Analysis Overview
SHA256
6f1de93df3abd55daff04c59152140ed6d31b398bf78c72f4552c1bfe80323e3
Threat Level: No (potentially) malicious behavior was detected
The file a48dae5b6386fb176be81bef086c122b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:07
Reported
2024-06-13 08:09
Platform
win7-20240611-en
Max time kernel
137s
Max time network
124s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3B75D91-295B-11EF-8144-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427906" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000077ae990fefb265b1939566f1c529536f12d120b4c39543fd4a192234cec4dcb4000000000e800000000200002000000053085b3d19196f54ef3cdd05c6d5fb0fb031d15e2cae4b2d0ffb66a039e4042a900000000bd9c01fa37c10f1508a94edf2eee0513d8500a4468f44737d74a0da2ad4664d14c24a79bac5a913a95dda4ea7015f1561626d993ed74f1ed5900bb72a00d95d117e2bbf320df8537486bce82b5c4de6777682c9a693c83a256b52c5a9497b7ef1a1a9e5cdf10ab30136c55afb834edeeb6e93a39d7fa36d50db85aad0ed6de963796890c8a23336d01a7db28002a7bc40000000b109b62ed31f10c2b3a4e49e5cef77049ff3f28877224800b20242638aaa166bfd1e3cd1b98ccfe064ddd7f9c08a423a6836d29f1d69a74e2f3ed76f8d1173f7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000555a90761dde87114af8ab835f5d2937474efe041e9397b3a82cd78cf892a76b000000000e80000000020000200000006fea776753dcac66de08c8859c9b0dd4bbb21c934d0eaa7050362b47a7fe21af20000000c1bcb04da99b62aa52da62fb6d78d2e824871590d61736893e69587c68f18a7840000000119ca712035b9fffab28b2e742f99e7300716f374451cae35e64eaee705ceec299c117e485dea96a9471cb796280b08f860b48556c6d909acc5000bca714f0be | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ea910769bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 2100 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2100 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2100 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2100 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48dae5b6386fb176be81bef086c122b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 106.225.241.86:443 | s19.cnzz.com | tcp |
| CN | 106.225.241.86:443 | s19.cnzz.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 117.45.3.100:443 | s19.cnzz.com | tcp |
| CN | 117.45.3.100:443 | s19.cnzz.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 106.225.241.86:443 | s19.cnzz.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 117.45.3.100:443 | s19.cnzz.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab50C1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0291e968c8d2a215ebb292b6afa03ecd |
| SHA1 | dd27924e067c72f2ab6d13b818a9d88faf9808ed |
| SHA256 | fb5375a354913d1f522056240951602658b5a1ff006cb534baa2f395f7b71333 |
| SHA512 | ddd540fefde3aab58807e2233a4d63f3df39eb1a0b0fa1b1eb762985deead3140ae5af06a12dbc465d63651f4b3082536d9729a43885f2d56bed67001af32e1c |
C:\Users\Admin\AppData\Local\Temp\Tar5160.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69301793ac38b4780b1ad688246635c8 |
| SHA1 | 040732b18914166ecb3b43fe87e08de4670ea118 |
| SHA256 | e45c5941a47975852447d132f7321a71e9cac8c302698f8b9ea66505138896bd |
| SHA512 | 1614967a226718003795f44aec94c7fc640e4a09db188786442adedda86204c864412139b4b73c574deb4c18e06dcf5578d75cf43eafef4ee27e8d778dc6e73e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2aa2e47da577ec84fd385f7a5f5aa25 |
| SHA1 | e8f9f6f9dfbece527f3ac10d72f70bf2c27d9912 |
| SHA256 | 3a5ba28c6617ad8a8a3932154bf1711247f25dea6bab777f03a126b71b603830 |
| SHA512 | e05cf3e22432bfaff7c95d9be2e2e236dda64738cd7d8e8d4607f47d9d210e071e26149e4611cdc79154628f53a2e5a9874fb3f8e5b5818137beddf1442b2de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f07628287f955213431b6e436a46c68c |
| SHA1 | 724c56fc68f44d058c5e8129ff76874ddc59ef4f |
| SHA256 | 1a940b2cd028207f078233581ccdda88b0891cd9750f8bd6a72ad0854bc6f84e |
| SHA512 | 155d5516834cf0862efd7efda5c39c1000f71f2d3169fd54a74c60b2eb02f6e836844c8af20f1caea45b670679e5ec4e233009e1c3454ee3a8133fe12f9aa5a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45e5e0ab57620129dea2406d48d444e4 |
| SHA1 | 6e255aa1f988b1de6f16c1f94499350d9bc4f742 |
| SHA256 | 5710dd9cd98e7d296669efa4e2ec350e5a67d6844e65518b8075cdf25e4e2206 |
| SHA512 | 9a5cd55717b3bf557d0f444ea860603bf1e2178f8a65b7448e1b0b1bfe4ebb93019b786b6ddea345ac48ef5b6616527321833da5be631aeb1f7c2482008126df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b88d40c72e3eab26a0c0dbb5911bb71 |
| SHA1 | d73af5546b7c2a51e26ecd7d49711ea58e81e8d9 |
| SHA256 | b31b276e237f816ff5e3db6a2e4733abc34fdbe85511b821d5584b2c859a9f13 |
| SHA512 | beff9f78f51e20df34a30af40f9c2ba70c2c2afeea9034be460e699466e17d3cf1f2612091cded1f4bf45055fe7d8f134702ffb4effe409c8158e8e8b0bba2d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 101b073fb3b9b1788e9419cb8bbbf1a6 |
| SHA1 | 6c4a1ca443c4cc23712caaf2985dd3a62427ee94 |
| SHA256 | d3656e53571783310ac7305545a1bb9b0bcc19dac137a9488324a0bcf2e0dbd5 |
| SHA512 | dfffda11145ecdba45aac7fd79a716d13758a56de3e8fb2cb241dd9c0a162cb8afec71e0ed8dfa3629ac13ce1f749f1a8a7d9d6f03a5921671efd8d5123dc79e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d41610d3074dd7d4ebde91886722c39 |
| SHA1 | a6d36b55588de6e1ffafdd8dc8292bb64b96eff1 |
| SHA256 | 6d1764a781537b69c80c97e030fb321f8f514cb144a33ba5dcabd98a7d65ee2c |
| SHA512 | bada8a6c6558a07037d1cbfed65fe238aeccf656bb3a9a29a52e208a450d36c559d6e7c0e9feebe5e2638e5b107bd11350af7da98672af9af109982cf158724a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed07d617994e9ca084d186f31c544a1e |
| SHA1 | d364dce8f8e9a7d5b6604a01d0d11bcf24708337 |
| SHA256 | 604b79e02f358e70b35f3360dcfd524e01c52726a290d930a3951b370d6fc166 |
| SHA512 | 4468bc788e753cd06ff67601ae8b95a402d689381cedd978350ebefa2b113f098062e4fd93ba9b0bc0a0296d7dcd268fb8439660988ebc8888434b1bd2c654ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b81d7d98ffe95b0da26b298d6c93b11e |
| SHA1 | 59dcf1d36dfd13a1032fb537afc6f101604c6e7e |
| SHA256 | a23ff541b5521d09f77ad64a94bf9c3cacfedb5199c5c103a85db9a67a37a663 |
| SHA512 | 136e58888efcbdf5c761b8a25d9a3a75340fcc13bc74aaee5b52fd105cdcf58066324434681216e994510cb42c6387bf0a97bad3eb8d69c40d7750edf8c44cd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9485c53c05d1859cf126a5e7c2738d7f |
| SHA1 | 439a83d45a63c99ada83aa81fbeef582983f238f |
| SHA256 | ba4e93d09eccd46c3388196e6015de8c0ef860b7730c80298c7b31db352bd01b |
| SHA512 | aad0f6ff67901067c3e307705473654c85d8e994ab5974abde069ec2dd23a3ba4dbccd4c681d9b5a8ab7865acd490ede56a89620127bd57a9446706b0c7bf408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a770d5e4bec00e1d22c3787454961d3d |
| SHA1 | 9c536bede1a53d428cd46eea477fc980f9d8f411 |
| SHA256 | 0cd97627fdfa2eb42631deb196cb1056ccf5bdaf45bb3573e07ea841d06767d9 |
| SHA512 | 4361c87321282ddea61db1c5f8a4ab2955c4e832424530fcbbbaa2be43d68f5c5e26f8d73c08915e2e7f75ee03d5b0b2e6e1cb3748a2e736138ffb2ca37cd833 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dd435072afcac8e5794f1e810f01082 |
| SHA1 | ffcf782d276527a47192e5c127affbd2a9f14788 |
| SHA256 | dff102c7ff850cf83ebeb6cf60e8e673b7e54605ea747cb487174f15c29602eb |
| SHA512 | cdb1e3ef18d5e854c42b474bad0ebe460d1cc3c1a16cea7cd6261fe85acb9a550d108c5161dec66bc15f73dd4ac9eabbdde845283c87a2d1daa1f111a65118e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 710f02712bee7a380d9d78e15273386c |
| SHA1 | 9431875bb20b46f0f83e4f452d52288b5a13fe7f |
| SHA256 | 213e0b41aabc30649f5940d7b4445389435dfc281da68d71a2fff0da855bf138 |
| SHA512 | bfbf7ba4063c78958616d32357ee95ef4ce6898c53a891bc181b7cdcd1bfc9ff89772cade4cb0a6a551d83833620b7aef247ef59a44f9c1505d15a3b55fa92bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93a1a6fcabbe513a5bc3bb795b028573 |
| SHA1 | bbc65012601c0845a4af8a64c8f9816e2de0ce5a |
| SHA256 | c6f21d2c1773fcc25fe3dd4065baa38a5d0b46c458a7c0ba48170409744093be |
| SHA512 | a659ed9fa1ab4d82713b2e234a0d14987662e0a847de23a46814d19fe05e3879a9157d1983b89a6517266271ce3cddf0beec661d6ad885eb15f1d66760e233a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fae8b121a98210b9de26cc80e06e6c8d |
| SHA1 | 746e0b2ea57718938906ed361de3969103b15eac |
| SHA256 | 8117c3b664e73823a1e90e803d00b45694ee5d0c5ee8628e2c964eba77f7469d |
| SHA512 | c3c2029defaa9808bd6f6d3cf9eaa065f48c520418f7789aecacb94847ef45d276ac5e1935636d43a762bdc78d5eb190c03ed07259eb2f0ec858d2b531797637 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc17f292458c2911da0ab2621c517503 |
| SHA1 | 4fa133ab867b3e700abc86b717be9056f2896974 |
| SHA256 | 30ff038eda11fcbc7b599249688803944cb0db7c8d31b65242a2b3ecdc7f2f84 |
| SHA512 | 836ea7c35fcd85e595e0d02e1e41b35517c0298626b354ce2a4a06cb911e988b973a1092fe631710c250e6ec39d82d1c9ecae1884a44297f432052716994bc0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3876234c5e3b60979794a3b65ab5f081 |
| SHA1 | 8f530f8b4119c13347b0c22db4a16e81e6991645 |
| SHA256 | 3c64b76574e556b151fe7fdc125d91297b639d86f1175acc00505a30fbd9cccd |
| SHA512 | a2aac035dac283a702547968e075e5fa2f5df2f3dd3b4e771b41560ac7c12c2e2926166d8cde3901bbb761ef0eb9fbc8847eb03a48d56b88bb224132f37d57fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbb590d7e8f602dc3ef2fd22b9f83ce7 |
| SHA1 | 587b3521947f837f0fe076f84bd58ceb05764fcd |
| SHA256 | e939edbcc38dd399d1e38c68ebf4aadbdcf623c1bbf047104aca976205b2e49e |
| SHA512 | 61dc059aa7957f9bd0746ceb1bcd7cc9c85e6f0e7790e93263f5fbea92115c03fc50af2b9118cc8730da2d661d177a97c57eba136a49164ab15df2afdada7f82 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:07
Reported
2024-06-13 08:09
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48dae5b6386fb176be81bef086c122b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16013881610501898973,11441532887936727797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3212 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_1496_WSJORPJFANOTJGLM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5e1453581522a1028422a15762de6b4 |
| SHA1 | c2303a814826b994087d85ae3248b9c6b75a985f |
| SHA256 | fc5cd1f7aa4dba4abf202ea6a789bac72903427aae1d9094b2f5cacf96ef0714 |
| SHA512 | 82933e265f06f9e7908765b0fa056bb6e51dd048349ab3f56ce8bf3d65f7173b66f434002e143d918a6eb8c45f94c692919bccc3bf626229017fcc83e99e819a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 41abc19ca3e1d23214d766bf795ed710 |
| SHA1 | b3d939248f40134633454152a6435198f7cbc79c |
| SHA256 | c98e784e162c21d5463640dc2d644b177f7d3f49512e4ef65551557bda271d02 |
| SHA512 | 5470a8d2212e2890075ce338e379fd797e225ae1090136430c3c2f103f6424d1d9511bf9930ad8338ae013220d3f4c37c15a1ab1afb04e1f2fcfd9725bc4eb37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |