Analysis Overview
SHA256
8963dfdec39be09a25697e79b7fc48d364db15cbf40891f3aa50a8c64fe1fca2
Threat Level: No (potentially) malicious behavior was detected
The file a49d8cd2aa6674fe118b084f8c0d96bd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:27
Platform
win7-20240611-en
Max time kernel
138s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000002a1ce0b197c44bfcf16326ff6c8d75cd1b0330abfbeec0bbbfe463e86a3a91f000000000e80000000020000200000003ee91547ac3ea77aa8f815fd559e04f340c0837c2004b8002bbb804fc9a9d2c290000000fa6245c2ebea14fa6c23e5032eb8c5252c64e4ef2f0f188944c876530bcecc2f90d01def9f908533e1d9421685e30e7d00d60928c6b66d930bb3a664aa5709d59c98a7bc08d88a6a5dd82eba55b58eb5f3f4b33712cb76fa2995c957f1aa0caa35c07065aa295bdea0ff2d89d59430a7773381a80034c7735f92a401c84305cb9056bcb9651892c7a1cccb95c4fbebac400000001ed1178c4931f6fffbc940a4c35fd7e39c3faeeed3dcece90a312c0fc532bfe36af5f13579264b72b1187dc836669fafe83e76fb0117997fa19fd6706a88a534 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000012149c08bad0558381d4798b9c33088863fe8f5c6a92d4b1c80ca4e74099b147000000000e80000000020000200000004056b94262ccc9c7ff3b10730861538fcd992583d57262415af84728238b9dbf200000006c745755a0977d46a76fdd67234f63f430ed94de8dd69c36a04b7308046812a84000000048cf7f15f708077f811f96fea3bbef3f0866334efd9c82c177d8f7af9db4120dd5488b847e6026f716aaa3fecfd2684987d98484e4fcdc4c8b76343425a21504 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428937" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5A777EA1-295E-11EF-B0BD-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c7802f6bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2120 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2120 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2120 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2120 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49d8cd2aa6674fe118b084f8c0d96bd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dokumonster.de | udp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| US | 8.8.8.8:53 | rcm-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | rcm-eu.amazon-adsystem.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b61161ec54655235b0760cd781d879 |
| SHA1 | bbd76634479f2e6404337fe06e31f8f94024c1fb |
| SHA256 | bbe3e3fd72d6d04a0d52cfb663198edc7177785a2db7833e14d9a0cffb415cb8 |
| SHA512 | a13e7df5256de2a7f6c601b479e6e740df665e1757619e50e237eba330e81f7c3acb25ed77d5ec71ba266f7dc9e3c34930bc094f8cf1300182872f3951e8e8f7 |
C:\Users\Admin\AppData\Local\Temp\Cab32B5.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14882210e9adad06c8c9e5515cf26b8d |
| SHA1 | 0ba9e0f0e09503e813c7c2993ad03ff1482550a0 |
| SHA256 | f54d9bbdf7d70dbe31f6aec343b00a38b6199c8e07de02041694c810dcfb6c7c |
| SHA512 | 8d8def4319aa8b449e665944f8b3c1073426c9067d9d5b90299cb43cbbf5a123d882b59e0cd1eaa1247c0fcb4ee3b7e726802eaf6a6ca53a7cf39dcbed79c15d |
C:\Users\Admin\AppData\Local\Temp\Tar3368.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67c5353d89f40a958f793c51c274844d |
| SHA1 | c6629364cb37fe0b643b1fca02432d60405fce66 |
| SHA256 | e51c52cb3e6bce0e6a628b9b35d6552d0c0072ce951565f147d22105812396d1 |
| SHA512 | 8aaf0fa6664180fc8f1a559d3ba1206467028bd1be08874c69aaa0ad8cd2a70bd65e0dc052a314197e5a5ae781c953182a218ecdce89acbddbeb0613b4a8bf0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aebb263c8352c856bd8fb7fa51e0e5e0 |
| SHA1 | 5f2949bcfeb3f0547e53df79b38a00eba1014132 |
| SHA256 | f890fab30752bd7049da41914c3bd35e661a52ef7fd1bee6e325ae1f7a85207c |
| SHA512 | c2451c5408f53b615c74cf9137bdef82ea4abc2a59fb27ba9e327197eed20cd6d60ce106df00a1d4719c18089ed075fef9636570ed83ac1fa1f3456f0a0b5e19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccf7942a4b1b5f0199e4de507c380f25 |
| SHA1 | adc8050e063a53e195fa281339688abf8aec8179 |
| SHA256 | 5b02c62b02f507b28d60bb0349cf7e8f7a8a7f611bef18dc908f152db7cdd114 |
| SHA512 | 39856221a40994a78dcce428867a7cef54993caa2f265802ac3e9f064c3a0652b38e5d050c2a279c37659e358893bf21f490578f233600237043986c5bc9f74a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b156687f75b6ba1d4968f66df570309 |
| SHA1 | fa60957479d2c8722755d55656fbb3dd3bd0068e |
| SHA256 | 37ae8369d3d2f3f6c6a31a9fdd5cf6d6996b4ba6ef31806e40956299203ddaa7 |
| SHA512 | 8e07f6d511a5a5dff14ca67181bf2b91b2282153b11b05c4599cadaffe199cc0ace188a0dc715485c60ba8a44cf14b814071206f4cff0f79c0bc83a9a98c2136 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ca5ea9a0b81d333e8ed7d3a1e07b4b7 |
| SHA1 | 966ae1aab9f0182006b152df4816f714e1633183 |
| SHA256 | 3baf6e76209a817df3559d619aa07ee54a1c6df6000c186b282f191193ec65de |
| SHA512 | 7abbfc804840df163c1a922313d203159e32ac124fcce4ffa926f602a8023dc7edf984f68326966a0aa3b6f46e399fa9e0726d3e16a359de8cae04731012928c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35b8c9e27c81d96bf6549a2bf31634ed |
| SHA1 | afcdff67fc2fbce8dcd29f26654f6cefca517bfe |
| SHA256 | 99504d5e8b6f01e6c9fa15df1cf734f9e6ae793b85c97a9caa638532feafab28 |
| SHA512 | 65a56fe6789882309a1d90b44ac1142850ea6648afb78eb2f8d0373cde43c256f09c9f82fb56eb8285ab32184f37760d04f09e283e9e99e89bc0ac62a0970c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac5a12326be0e24b7328e757b1b97291 |
| SHA1 | 3b0b195a79c562578a31c5f89acb201eee80fe77 |
| SHA256 | 5e07bc65cdcbe55245577ba6889f4120e7ba2b2eed05c9eb9f93a39b26f04ddb |
| SHA512 | 3c9903c7db7b20bab08889c148282a8f59effc549269c1d63f642ebb690c3f479ce3f59b45359d5cb0f2f79c548dca15d2cd8c233585faa3d875c640099091b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f3089e93b4a1746a0d85df5d9430f8e |
| SHA1 | f636bdb26f827cf24e8f5a3f59bcd21fc24b0607 |
| SHA256 | ce93c6386fee2cddf929333cdb3ff87affc049c8d3c35028c274dd4d86c73963 |
| SHA512 | da1c388b79f506ca9687adbf4446307fbdf894214cd0aaab9c920162648b412fc29aea32d3d6b4f4e7c45be01793b6a28325fd505fc35a5d44055c1691fb34fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dde5191a41f4a7336844d13bf3ccb52 |
| SHA1 | 8e01049391f9d77abcd30b79b836d0095c5ccee9 |
| SHA256 | 14a960586f4f7015fbe9bb2bcc07d6e823d1c6379f35f55d905452400f4d12c1 |
| SHA512 | c07692abd1abb00a9b21136dd141a6b30f289a46edbfca49c0f9b7eee3e2985f2796295205b0439d8280f5144e06234bc0786121cd455d195ef6182a44a4be54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b14b70184a814e977ec2975ac26b5c4 |
| SHA1 | 8ac008437b8e8f0852b2f3bd121261e2ef456dd3 |
| SHA256 | 9bab9ea020bb6e2d31c942c92780e5f62b548e3749045c9e09c0b09c3e227cd5 |
| SHA512 | e95b54722e323f2a28f68b54c78e4355144a74cd71f588f9500b55b4dc54867591945143d966184ee040409cad8ba25e7ee7f80ea59482f2baf8d8153bf5af6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3cb6f8cd7095ba41f8d050f006ee1eb |
| SHA1 | 989e61966c2a902ee937eb5d75aceb9d8feb0991 |
| SHA256 | 6aa88930729234a63264ccf2dfc517fbf212a8e025eea85fd89bf48a5e19caf9 |
| SHA512 | d61b8053a83aea8ba19705552acd402898de92fe2730694d656fe82ec29f991efd110ca53c7b1b5b33d5b771e57f24b0aa90c45d554735fd90582bdec960a78c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3474445f36f385ae44aee7fe6bf5098 |
| SHA1 | 3346398815fe5d0670d49ea7290849b1895f3e4e |
| SHA256 | 86afdf996936923b4df8bd2e3b6c5ebbd951cc43adf1e52845ef4b7ae9aa2970 |
| SHA512 | b0fb985168da7e0376874aa7dec0203d69d8ab08a02832b8b58942236f4998ed04314db1cd7a9b974c1cd23258982c4f5fab07b95f3dcb4a728c443ede079c34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeaa36632b7a42b6ca757c68bf5bb2cf |
| SHA1 | ee6167aebd8beb520561cf9bfc4d862140a5f960 |
| SHA256 | c5185a46c93c12429968ae18d955d4c94835c1fa4ff811f06a9848bf3e16fff0 |
| SHA512 | e6fcec1c636c8483d9d23e79f3a3a43767441d7e28a599cf9bac136ce441877df25189a91ce2c99f9e40a993262752c5d5f37e9dfb59e3f7a95108c13129854a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e2c90fcf2868b7f136db6e5002290ed |
| SHA1 | 164a34b21cdf32824d9cdabf2726010865e5448a |
| SHA256 | 631d0980d666e29a86d12d6f97a4a33184bbcf7e448e54711b47559f588b38e7 |
| SHA512 | b8ed541df64a43bbd6e39eaa64ba607ae5b333c0349c67e7b46409a0ffd3ce697d63586bdd1e9e00b268a29500aa825b4993a7f037b1fb21741294b510cd44b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0366df1c1b4f989562b60ca29f47cdb2 |
| SHA1 | 6b1237af71d37ff02269be8dffe2c44646fd8ba6 |
| SHA256 | 028dcc577268a5b9b918379b85f798c37141c54b8add06de633b1a6f48f80a83 |
| SHA512 | 701c5b009b37470aeb89140ceb5061f75896005ec19e0800eccb37f7220954bad1ed09ac59d744606576432072250aae92e346228e63516611011e9d2a8df84b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7144eddd4213cdc20629dde0d603529d |
| SHA1 | 18d2ee0afc5c1ef0793e3414a95d9e4aceb00b8f |
| SHA256 | 561010ebeb39ad9d9b6d135475c0e174b602c697a122688236d8f0871c133951 |
| SHA512 | 0bd692103098eed79efe1c46ed5ef2189e51f72d7b025289f8583acf35f5d2c15008ef0997f1ea0c53a27d3eeaec75c03b2f96918926f1661b6360ab9aeaa4c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 218c8ecc5ba75546949d780497dbc2ca |
| SHA1 | 6aabac48fba2767543ed1207d34cb68cd9bdaf36 |
| SHA256 | 708f447056656b6d685f6dc560d574a8393caf58eb524a8fb306869b491025e6 |
| SHA512 | 6b03fad9c7a1ab03f95b36601a23197e62cbb5b5b6df599da99296626c2b9d986568ffa8c2ab6a0f47c9f69ae2e730eb82cb3dfc594d6b513627a4c0b061dd91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ffac6f2c76e5ddf57c2ab63245c89e |
| SHA1 | af1b6dc4fe3096f72073dcae93155f11d374f5aa |
| SHA256 | 4489897281e702c75901ec50523bf43ec68ee3cb45057a8e0fbefa0fe0fb706e |
| SHA512 | ff7985a92b882e6ee3b9df6cd0725930f0487951d7a2443463716f87849cbafd4c5ff74e382aded3e427f8c6bca4a7652b00b11d1b4a48593785463449666e95 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:27
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49d8cd2aa6674fe118b084f8c0d96bd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb7be46f8,0x7fffb7be4708,0x7fffb7be4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,5661001778180952865,2799739508802597779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rcm-eu.amazon-adsystem.com | udp |
| GB | 172.217.16.226:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dokumonster.de | udp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.155.13.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dokumonster.de | udp |
| DE | 85.13.155.6:445 | dokumonster.de | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| DE | 85.13.155.6:80 | dokumonster.de | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_5024_HBWRDWDIPHUVOTQI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b50e3940b51970ec7192b1848e13f18b |
| SHA1 | 2af4e5b90a2a77243e5573084151b2edf5b43d6f |
| SHA256 | 23e72fa740fde1125325ade8e5db4444503694f733347a54fbbe8d2f049e9cc9 |
| SHA512 | 1a54cdf74e8dc2e76abfb96dde6d6dbae37fd8f472c3cdf9901bb6148db56d1f5e11ea01330eb5d86cb128f10b613a3fd2cf0a1ce05f3c3cd8043aec1b8bb023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e3942e0c9a0a925a5b908d0f61e83a00 |
| SHA1 | 2783ff184450a27328f5ae128cc7557c9383f7a7 |
| SHA256 | d48efd8d65dd5d287b925d9fed3a0e518258573ec6eb83906674d7d5c22abb8e |
| SHA512 | bab0ab8e32e4497e256a50d026f18f26d0638132b5cfc053badd0ef8b3903086c9b039879047384cde6a248b9f19bf7926472838ccfdbd4ae6252610219c6626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a5c00e2eef0728448acfadd2f8604c15 |
| SHA1 | 5b352967ddc5d3cf565509b07e6bedfb42b7ac15 |
| SHA256 | 47c36c8e4037b43c431d6a10b2e95390a54b67aff29066bdfbe87e29c1c32cb1 |
| SHA512 | 7772821447c98bafed4a64ac2db346e3f8d9b19cef3c2dfd6793b797ff5fb999066a4e50501bb0f64cdca7d448257f8c513aec0120f12f08b32024fc09dc0e2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a27e406961b00a2d6d576ad9cd5696ac |
| SHA1 | 2402507051e871d3bf46a297ceb743d63184e3c8 |
| SHA256 | 9b701d4633e90ae9d84d6d716e5d9d6716765794c443885d096eb811c0d7f59e |
| SHA512 | 9d1500d9f042c873e5ed96c14a42ffa27a45496eba0d513bcadfb5a5dcd878397656fb4f429b92c03c2e7c8f07acec3de8eb35a1fd733f67210b661bd5052bd5 |