Analysis Overview
SHA256
7f13ff5eabb453b85dc33b123636d5744e0563af79d3a2577eb7a4dc47b76556
Threat Level: No (potentially) malicious behavior was detected
The file a48bc4159ff1babaae820451a3bc39ec_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:04
Reported
2024-06-13 08:07
Platform
win7-20240611-en
Max time kernel
135s
Max time network
121s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002ea3afc873ec8f85bb842fde68c143075682536a87ed8120f6662d2fe2caf42c000000000e8000000002000020000000310727f155928944d2fe4eecbf72e703adbdc493a777f7a090e309774100dfc490000000e62a69f6f3117c6be4a5eadba784ddb67e09aedf8cbc2558d805e81468f1780cb1e2e1a4af4982919640c259ba15847ffeaa233b2b55f33f3b4027d0d7bab9833e1148f6be6505cbc7804933a144c1b7ca32d562325a141c9a2b96af2d18cb7f740b866ce76be966f871f02521ad85b642c71c1a589062cfcb52d704a0e416abfbce0f03ba1c8ef2d6f07e187b42bfe9400000007abbc449f9f6dc6b9b2f0f64a54d879b1e11ba625226b67458f60ca5c0e292948e80b29e18a7d43ac5b19fbdacc361f70f6b563b3d4b4dad12c4214d9deddfa5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B200381-295B-11EF-B6C6-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427757" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02542ae68bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000186a8ae9e98228ee2366b1c2e563ef185009e9b02264167955a4c71dca57e119000000000e8000000002000020000000d1e9127f5291a4ee666c036ccb1279ed8027f3dd532cf2d6b2e3e634c9bd1fad20000000982dd5b43c3312840e47992bf0ed64b1b9e3b437f14f2cf4f07f0aa9c850bb0040000000072053187cffcd28d2598612392e124865e0065a58f0fc5c0f323efa3d79f51b476a30b9518831293a8ed251be560ffb104934c0a5ace957ab71e9882730333e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2148 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2148 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2148 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2148 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48bc4159ff1babaae820451a3bc39ec_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 117.45.3.100:443 | s19.cnzz.com | tcp |
| CN | 117.45.3.100:443 | s19.cnzz.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 117.45.3.100:443 | s19.cnzz.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC50.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD01.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32e0d2e979c9c4af403ab9c9a4b33052 |
| SHA1 | d7812d0f724fc7ba3431c3fa60c7076b84d0fd82 |
| SHA256 | 7c56ae2b84954ac9a743c2167a2524ccb0fa6f3f9e7ba4a9f565857f803abd8d |
| SHA512 | e741d85aea2c215e606720ef2631a3b2531ed0ac1921610cba3cbb8c5719060b721aebfd73d546970b067ba4caf01c62dcc2117c0c866ccb2eeefeca3a92cf8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b77b5fabbad2fe24126587f65539ea89 |
| SHA1 | a2e3c42a7c6a787535873d97a239d5381ed62b78 |
| SHA256 | 1287547d486da37293796005ee9fd79e87fec7b42ae0acd39c4640b2e44ef215 |
| SHA512 | d09a654159ff4ec3f6666dbc9f09befe0a73ea38a60b8440bd08e1bfc3724b7b2dac4daafac053fc9c1ed8cba9cf581871a8c76fd9448c63aa2c17d8e30d774e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45059e8316a8aa5681010cd05e29448f |
| SHA1 | 74f74d6c4cbe09c5f8a50ebce41716c310d0c03b |
| SHA256 | 646770b85f0ded5800d09b66c27781d6169336d841436bfd5de95f5ab99157e3 |
| SHA512 | 5fc7ac5fde5b5f3457f0a0c2ba5f5d6275ff429e67cbbbb3b524a1f00b3ff0b42f8de149a1d48a9675d55c76b670764419058246e6344002c8e2908ecde25ce0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4341a9bbe705f6cf4f5adc10ca4bdb08 |
| SHA1 | 002299a93ba8184ad7b55a195be9b60238bb1a2a |
| SHA256 | 163e92e25c8c9c932bc5ac68f401d5cc0ebdd823818f4d498e67d99a50950615 |
| SHA512 | 72cff6178318f0ca235383c94cae87cba7fe86b81774a4ac6cd3b6a872508be65f61bcf0ce305ef21005c0eb749d9a9e0e222f81dfe07c6cff832eceb8487e6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434f570ec2a59b0b927e0ee2cc426559 |
| SHA1 | 086fa477e4093b3ba1f622009db6514baffb9329 |
| SHA256 | 531c36d6e9008a9d54daff8a7145632f90375c11a81d2d32d9ecc77e1fe7f5ad |
| SHA512 | f4f05c42408068ae4b9961fdc161f5ed8ee6f936980eb21fa3016594c33e61702c1b0f0357d530ec9cea0ae737644ce6d32722797eeb244d914e8a8aa3870948 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e13e6c93206f68e2624aa91288d447b |
| SHA1 | 7c5371238b61e219a163468b8cf7ce78ab447390 |
| SHA256 | e8b802b84b163e0f744f551c8404444d86c0682e828c7219daa5406d335d317d |
| SHA512 | c80cc3bbe194422398c85eb63c5901319e05626cb705fb4a4c6756b85104c4ae6937a4927fb99b4f6072ed2283d197f274de4fdd8061b2a50757067a9aa844f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3cf2c353f9f9f7c71259ecf713d383 |
| SHA1 | 3b3f819809d2e7020e935c5e334008269d2044b2 |
| SHA256 | 862d39722ab0dec436f7650f2b1ccbd2ef00596a85615dbb048ce7c59516c195 |
| SHA512 | 73825f97976a8920dc078e7dd0ebb161979979b0f011ed745b11477f03bf95cfa9e3c7f276485cb37872c211afe1ab3088a50d208f336dd23040e631d649d8e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 299311b3686222360f0b078d88f55483 |
| SHA1 | 588343dd48c0840bcd3bab1f38c009e00ef42468 |
| SHA256 | 26cbb06ac237287e6de3bd59a155c72d6d94da2add052ab1b03ac27a0d7d3c30 |
| SHA512 | dccd65ca27691f303932f41caf2f6c4b32330d91039dc809344a35ee7c7c9ad8bdb09a0d276b0abd9a80ba3537f49905babed3d2a8d2577f7e67a0293acaf857 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5519c6f950ee84f2900b15393d6ddb3 |
| SHA1 | c67ee40c44ac0d3e43d9654e4bc3a87e5e2347df |
| SHA256 | 7e9de943359a5d195688af4d043e672779a9efc0132b2aa2b4c4fe8384ade798 |
| SHA512 | 710a2ac835d555af2b2a1af6cb8bdb6e534089007724b631634f8ca13ac197d4a539d0df616d47a1920c3c031b6ff97229ce1dbb8830e87ab2dc4edc21b7f590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 490dd87c9fa7e473f502007689b7c838 |
| SHA1 | 050a2a59b7edf59c3dd1afe79e05269d6a398711 |
| SHA256 | 4e269f3964680571dd366a91bd030dfbb676625eca30ed99926f3c41c3a158ef |
| SHA512 | 410af8659ffd572b60e77375a7d3735f9cfade7cb6bab02b9498698032a70f9634ceb996cdc569f43f5849c5d496c69b09805dfbc75b213ba096d75ccc049751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d053a2799fac05d20c147c344c31da |
| SHA1 | 4f92c8c5f94934e82d9d663495c1dd738b582e61 |
| SHA256 | a67d484ca839bab35fa8b53cb961f698918cff268b3069934ce6d65409fafe68 |
| SHA512 | efc8271e278285bc3bb124f5f21effbe0724fc48ad4cad93a94b586362bd29835183b53c19d1c82249d65a8ad71fc804cff75beec2706cb2df4dc4335f035076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56646bebb1942373ec0febb0090390ee |
| SHA1 | 4fe96593a941e065e122309713d1dbb0729cf303 |
| SHA256 | 89015905453406f69c66cd6b66c7e8b2ad18cf684570fd56d7a27eeac2ab1eab |
| SHA512 | 2d329514c8076f7d0cd3f47a62d13e6114dfc14d5467a748420dda0ff566996be74914d736fe300de4003d1c558c42888abec9d2be41764330c71c7825e33b22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5b2b064d2ab34b0495007b502fde7d6 |
| SHA1 | d6f77caf776478d0b5dd4e6903c44b3c35f3738e |
| SHA256 | 2101bc2a657bb8f37ebca16c906a25759a65a9cf700a0ab299ecce12ef3a60d2 |
| SHA512 | f315fb751bb4d9cffd72dfbb15b3391ebc8b5c187b19ccc561cd63d8d87fccce5e649c3c3d1c1e0141d02ff90e549513263276d05d29d0fa1185a9c4bc90caf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f184a90d010faddaeb273f5db6b542b9 |
| SHA1 | f20593ad595a9058df7bbaad08edfccdc9673302 |
| SHA256 | 86fa977f8994703749e7be4e7c28ba795d00ffed8c4781527085280cfb0b54bd |
| SHA512 | b096881a9cd79627c5f6cbfac56cf2a1463d8ad04ac991d4be093e8077513625428f258c4f9d9b6f18ab5bc85db5a7bb58adecccb3e2b2bb0bea17a892b4f8e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0808119739df9284e45b55fcabd0302 |
| SHA1 | 283dae21b1d771f986afd21d98d362f1e3926a57 |
| SHA256 | e91819fb3fa55fbdb0d704b138bade03aaa3c829b8e4e823f99932499065686b |
| SHA512 | d89a813cb9bfc1fff0b1a62377df246e9ed2c754cd3513e096dc4deac0a7d585f0197ee578e6b206ff1ead345bc2b2cafcbced33afbaa7517ee941f1083cbc07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2790e5ec7abc31c3e18baadd45d08747 |
| SHA1 | 0eb4f8f5a744909d80de90e57600233800570f37 |
| SHA256 | 3860da0763c4ead533cd0a29b59c303aa44e5dea2f9f92d0a43b665edb4935b6 |
| SHA512 | 254edb760db093c5a5c7967f3a5623b42809bc353e2496ed198f70b9a953db6ed98d7b87bf63e8bbe7d594f13fdee705761feb83f1acb7a0d2cb7958abb2e6a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 423eb953e7d8818bc83b5a966865c343 |
| SHA1 | 3379358c7d73c79204a6f061fb2283af1259c2a4 |
| SHA256 | d14994966441b49d2342d376087045a6660ea1a5e0021ac316dac4c083a32f77 |
| SHA512 | e007f062e1136efc30c579a52a6cf5817293176b4b152904b710839903af62130d39c36435f35dbdf3ab8226552396f362fa39d8df262b919c01489313525676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1434a22569b148d1d5b385f28bc98203 |
| SHA1 | 12afeb3b26389aaa9b0dd671ef6681398c627e92 |
| SHA256 | 99d95a5751cc2372b997c9447c09beb1e782627699e94c114c18816758c9bdaa |
| SHA512 | a0360ec24b4d6360f50a56e5b4d1a22b66287996a7c04c3a9629c5603f14dc5b7d9b71f2c4e7bb02876343a27d0658837979e95c9e08192d06f943153469d264 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f9020049414725f3891fb41dca4f5d |
| SHA1 | d1d7a6bb8c7f09ac116c2fd6218a7a721249a767 |
| SHA256 | d3e1ea773d46c0044bef725411682359507d4e1dc9dd39c5913db81ae837cc00 |
| SHA512 | b86071e806102cb3d622af082c55e1a8a3ec3321bb4a2f66ca31ab7506d828a3050fb2442cd07c87c0089d322e2541de807b0eb565169a184652ed9f7a7cb34e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b1c616e51c904e4ccbbbf7b152a837d |
| SHA1 | db0e509bfdb03039148c4742204cc414a86a8e50 |
| SHA256 | 2c82831e896bab28d2df761a575cf1b86aa248707fdf30086916d4cc342ccd24 |
| SHA512 | 029f9191cfa108d3c7b1a9a56184daf53ef3788f99bd2eea9746320a0f8c24b5b7bb7d1cc6c07bfbb746bb8d91c3506055d0885b2119000e37faeb4c7681b3b2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:04
Reported
2024-06-13 08:07
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48bc4159ff1babaae820451a3bc39ec_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe986b46f8,0x7ffe986b4708,0x7ffe986b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10249852429221628794,2518852879590817707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4672 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
\??\pipe\LOCAL\crashpad_2392_XGGMNIQITRTHDGST
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f87f6c47344c2388e43fa68d941decb |
| SHA1 | 1a96b02b5d40e58c35985449c69338086abdbfa2 |
| SHA256 | 3dbe721050da7a5b3befe1766af1b76367cb616efe7236bf1fdfcc135ca70563 |
| SHA512 | 0bded33685e31038e53ee312dc520aa27ae635ff76d804e9678956bab0abc4ac013df7d12689360304c483eb1e39505170b30887c690e4218f6913d284eac3b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 590b83c12a51ee5dfb2eb4ffff3ec887 |
| SHA1 | dd22c797c240660f2bb0a9852704a3b33a73aefb |
| SHA256 | b60c501838511b885aa5b75bbc682c42b0e68b1dbc0f2aaa08742bf4c39daf87 |
| SHA512 | 5dc3b1e5def1ca0e53c5521c8f8356de420c1f8dfd2db1a62b2436797978f2adc618c70a8cc8fc2e560aae516bd8e9dc3288b4805b3e0391f85320b5c648e4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c4285182e7fc809e063b79ccc0e3ed3 |
| SHA1 | 9847c0abe86776ebd3d0751ad55084b411df68ed |
| SHA256 | b01b6210b0e3949ca509d1d0b46e90e8cec804eeb169bbc928e809b5fa68a896 |
| SHA512 | fe4f8aabd170b8c3d57cc8d5a24bd940c98cb8c05d16202819eeb6a75dfcd42b09c0a86819489028b12d3e0dcdc04e0f7c09e7eb8e23a5ec595c1565bee506b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fca1f441acd62fc8f790fea10143245b |
| SHA1 | c4d2e41d6b76a485347ecd57f236b0e99d040462 |
| SHA256 | c11b740ba3cdeb0061a113f46d26f163a2b1247486281ab8748e61b20812f040 |
| SHA512 | 4c5ff828588ebea5b69dc5ba4b6d267fe9a03ae71ddef58af2fafe80e5a82982d7b9e6e862e9dea2e083c02db374e5bed8175c7a70ae17afe670d77fadb245f9 |