Analysis Overview
SHA256
6b0c21ec9edb714671bc2c9e00bd101d2794aa004646546fda31a0480297bb2b
Threat Level: No (potentially) malicious behavior was detected
The file a49d564cd2e36c7ca1c887f813702335_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:27
Platform
win7-20240611-en
Max time kernel
138s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000019f419261bd4e27098c20d9f39ff226a5fe64d2c02b781ff962ea6b53719064a000000000e8000000002000020000000edc5b3fc9738172a4c79f7b23f6fee86dd1476b200d938c040980d8e22063cad200000002032f8f3b2e8ac9f66e690757680dbdfda7a9c28080e08ef7fabb023cf81a77740000000f15f00b4bb34dc39ed16d0e8533a13777630349794ccc4d8a623037a2da51637ccacb0de787f7b7ef8a6253c1a43c3785b6952bbdb1e83718d7a95410c358805 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5A5AD6B1-295E-11EF-968C-FEBBC6272832} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ec176f6bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428939" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ee12ae7525d50f1cb8b92686566ffba4e896b952da941a79825536588f3e96da000000000e80000000020000200000009944ce5aa58834d437da24e10a65dbdadf4804ac35612be5a704d1fae43eb9a390000000d08bf5dda43ec0fd4aec730197aefe2652a8029dd61fecb49ec4cca5eb2811d90ccb0e0ad729e647d591157ea0f6688202037f74e88703d7439804c5177f54212b6a7b0c8c52182defdeaa00a3777907d2529e390d690e238a0f157d123389313d32c6d997b28c4796f22412c1047df98936c4b5db49b4a4151815f6e0c079dcfe62d787963a98da8c6d7b815856267c40000000c1bba0b5ed5cae891da3b2282e6ed583b403ec7c4f0b716fbdc0cd7324d664816cc8592819a828ab8ea200619459895c26e52f1c58e68abea25a8ae27156736d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49d564cd2e36c7ca1c887f813702335_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lead.soperson.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| GB | 79.133.176.223:80 | lead.soperson.com | tcp |
| GB | 79.133.176.223:80 | lead.soperson.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab63A5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6444.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c2e49c9cbd20e2f8d085e6a6ea80a4a |
| SHA1 | dfab61df9c69948f91b947a28ed38a11c80e88e0 |
| SHA256 | 7a813537b576cecaf0234ca2ee0d66e6402de06b26ae1434abb40c344850f552 |
| SHA512 | 89996f6ef870396b16f673e3df7859233b0c7fa9a32f717bb682688b3caa7157ceac6eb8428e58c7ab5c8ab7e4158f85bfa1bdcf348ff70abdd5378a2b367301 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 062f91d6e368762c9e481fb10bc14828 |
| SHA1 | 2aab0a9871dfa6f7627cfa359528c212839a2a2b |
| SHA256 | 3346e58c515732c77c8296cbc0047c066dde5228f8f4e53b9d12d175613b7c73 |
| SHA512 | 3be443a68dfb8105386f11ffd9588f767428773f171b4e56346a14719797073c8dd919e05679b31f6cb4960ee4a660cbb65df859d608adc665727888e76cfc0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a11541a91c35a35515aa3e06c77d1924 |
| SHA1 | 92a39e9c17e3953b88bae2a2e07156e2ad0c21c8 |
| SHA256 | 8ac8d6e2fd457a14def4b566d4b0786ba6eaf5df75afbef9bfc24914c89d855d |
| SHA512 | 15318a6e534b6873480dffb16d7a4a42e7f02e1acf653abd3fc7fd76e698c4fd8c3de062b70883197a443cc2bc6a3de474fd1d2dfa263b46013318f055b636d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd6be79bdff31ede983c26aa6b6b96a4 |
| SHA1 | 951b4c1b8c7c17fc259dd42c25fb781df9a2e80d |
| SHA256 | baeaf1170208e25814e2bb83ed22710393faec62b7dda9da9a1aa59415954e54 |
| SHA512 | 7be67c44acaef22d69315fecddc054633dcfc50cfbb28a33521ff64e5bc21fee1c471498ec5437e094fc50e2a91b209d485fc94fe748544f2b25eb73d67ae047 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5fb7a1e0345859704f08fabd630f90a |
| SHA1 | b27ec5e8766a80a052c480f32e072c6cf4579a0c |
| SHA256 | 0fb005bf2dc412652655778ad58b67eb7efa40432bda244dd63ac0351f2a506b |
| SHA512 | f0e818a56c945b4f0c54d2c4b08e9327fa2e219281b3167c189167108969beb8f9f9973d538bbda38d2fbc06ee2248017d3ff938ede2404b4bc38216cf247253 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c562bd2fbd576d086750e87348040384 |
| SHA1 | 0ae4b0ac31ebbdc6d8d78078ae85fdae96165f42 |
| SHA256 | 37c23274f312f1664e285ee472929ac29895fba66014e0aed94a376c544b098d |
| SHA512 | d5b7d3301665e81e2a58c470def4011065ca6cba96bedc231568a297053e8557d8f563a6888a57e227ed7f5538c4e971cf5fb42050a3c3c4662c85eb40e40727 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 862bb57c18d91a9dce747766beda7688 |
| SHA1 | 3b4bb4c63026977efc0a816810f80bb2b494b632 |
| SHA256 | 0c4dd5072866a34b50b862f2536dc07abc5dd2eb7c38214ecac9d50682037ab1 |
| SHA512 | c6bc04db81dd8a8a151242c94aeab94682c3c02b2c6a4caca771b05a2a8f51d9cc92da4da7fad74850b5444b7a362a55217f8dc5a1d9cffcae41854d855ec137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 475eb3df81e7016aafb9fed936898861 |
| SHA1 | 52274519e32befc8aa9c6941e2ee1f445f1be94c |
| SHA256 | 8fed2947db5ac718f0479193716603aadf057dbbaf3302855b9568bb4654eb2c |
| SHA512 | 8ebb687d55218d11cb95df87fb113d6dd07aa65ec467151d92b280754ea9d485c75b16c950d777376d3287ec7761704f577b6ad1df708221f1b57b2ab7517455 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65259cbbb454158afda5a53e4ad8c15a |
| SHA1 | 841005856b491afb23836310fa004390f51a6ef6 |
| SHA256 | 7c8ed360fdb48a0880f09f0a9d027b1496449d30767788dadd1a5f6c1c6550de |
| SHA512 | e134a9934321492024377eb9ccfd2c65a6d8f58c691c5038f0f69b9928739c833e48e6849169951c8529ed4c437121141d7cc36a33d0537a95b3f3d79ec494e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47fa57a01f359cd341672cb2c72a6593 |
| SHA1 | 01af11371925e5248a0f00ecf476a2d637f051f1 |
| SHA256 | 188c72aea5094aaf6cd5a71330be72e71d4ef4a1c95ebe24ae12b337c1338220 |
| SHA512 | 7cef11952f7538da1bf7cb3c19e7f0d75d8e371a82754a1d1a04cc552406fcba73ca4f83c7fb6996948ab280db3afcc52368b55cb5b88696e9c1b094de09827e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 180f4d7ae2669bec67cec69e803b1efd |
| SHA1 | e8367d0b42662ad5b91da89984302d9aaa8fa764 |
| SHA256 | 7b2a08be86ead5273f38d62bbe3949e52c15dc32c40b5564e85c7ec1d2d09e41 |
| SHA512 | 0a70d3f63ce58ffe039f40a052f16c2bac2844a86683f43f41af7b11a6736f13fa13f9812b7d5d4cf02bd21006c77ff63621df43b228656f1c19e0189535eb23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2d9714b632c4b7f5e48cb9840ae828f |
| SHA1 | f45a131cb96b2e0764c674231bf37525de96c2c9 |
| SHA256 | 381bebf856efd3792905f87f0ff534dc3d63441b8a66e7496d54905e9fc340b7 |
| SHA512 | 0be0464ba53e36fde754468c6cb9c37447d14d092ee0d27496b90ec910712b071c5a032243444ab08363e3fea58c58e6be4d30e784e34a317d7f339043e15b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f37573a78ab6efcf998f7e89718abf5b |
| SHA1 | fc6efe067b21a5a5a42f25496ae1bcaf1e830e6f |
| SHA256 | cfce8b42db9744225a198edaa5b57b753b5c0192c4bbd1835989e83c9b6a3333 |
| SHA512 | faa01a98643046385cbda1018ff8da54d35e7cfacf70d03ccc8c3219fb85a5b19493d91a75b5b98a74b42491ac32f305fab9498d9f6ecceb304ebce8c6715434 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e44bb60da8a11ae296dc5d3de8df5a2 |
| SHA1 | 9a391f0a67ed10e3f88691be7942a27659cebfb9 |
| SHA256 | 33374b0acf6ddafbc5cbb7b5bc6db3a232b3596d9612eb1166bfc0b33a29460c |
| SHA512 | 28234b7c03d4c5e9f4d4465153b569a0bfbf2cd5b5eff68aa3454d4084c58a1d9652b6440b8b6f467e1a38b1bfbe534d7e302cf5d7c8c8097dd3150067952dfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bf47b630469822e0236b4874c641bfc |
| SHA1 | 1e8b9c2cb3fe512567053c859f3a5428d3b8b6af |
| SHA256 | fe4e2c59fecb78da758aad473a8849160ff32a0c0bdfd173ef8a4e32793bb7e9 |
| SHA512 | 2d26e8d8185829153b4053b841ab4ee183127f9edc98128096f4830c4ee0ddbfbf8e154721deb69105f312b678e1adc126279b5438db5756b5f33ce7838fc751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0a6cc43cdba340f1fa47d9ddf81c839 |
| SHA1 | a65e01278a5cd8a13ac320e1324235e0b9dad2fc |
| SHA256 | 7f90b95fb5d7e78bc93d0a6f5cc03aa96a270aa920bf9c0266794fcf39cfdad0 |
| SHA512 | 6e70b0fb41e8c43562d8ddd618e7cf46dbf7ad32b25efaf6f590d06cfbcd5436efe4692d34dcf79290c58cd1056d90d14bee58df0876e9a811521d01499a1acb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b10f8ebb0fe87c0b966e2de8cda349d |
| SHA1 | 5fc8ac37fa762e098d0ffc9529cdf91d61458be0 |
| SHA256 | 5bef88e59e22e13b37438ac249a326f7d49d0d31f61fa53932952b77a1968f70 |
| SHA512 | f54c1e974cf2763510ff4abcb238fece98a27b8aa643fe158911bb578dfd1164077209eefaf39382d4b3a769700651cb523be71771273fad5a6d8a071f5504aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cae66233e7563eef4e65a7f0ead233c |
| SHA1 | 0cd76ff1468b97e72dd026047cbebf6b21ec1012 |
| SHA256 | cf9c45312eaebfad44bbd8e476ae572fa464df5c1db052f695094069b20a58e5 |
| SHA512 | c5a13a87d804673aef73ee7b5ff856ccdae17bafb5257c94b916b2500db2acad5d86f0dc2228ea3d64ead00c734456f23a87d7698624c5a1707e295fb3638d66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d37da85005acf1e4f5d05fb4c83445d |
| SHA1 | 274dff22e286538e3cec2d24a822f8bedcf011cc |
| SHA256 | 89593804dc7ce9ecd0a80fd5d3bc165268a69235802b90dc5b7c8f2ea9025e06 |
| SHA512 | 8bacc54aa0b8a97d2a9adbadef9d1c25b51a3766a3bcc50ae1318bf9b7ff088a7c6d0ca9e2309a18881d50d47d75343cbb88dad0129e99c16fbd7f3f2beedc87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 612850a7d5aa241f76ba5bd639d31ab9 |
| SHA1 | 51de94a6adbe817b3c1fc5c78ade4f563893f76d |
| SHA256 | 27e69a0b16e040558001675b4d98ac84dfe67018f66960e14a94f93b0f8d17fa |
| SHA512 | 6d5d0ce0a2a8f78a8e7a90ec69dfb44cfe162e92872509d3bcdfd5c38ae560d42f459e407aa0d4f0efd9be8d16b5dcc9b4b8a3fb6384b5f187a8887accc55f1c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:26
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49d564cd2e36c7ca1c887f813702335_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,161869608679680335,5771348645445682001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4428 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lead.soperson.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2984_EUGUUCPLSHEPYSOL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9285e52fdaf1e6f301d94537f509a68f |
| SHA1 | f026b26ed45cd18c543b0e39414b20c822938ba4 |
| SHA256 | d037af6565d1b4277231f978277fe9edfe2973729b356533ec8227962b050561 |
| SHA512 | 745d59d58d80b2d77c8c86dc58fe2f2a5a2f3db551be2f20045e2f671a1f3e920ec0b15c593adec954f125c0ff28858e1efb8baae2c3ec504f5a927c39c1669e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7980d648e60ff454b2f9ae5931f7ec9b |
| SHA1 | d861be36bc42f62b9e9c6818fc1de7b014d73dd6 |
| SHA256 | 707a4c5010a1f79b34453f7147ce038ea669ec417016bc503b71328c56837b2c |
| SHA512 | a88294c7a57a3baa45483462851cca3b1c25441826a3eb7b64aacfb13e73bf35b0e40ca3632f3f425804cdaeef5dbb8cde0865908a5074a05c8d5b6601530755 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6cac410187d3cd0fec0d7d90c4dbe16 |
| SHA1 | 10cf31c24c468a1a1eb112520879ce84edbc64dc |
| SHA256 | b9c0dd0780f671bdee8ba994a7cd393273e743a1fdd55261976ba38f91e1f99d |
| SHA512 | 23c44ff39b9e0c54378576a21fe92d8e667be8f08df054f7d993d1255e2ae5f93d5e9f08565a3ab078263ce1e136fec3fad35e461c7078c2b8b6bb2df03a25fd |