Analysis Overview
SHA256
744a8f6cd1c41d8df77a074dd4688a78d2bbe8c190fcbb71cfe69d892f8bcde6
Threat Level: No (potentially) malicious behavior was detected
The file a48aca02617101068b541d0bda6bdc16_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:03
Reported
2024-06-13 08:06
Platform
win7-20240221-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6EFEE501-295B-11EF-B991-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427682" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099be215841e83945b91604591925570f000000000200000000001066000000010000200000006dfd24e2e7a17060c6ae936d0fd4696b80724a0006e0d4caa5056301cf37eca2000000000e8000000002000020000000179d9f519a76d1d4b950203348ae15638c8b9d73ea784b52214ffd8f1c9198e420000000a69165b37598c38c94a95355d56e3681606a54c96fbcc4e7523999233062c357400000001741f456827810a680e64848b68797c857488de19abb229bd51cf0c7e106078c7835ba9b1d26f54722b62a628a3723651cdc31817b63ae5527878567d46f76c2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d0934368bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099be215841e83945b91604591925570f000000000200000000001066000000010000200000006c1ef49ab1984a86e16d85cb1673ea9b701195aad513434d453f5709b7abcd80000000000e80000000020000200000001a588cc01213739d4a5fcac01ec29c114425b7320f9631e846960a8f1a963c46900000003e5700709a8a84afce698cacc3d7816bcd8814508bd5e1e8896b0ce8f903005611f18417e90b1c247469f4529efe6dc1e3fbf7adaef9ea3090869366167f3623c613a0c9b76dac53ee2ba272368e8b738ed3eaa0df60a11d0cdac3bd924fb453105a99f01f7b5c06106c9406d9f7c4984037fbd51d010801a04c907e6b9f8ef91e559485e3d5839ec9807448081327ec40000000681313d50da844f9e22a753dfbc69ef743147ada7f272844bb0ec7969d3f2ee95e829ba53c641e2a3e48795315f578d8e2f48ff948ec4b8fb5c07dc554b29d1c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2452 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48aca02617101068b541d0bda6bdc16_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab254D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2640.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd8d9648d95111c0f8cc9ba9e370fd87 |
| SHA1 | 4614bfdbe7512adadebda941dba460a20c31433e |
| SHA256 | bb1f00dce529ce848aacbc1b9dc9929fac8d921bee897d7f2cf5b6cb15d73c03 |
| SHA512 | 7b8e5bb02f00933cb06dda0044f9f49748a595ae797e34b090e8c6784acfe5dd6589f863d3bacca4a9a4e03e43cacab7289890b02b93cb35cc088afd134889ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43d03eb01c29d5fd08ad105bcf4097e4 |
| SHA1 | 348b9fca42d00ec31e34e2960c7088578a90d9fe |
| SHA256 | d140b89cd9e413d2931ccbac94e5db672cca5f324ef48803c1aacc35f4416988 |
| SHA512 | 9e37d556bd1ccf58b4b242b67cfc059aa6f4c34f6ec8d341ca611667a3691ace49402ab8d918d1ac0b5da1ce63466c0d846b5fbf470307ebae1f11c97edcfd4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19d4a988c7a8533a7bfae55baca57824 |
| SHA1 | 964734ab1639d78466b4406924ee009e2348281f |
| SHA256 | b46378ccba3224c0c962e9159d6ac32ac6f885ed7fa9138f1ca120fec70745f3 |
| SHA512 | b0746ace6c752e3503a8c36918415ccf7c645d6588a39ae1bd5da0df37e6c0a5c2ea6116937f0337d3e4446e59872c44699d66e834552432bb6153d52db5c22c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ece257f7ea0c0258c9504ffa164727e5 |
| SHA1 | 986ef3ea7503874065f28e3539409471a989a7ab |
| SHA256 | b72ef8df9ecc222c8cb9669072a0317a21fa18078ce98b0086ac1a6398a6287e |
| SHA512 | 8861f7204a41585d70cd9b4874855bf773084ff3f75df6e166f81a79de477ccedd9da310324a044781ec5e80614d0536bc958a99dbdfd5fe33be591309066185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 076779afeeccff719e6f96b6fe689d21 |
| SHA1 | a878b4a912706127e532c7f8b9de38f5549a208c |
| SHA256 | 3e011129cb991275a5408561d354164996d7bd6c810c10de25a4de43c21a1cc5 |
| SHA512 | 487ee0de33e4c894bc1abe743eefc4162b6fd2426d4c2912f978f66eb31079ac12c6c9772a2059c5c92f68699ed3e4b5c7e33b0fb0eea7829abe1f9ce76746c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d231b809321185e49924f6a175c09c26 |
| SHA1 | 79807054d873b7f42a3920f04bce89b6d197eccd |
| SHA256 | 0ee3499cddae703051395fd869fb3f6709f565ca2adff204ba5cb1bba99ac776 |
| SHA512 | 3b728764f42baea36d4d87970318361b21d866a27f1d9c067f5e1163b38f6632daee51a03d6f68d34626d1eb8666c3b412ce19d5df47c40948f70af59ce35581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 199785443fa7e9e034e44fe67a4f0237 |
| SHA1 | 88b2b9bec05e14cd3d694f0f310a87c12b1b19e3 |
| SHA256 | 4d51085bb05756fd14bc0951bbb65757bf1e89b7c99989f977a41e91ec474fbe |
| SHA512 | 5eaa3362d5fc250b0bc79b20f0eac514d9ec3632aa4b07751bed6af1077afa4ecbdb50c7e0f4836b488e1f5fdd61e900b7d0efdf0781ed62c5c3c327ba71fb98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab909d7fe910a9c1529eb70064cf3eb9 |
| SHA1 | 5b2fa6d20d387a8b5e67a2c0ad16f6fd8914f218 |
| SHA256 | 48e951e08f89050e5a8e593b9d6c9a642750219c4e0726e03f55cd2c822a8092 |
| SHA512 | ab755f7b0c3f65c642adace80c004b3760be6aecfad08abca70b7a32229da0254820c5b80e106aa3aa03c1ef36eae36b959d8674d6d2633a7c87ad0bd8808e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6ec88d9db8231b71ce442c3f63b1cde |
| SHA1 | 3bde98dab8299e21d7799f4d6ac8adfe265fa012 |
| SHA256 | 334e15527fb3f7c3251d18e2cf589f8936ecfdeb1dd9192fd1acb884bbee6312 |
| SHA512 | dd4f3b8f328a33d60e3f3c9c1c96b963d1a6c392c19d1686a44dfa3739d0e895d62bce0effd210996cc6679a645e95d4b5c982ea8ecf736af3fc2fa8fa282507 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f20795275ab5b4b3b15d814f7a389e89 |
| SHA1 | 2bc546fe6d87402137af3a831fe6a8ccdd0bee3d |
| SHA256 | 9ecb3969dabe018f68abd5504b4ee227f040e6a0539a8781cd8b59fac827bb16 |
| SHA512 | b4ef81bc48cf969286223950051541b8ceaf9f1b8d4406c97e1b692e19f324bf5ac1edc6e1a91bc674fb659e54180ef9c3f07ae4d711cbc6849e58b3a85a80b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c79d1e255e7c2fad5d48408b2bb6062 |
| SHA1 | 96df3e3c890b21f71e9a40d5efc7697ca2fd64ca |
| SHA256 | e0243b0281d33b940ae216452fc36da2c5af55721df838b98ae2a3c7a2c0af2c |
| SHA512 | a19ebdd66d877a7c6fc253b56e9f4d2c76407e7c70cadadf642b51a6a6f2b565c8852d5a1540ca5da2c60db255eafb59451f7739b1f73285f7ae2a684ce7e8e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f95a1018b127b1998ab4f576373733e |
| SHA1 | f836f99b661357c7a2b447ca55f62323dc27c5bc |
| SHA256 | 493383d071e3867f56c7883b034cf7c998087d32516436dd42ce91abc0c44f3f |
| SHA512 | 3ec557e74b72ad9c930f11dd7369d9342875144273ac9143544adf091cc28896c8466bc9f5da227a5cff75a1f02bc2d730cca4b576fd0b359b2dc9a02d949540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1099d9a0c4dfc9d332840bf551b7f65a |
| SHA1 | ee69986c6211c27b20456ec34010397b1700e353 |
| SHA256 | 203dd94397805e0041616a7adbcf12203136bae5270169b62e21aa689cb86575 |
| SHA512 | c49c326d41ee0e63f7685be1a0d533a6894b27cc28d208b5516c8e0d8307ec5363b3dc4c3133c946b89a022edd932227f22f17b4f8ddc4c62571d3fddb61135f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba3ac3fe4a0e12aca21adb3c3ab31720 |
| SHA1 | 062dc718405a99b16b3a1dd456ca9d9bddd44701 |
| SHA256 | 37d78dc9271023a1caabf18b9a55ca6a3f6938fcc1128498690aa30a65c02491 |
| SHA512 | 50bf1ccbb0fbf3f8b574b8cb8993b12318cf2df35e3030cdd5c7c15f8db897cc4303a13ded06d5177926ff9049d53a8d9b4bffd327c07b2bed3c22d685223d97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64022cf47ae058a81c8dd3c49b6b588d |
| SHA1 | 679cccad4e0e724a1bb790a80af06ae1fdaccf96 |
| SHA256 | 65975916d89132de42901bcc5b953b9421dfb584136e43cca228f0572fb283fe |
| SHA512 | 16f6b54043cdafce9c779da7ccef4603ae34f40667753f9e2f3e54bc6a3634f8480615e4b2804bda49b8fcb4364e3a481100e91c009b0273d02a52e3af796482 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af0f7d124c691ec32f1379e3bb1fcfe8 |
| SHA1 | 69122491779977c15b8a0d76ada429fab7034b54 |
| SHA256 | 84629400797dfed5aa4826ac7c359eb31a78af961ba5d2a7e2aabc2ffbfd7f95 |
| SHA512 | e7a5bfcd37082cec65ef9ebc89d431b2f831e3cecb2ba6b1b21d5ca995b41295f6efa09d6dfae2d4246cee0189027db9a7481fbed49f738b64ce570daf325f79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b34546b9d3f2bd584a04df4a0cd595fb |
| SHA1 | 18ae5eb0f5d87adfd6530fd01b2e9c5db4c846ba |
| SHA256 | f46f9ddeab108d6916a74fa0e032ac0361efc309ec870a70cf731b88ba28e341 |
| SHA512 | 6478b0aac147fc69f35c13ab35110ea10c2aad5127ae81733746bba9ef8baf4be3648be17e662a18f9cd6da9b9aaac0be21114979a2b43d7d9aa095cdb841fba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0999da32420b6196b8368560794c612 |
| SHA1 | 56e7ce02f3d858f431dc9ff56cd6cec2f78ec989 |
| SHA256 | 4b29d7db213ec916d80abc8cbc2539a267d6b6f7ba1d6efdd2f4a1bd59a2c32c |
| SHA512 | f342c271398727706c038da0dc6c06d8ba073e016e8909831512d2d1339de355e246d26602b682df99ccf9447128ca13632436296bf8c61f41d1b3876ef8ff56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ed12d20c4253c386aa84738cdd11e5d |
| SHA1 | cb9112cf17ede0b9164eff3287c24f84be60f462 |
| SHA256 | 41b27ca0398c39fd25452ff5af779caeb0149affc22923a4c1e36c6cca307173 |
| SHA512 | a176ee0d8e425c9777f506c0a4b79a03ce989193bc43c04aadb4ee8e10ee38547fc1c2957e15d3cc636ec7595d850c9dd76257ca309a278eab1cfe39bb90265f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 063c756f117cf3e9114939b4344eeea1 |
| SHA1 | 865bc29b8574fe77e63c0fb1c60b23d3f792b7d3 |
| SHA256 | 9e02c13d13756ff538f86e78d2f663c556bfca0666515ba1a22a837150c937c1 |
| SHA512 | b6d70d6a90ba74ba89c762b150de6e29bc4821e39ba0045bbac8b527d4674fea6d2dd0191211b77647eb2d99b077affc39e0dff1d0099b6775e242ee0e53f02d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb89d26a5e4ce14459a6d18b5b189b55 |
| SHA1 | c6e6a09c8888c9d39819ca962971f634f5785ae8 |
| SHA256 | 2dc506d9317f38920806d5557a29cb397f2ad6838d1e1608859faae50479f5c3 |
| SHA512 | da1189c1bd8a5270e6d9c45170ac59fa50e21fc120df6f75ded3a1b0fc4aa00799d229e199c2b2a6b34bfd8eddb7ce80ad957fad78442b856e0567bad9b02834 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:03
Reported
2024-06-13 08:06
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48aca02617101068b541d0bda6bdc16_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10043443604973950958,15108944352044450093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4812_GPPEXEQRWODLWRWT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b873f6f93df17ac0fbe2adf1928f5ed |
| SHA1 | edc08f5037978b681acc59689b115e5cba252248 |
| SHA256 | 4ea25dd9df853e0b5860cce1d50bdb580101316c3fe5cdb11e06d7c57b8723b2 |
| SHA512 | df495cb680193d3c88bae7b4ebd1dabbc4fcf4e3fcc796a8c21d4fbd2b037676658aa3b9c0746f0340d5e0754aa8f6be604b446ad0e831ff790107537299601a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64ba98cb8cd48ecbf45287cb80eabfe7 |
| SHA1 | 395546a609afa959f0c1a0955f4ffc670ee59462 |
| SHA256 | 2b5c496f267808fc97b9d135f41838fa0d5d8f46f8a10bfd0bddde114df5c01d |
| SHA512 | 062a68953ebaf380d0618df7cf812d0462a01c0c0c03c48945aaed2d1f617dbcc1f679c8b625fa231e3dea02e1c19bcad1714603b4d4c1ef942f90cea50265e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53fcca5a22c2460caf80e21fb9678301 |
| SHA1 | 720992b1adacdd2660a66920690610b848c73ce6 |
| SHA256 | 6bcebf8d828ffd3f2c15876d079879f0c9efd5d52d0ee9a392eafbbfc813fd16 |
| SHA512 | fb844f170cb4f90176dd691b93b5e53db5da6f9032ee47820f57e2462635aa7aa6bd388073734a1dd85e3f48fb8daa798dfeda3174eee6f2bd28aca5c390d914 |