ba2186c7d064292af720503c3f3b5fd1320c8154e73fae37204b9b59e369a730 |
| SHA512 | 3728429d9bfd5e3698106e3dc9279ec2966155208dfea920b5cae7befd5a3bf0585041e0b355d7e4b5961c9b2c81336fc93a985a613b4bc72d4897121beac435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df941713a72c52551ff119ac1ce06518 |
| SHA1 | ebee5dedbd125aaf9421c2638ae8ea99f70a61a2 |
| SHA256 | 21d8ec2aea6a5543815d9920780cc7971ea9f52af1860b797d832074056cea9e |
| SHA512 | ac90c1b9bec8ba86765f63abd3694b78a457bc766c8b87915b09160a46a0a7ad26d3ad3ea963e0ab1194660f1c359005ed0a431afb430514ddf6220b8d097359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2de4e4bf841c717217886c32107da1c4 |
| SHA1 | 63e0f018d6868996043602287ed47180ca379edf |
| SHA256 | 07edbc6744c0824ee475575cbfe027e44ec5ff4f87987583b194ec229f456edf |
| SHA512 | ea84d010bd187c20cf9f3dbc479bc6d85060208619458491acf41ffd9dfdcfe8240d1f2d11c7f53f3347e8e16aaad5083eb042f405f52f96c90f2330fe06d438 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f557a6e1d6898804a3df7d0ba036057 |
| SHA1 | 6217d1b74c0e83effead67801096fcb46b7a8635 |
| SHA256 | a68eee0dfd9a1c33ffa9a4c24cbcb9e37d37c82a449fe7b29f6d6a36d1401c7a |
| SHA512 | 1a25d75a484eede7de182e75c8ab2d5ef59bce81dc85e4d2222782ae73de6eef38f821c0692e77ff072b403c40d9bcb92e995af8cf1c2b14478bd5c7a54b0a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2cce92ab3a8d92a6f160ba6cc63dcd0 |
| SHA1 | dccf896ce94d9b01dd59c56f20fec791718b7cfd |
| SHA256 | 24ac7ae7d46067a457b4b03e75c84773de306b0fa3c5e24ab2aa2e2eaf6bf544 |
| SHA512 | db86cd8aa46c422106e6b068a59cd537d035c3104b5adecdf5e4e63cdda8700a2b602e54fa2992fea0844b919503245837301d5d9cddf93154c06c3d45d66521 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e930cb56b50e52f6ff285c52d92b483 |
| SHA1 | 0cc23b4cbed5150222229c52a84c7c039abcb0d3 |
| SHA256 | ad3362e47bac8a807181e4bd9f1b181c0b93ebcefbdd9a99e13c2b5059c6d308 |
| SHA512 | 420dc1618783bec11b34d7cb64f3e4c57e4a190061d2433b4c371c69c7e737ebe47db15140b39ac447b5e2b541df762c1c475216c85ee1812b0dd217bda4ff81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe11e39a15a2bc1a3938f9538949acf0 |
| SHA1 | 0f42620b99d7bc7a7d34845b6dd271da49ea440c |
| SHA256 | 1476a2ff11d7090fe3e06b7eb193779695b64f15f03daec643eb0ef17e8c2f95 |
| SHA512 | c3a13b9cd9221d68b259a32b54e677dbd99fc55d4ed7f8f5623507d36004e98f07e5c2b51a6031bdedd7fb282557647b5d6a4e87c698c799c6e7f67181db29bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 362e6103f2014702c09b923dc287eccc |
| SHA1 | c0938265011330343ad61d0a091eecf957b7c54c |
| SHA256 | 7bd46b95f2bb1e112fce40821eed5ff50b46d38c3e9952f54c75a914c647d06e |
| SHA512 | 25d56c8895a16deee15f60f7046e978addaeea23f10baa912ecdfa508472fcca8f853e37a05ff6442d96ad7c2d899fc5045d126afdd18f8b102671a16769fa7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5e547f0c80b93ed3f67212918cce2fd |
| SHA1 | 0474e404d6d13e253d6ad3eae0b0a69cc8241bb0 |
| SHA256 | 047b4da2904ffa2c27cf7e4de7e612cc7db312b86950e076ac63e710fab98bba |
| SHA512 | 69e1e1a9b1bdb77d07d194b7a35379aabad275200c1d5cffea01768cdb1502786b9517652d42939b13d1ab11aa6c38e8ce5bf9a45ddff2e957fd1b4f63cf038b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:47
Reported
2024-06-13 07:50
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47dc4436e54c497c46dcf3cc1572cae_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc4c46f8,0x7ff9cc4c4708,0x7ff9cc4c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14076062916819166752,13233731463961745639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2084_EIXYRWJAGVCRFCGB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 727a6d33122dfbc2ac6e3780d8e3c0e4 |
| SHA1 | 0cbcb6a27fcf7b66c3a2bea6aa1efc0f2c0f6347 |
| SHA256 | 4db7cc59f09d3ea97e988f9aa09aa97e883be35be920d5617ed9c34237311994 |
| SHA512 | 751a94268dd19abdfd31248a224671e27c80f80d8e9f61fea79db4ba9e200e006e6272720ce7bdd33ea1834995f6726941c532dd4a9bbd0e40809d4e4b040c9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f8b2f07dd3410fd5aaa0493f40ad46f1 |
| SHA1 | ec4362fb5f001c245601104d20b63e5248562114 |
| SHA256 | 7fac3381b2b4cd7db54f86ee9f069f50886c2fbf5bb58e64c0ccefd43fcfd535 |
| SHA512 | 4878b03fdf609e13f81da7ca1f1bd4785865913abd185396e5e55043d9b2ccaa5386519e8379128daf8489d4ddb9602c041c1d53729bdc03e68ed15b12aecf4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81b8d319ab77f1f99722126f4ef599bb |
| SHA1 | ed0e635f3cc442d5839359600bc8c67a0357c235 |
| SHA256 | a2c2d3d61355777b20a7c6deafd1f8fb32c3929fc015aed9d2f944fc54e21c76 |
| SHA512 | f8362c3bd863ced249f8950603c3528d787837f8d3d0265da14880059a1a4b78646bb7a8dd4ce62f5490ec14b8455cf3bb969f8a28345ae70588f94fb7ceb2fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |