Analysis Overview
SHA256
6573b41928a2618da24346594a9d3f94e75830a120493f7ae54f8ba5029665d8
Threat Level: No (potentially) malicious behavior was detected
The file a48ce2ab7786f7549812cd3396b10db4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:06
Reported
2024-06-13 08:08
Platform
win7-20240221-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427834" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009937ead2a2e27e42aecc87b01b21cfa200000000020000000000106600000001000020000000250d772932521a291815280b55b6538acee4f2803989393c393fe9cb8e4cb373000000000e80000000020000200000004efca487ec934c204381f38fb41e62f5f45372ac19108eb900e14aaea53a0cc890000000d1c0c4a2382d80284d6edcf4daeb0d731bd30e23de8705c7b4b47ea794917f3e201f607ef304252feeed5038b3462d001d0801f4f4c615b64d5b6e91543b8606404759bd894614c716dabb2a497fb2f4c416a06d3ea8187ced0fc025ff76b3e2455983aef3b3670c9d1cd9f72868b12067aef4e8eed80c3a752696a9d190d9dcd689ac4a54004d2d53f4b7c7110ea98740000000ca10c008e2a69f303b1b43b02e8af2adacd370cf7b10412d42b326d0a04581251e49143b1245e3ae97261118555c6be9b743e5c5846b69e5cefd621cf991454d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d8ac9d68bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C90791F1-295B-11EF-93E2-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009937ead2a2e27e42aecc87b01b21cfa2000000000200000000001066000000010000200000002079a04d0de3555e1c9985df77b51f03e31865c9c30dfcd295be0fb53ff570de000000000e800000000200002000000021584e41d4999d8fd7a246773f47baca9f3f6dc3f6bb393dc20d55543eb3041720000000b2faac8de36bf970d6a5f1288aee6287cf2df2db78e8a144a1e15d2c2b9799a240000000231e6275e89d36370d1a528ca4f6b87be77537eccae57ffce6d31dd2e751ff344bb149ee86f8f78d17d1db2b3fdfdda21adcce8924ebe70e0dc9eaea0ecfc4e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48ce2ab7786f7549812cd3396b10db4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.studioretazzi.com | udp |
| NL | 40.113.121.14:80 | www.studioretazzi.com | tcp |
| NL | 40.113.121.14:80 | www.studioretazzi.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4896.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4998.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cdcba9f3b368139ce4f852a059aa56e |
| SHA1 | 2e10cb0f35a52ced6126f5e00c79fecddba4a265 |
| SHA256 | 91e52dc8f1a0a17bbefdd8d9e5438679c6e209c46bdffdad1620fd74431e0007 |
| SHA512 | 9a45e6ac5a3b9b408dbd1951c62dd47dbce92157ae2bf740ae0be6c2061adf1f777f508fb249f9b07bcab76851e7db240ef76dd45460ecccb7a85f0e0436d157 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9245ce472f36b5543376f473b76660eb |
| SHA1 | 7671c57568a3eaead0c525bcefc53f09a40c27f6 |
| SHA256 | c73f383205eb31ce1c1bd3e29e96a4b566d18b2a9db1abf92869a6e984bc2f84 |
| SHA512 | c7a8dc5770448a05dd214d442424d36d65101afb4168f71ffa37c186f5bcd7666ed0d646ad3a87f2c407debbe11806f1771cfb1c0c2436451c1fd6a84527f5c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc28dd762b0703c88174383dd97c3eb0 |
| SHA1 | ca328215efb0147687c890131746acf29a9ca062 |
| SHA256 | 143bd9c32cc0c7b73139990a38379d0561240ad92eb4127cb03ba8bc0a2fe94f |
| SHA512 | 684bf1837ea18249f5430da099ba2929468a218993cd734d25e72ef8c164056e6b1305ddfb00cae63376efe4ec3b3bf88baa1cfbdbca49371f67ffa3e8d7277b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfe4e71a4d96b60b253df11fe6d02054 |
| SHA1 | 8cb6914a9f83d8918fe84ce10ac4eed078a76762 |
| SHA256 | f86cd5fc34234701c01691fb44159bc9654277a0d4897b2dd5a0da5e2636c1e8 |
| SHA512 | 56f74e60ba0cc982b3b17de71572bd1235717467a0f7dc3ec334686103dd4f727a7a8b38ec3a2b6365849d4b9789fee96b12acc76fa498e133fa305f7488b83a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd992aa594775eb211563a71bcf4a41a |
| SHA1 | 1b3c546b166c2691980d0f1d7ccbdd8c784674f7 |
| SHA256 | be693298133ba4e89aab6f06c3a13eaf1c37a07af5031b851a530c92cf8d752c |
| SHA512 | 6db6614650a4a3b02c8f36e1b994ed7e8fca4677daa5d87af870d1040aa24e42de79494a14bb3bb0fa4355ddc891e3482fc2753391967710f6fc3b1bff595cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbb1db30876ba21e37eee41f7adb66c0 |
| SHA1 | 4bd9a2e44b2b3bfe36491715ad4ec0dd76682f5e |
| SHA256 | c6e6d920dbf2c3b02bc14e8a97b849232737777502198d565e69f13812d0c9d7 |
| SHA512 | 5bb3f077516ed2703293d1f942ea3753e89f06bf29eea5ef234b9e98ceb6bc550ff8b2239ad584a089766d0f94ba545bbf17c88a6f58162e2723c5dce588a360 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6c1bceb57d72155102cfc68259da458 |
| SHA1 | ae03fcac9ea5da13541df2173d2c449da0c767f1 |
| SHA256 | 8a802fdcc6047db3ca56d269d80aae2ab3df20cefac24d9f479a2f2f98063f1b |
| SHA512 | 8c3c7765318538c1b81c2ba10e4d2424fa8aa6b166d06204e641253107fb65d2f82dbd742173c7b7b1e15d72ad0a565bd9e9c4faced77e0d41a6c2cc607e5f60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d83c107d4691c67bcde56722506d0d3 |
| SHA1 | ceccfb1fadea3966ae6903d7bcb119ccd4564021 |
| SHA256 | 0a384153f9f5a0cec894776ff1bdf028eb613ab1bcdc937e8af5c711baddb279 |
| SHA512 | 1b9f858e639f29522070660ce53581b53a383d28e9c5545a67c2ffd3eef58bbfff421d78bf3dc843747f120b3582ead7a339245ee516dcb2df54fd744caa6520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 900f33cd76f3dfc12e2e2949b5610380 |
| SHA1 | 3f9f54b92f174542dfadb6e039aaad15410be830 |
| SHA256 | 8239a50aa4ceb68591e923a9058f90b3cc4ce52d326e64ec9269b576e2c6e73c |
| SHA512 | 147efb88a7f63c0aa6e58edaac423486104b35fb8199af76c8c4f298a99923e43455258b7a73fcb950b339ab2fa2b0c5ab515686674dde9e9756ad79bb45e31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00814ad980f713ffbcab58423b510fa2 |
| SHA1 | 525f8903ff77cdc37997f92572db9a361199080c |
| SHA256 | 5cbc1e0b15f0b24af6f7c1571552b5e0b63f9405a5b74453442dac968fdd45bc |
| SHA512 | 07ac4025f85cf8405927904344588e57885e236e5784f40ec62fc07d45312f614217d04d0728045f53a70e28a76d1a1b30f36b93e7f3e4807dc6a4e6a1fc5367 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1089cdceb950b73bf681cfc122923cd4 |
| SHA1 | 0faf68135cc9c55d6dd8903cb519b5493ae943a7 |
| SHA256 | 6f3bb9ff5a330451ad68812b0e2cd67263d6ead22dcb9e166ee2e6143a874b80 |
| SHA512 | ed3144874600c7faac6388cbe0c27ffcf13d76f8568ac022cc7ff8722dfd44231b090c7399d23d3925a361bbeb07a9e5b5627d0cf920e962f024750425b74fc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 727e7524f4e89ba0c8b88239bef4b162 |
| SHA1 | 85d75575bbe7fab5fc307ece7ea02a16b7812063 |
| SHA256 | 592829c48cc78a45ecc61dcd7234f303d1daef446edff4c84c41b50b960d78f0 |
| SHA512 | 774c700cb515760f9902188aabd9ee85f52857e498698e35315a6374fcbbd256b4109319d1fa75003da1689bdf7a95604f80bd5aca7a0488ad7c6bb37f98f99a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67c1dd397c816ef52a6b5a3fdeb39e4a |
| SHA1 | 75ef75b10e46d254e00f2571ce23c8bc42b57ed0 |
| SHA256 | c0cd9c9a8cf7701c5e34dcc289471daae2ee458524a579a0f8ab040de6407d3d |
| SHA512 | 63a18185dc1f8b6d5320f5bca83a3214d16f17d1a4c2c58bdc7a302e3d4ab11d90f357c59971c9ae8b4bf8ff2ee7a514b2c4e1500e7824ae149f2b1e011d07f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7fef660df20882817820758538f332c |
| SHA1 | 1cf5fc1419af165eb51d7bda18c89b175b388918 |
| SHA256 | 0d81e44e9e628aab3e356e23fc54fa08ab90036ac44f3de0cd03f6c1f4fc0b4c |
| SHA512 | eb74aa07bc4767d2e5d85045e02fffc297763fc11d1804cb46c59ab1cefb5c838ba8bfa38f31e0f905d62ab3410d6d2d9a6871b7d48c6acc9b74334403f6a330 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17189b004b439658e8b226e35f1852e6 |
| SHA1 | 1bc5fad40bd738c235e7d450c7d195fccf35756f |
| SHA256 | d712ab39fa84ca87e2562e85e50e71e49fb5f71f886aaeaca6330907cbec531e |
| SHA512 | 168aff927e44a482a086e17ba0226fa020f7f4eb9f6e7c78e3769e1ebd9a0e6ef802114ae3f7ba04dfb8c8042f9ceffef6d3511ac748a717953dcf6a1b25cf15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d969e1bc3671557a97d10ef9111f2255 |
| SHA1 | 1befd55506d84caf0da00d6fcd1bb392d7b5fe63 |
| SHA256 | 1d71abb095f14cea8c565ed8fff44f51221c464ba75ffbfd2ed3f7ad4211e451 |
| SHA512 | cebc5659754d724a787ded2b0080804e4b0c979f306c4ec6b2f699c1411353600adf33bb0869adafe68c2583ad7a597a01c6cf660819b7b1179624c966adaa55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ea0db7a7810d8cb359c7247f88711d |
| SHA1 | 1977e41069bf4d4f700b9305a24c06a97e70a1d0 |
| SHA256 | 940424d9b8f0bb7923f0a71a7328272014bad05ff34977366b22a38cf0313dff |
| SHA512 | d566abf126bbdb25b6c07d48e440d854cddab75cc899ce8cbd9dba37eef473cc6b3ea137e8f82fae8ae71b927620aeb0cc5ecf058c3d7a25f508ea0d8bae3b6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfdbbfd8396293746bfa03a08ea6e310 |
| SHA1 | fff5e05a6082ecc313a9eacdb66128f3237a92fa |
| SHA256 | b30307b64c8a4c50f980fdf699bd2ffb2db1ea0efb1f591b838720e23f10bb7f |
| SHA512 | 28e6e2ae4404248db68193668be7a45a28e0dbd91291d55c2b3b60cd0ae825f722d90565554e08880b851ed6ea7c98dd928bc0f878409c131c93b110d243897c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aada96bda5152e3ae746d33a8b6cb7c8 |
| SHA1 | 798a4c29de8a39cb62d27f166be0c1393e211151 |
| SHA256 | e70a03c8670b6018846912c59ff6472d271b616f82cc77de6554d280ce19bced |
| SHA512 | 1bc06f7d3985e9808d0dd1c28fe17d8ead9acbded60f925306e5f321192698bc00a3995d815ff611385dc2e29e2859cb441792077405c0e53da64888b8f348e7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:06
Reported
2024-06-13 08:08
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48ce2ab7786f7549812cd3396b10db4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba87a46f8,0x7ffba87a4708,0x7ffba87a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2625930788185398393,9046393509797159360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3196_JNXSYYVWKTWFHZWC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1f8e5d858c3ff0dd3c38c8369634747 |
| SHA1 | 576c5da75841814b3607b05eac33dda2a66572e5 |
| SHA256 | eb969f59070b6238629a3ca0c9592e8c2e5325fcd21f7baaf78b601903d001ea |
| SHA512 | 4838beac3276b8c73d6b5eb710ff75df51a792330c2fc15766ff0bb0283fcfb54c06312b1ab8fbad7bcfee25348c47050ffed04cd8c3bc79a0ec75326203e94b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8bf98f9c47c77d089290a568c2f6e9f |
| SHA1 | 2a6f0d84282cea11a23ae55311e7119ffb4d86cc |
| SHA256 | e6cc584416d4abd634447e4e8c43589fa81f4881be9a6cf5838a7b841ec22131 |
| SHA512 | fccb3c61f05c2e2175cec74bbc7a39bef54da088fd86eb32871d197732ad9ef5a08bcd031577237306cf929032d33eafaba774fb5fcaf291373ab7b8207369db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 812c897417c17a1d13f532b2cab2af7e |
| SHA1 | 98319b4f5d3a5fb6983258d64dbf484cd7930284 |
| SHA256 | ca49ebbad1b4e03884237ecec23d1f570a8747b232043419a2c5eafc5454e512 |
| SHA512 | 75bd559aa0dc8eaf375620557dbb5052b0ab335ec8e83440e0cfc6045025cde2f5005cd2d9bb50dcabd2d6ac821c2eb3fe29f1a33ad266284f75d32b2b5849b1 |