Analysis Overview
SHA256
2c0576d7886d129f3937da142514662e7121c8364b4caa4bebcd9006e76846f8
Threat Level: No (potentially) malicious behavior was detected
The file a49fed51633bc873c397133e86dc800d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:29
Platform
win7-20240611-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4FA6A51-295E-11EF-9028-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000993844970a13c3737b0ee978f7db09fc4c3c8e907e5ed21276136c63439c24aa000000000e80000000020000200000009eab3700cb5cfe2d0570f2237fde4460f016f263243c6cda87d2520f46839a1b90000000fb5cd01b0907b7dd30833aa4bbfa396fc5bef345d87968a04d9b83dcaf8d056d3f34c9925c6e91c7cfd47377ad05ae0fd64d4160d85a7fd6eec530ff187e29eb645a15e554d5cbe1719d4a7a98c3ac454554879167eb5d27dd27dcfd0c6530d88227a2d0ce848457ebfea27fad3650c084853a059b9e6f3f856e250c601c321a3d6da7b04f012dac9d87f031914afaf0400000002fd3ac734522148bbaceec66f0a3f6b67d21fb4b953ac75460421a5a1d3920ce8fe882d6306a187aa82d4439f79b89137648e3219483f777adeff68664e38d6a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2016597a6bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e592b1b917c3602d0d91e93a111e261d4c466b6b9ac63afcf22bfb412a8bf897000000000e8000000002000020000000949693b55e7168bfb9eb423810257c3c1f3ae8d5c62260dd235bf312ae17153120000000f6b07c3395e97e8e190242200ab3f09ec34df640bcc1f5e819500914d461e40340000000d0f3d56565be6e3d359090b4ed203487fa4e5b6f12d325a7b1408ff9f490051ca4452f8e6425a39cc15e3b37a95366695905fb083baf79d48de56bacdf556e0d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429062" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49fed51633bc873c397133e86dc800d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.satiricon.be | udp |
| FR | 213.186.33.19:443 | www.satiricon.be | tcp |
| FR | 213.186.33.19:80 | www.satiricon.be | tcp |
| FR | 213.186.33.19:80 | www.satiricon.be | tcp |
| FR | 213.186.33.19:80 | www.satiricon.be | tcp |
| FR | 213.186.33.19:443 | www.satiricon.be | tcp |
| FR | 213.186.33.19:80 | www.satiricon.be | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| FR | 213.186.33.19:443 | www.satiricon.be | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | dgdsgweewtew545435.tk | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1631.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar16C1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da83af8589b79b1c28cda105155f7491 |
| SHA1 | 07673e58081cafb1d0221f2451acfc36f2a7e44b |
| SHA256 | ab41992855265fb9fe88bdc3b23aacd0642144dcbe1c411d07b1d64cb43a01f6 |
| SHA512 | d7e0cd859844024445670e59df5ec633f94c09e369ba55a04dbf556aab6db48222421dc29801a32d0b5d4d4a7eb5fb8533098209e7b1ed4c44556b7ff8fc00c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fed27092866b3eb65725b3ca753ec14 |
| SHA1 | 2d0d271fd66e6fb6bb3bb139e3c4e027642ba05e |
| SHA256 | 4484a9c93b3d658109a65abdb894395a5e476f5eddb0818a5450641b0ea63f3a |
| SHA512 | 45e8feaaecf90b4aebda4641a248a1ee97056e121a39a40c7e6a9d60f9729f27f95c171baf8b7234a0fce7e25e33de07024e2af1192b16c08a9f8f61380e496a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd3606242824456bf37e599e6b51eb11 |
| SHA1 | 69621c8aeba2d617a3b133196ca37fc3b7b37eb7 |
| SHA256 | 47d631675f4c79368ccc90ff3310356dda0af1aafe417fba7557b4b39917788e |
| SHA512 | 5eca75b589e9c9cae2ff016dd6d1ebc45e0723f109946bd98641fb0e569aba4469dcb4036a9164519f4db5e6daf667cf8c2386cf6c0b4150ff0c649e87ef474b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64a0618ac21c39bfead135eab8b55190 |
| SHA1 | cf3a2c202476700688a0072c7d1a164c0007e6d5 |
| SHA256 | 14e0e5ed32c9a31a89793c31074e52a05b10e6458f1b38cd80426e13b2ff3fd9 |
| SHA512 | 8193c53dce97f02b8a9c2e338b59ac08d6248360a57fcfbcb21b5045ea096d9ce67629ab29f950d9d18204b12ee53fd9312c4ed0a1affb9794759b4f9d7a63cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc44a43db27b589f3e214dfd6b750eb0 |
| SHA1 | dc2609c9e83a5e480d7a2f93f41bfdd27055e663 |
| SHA256 | ab0f08a89b682e0d3698a9fdda0284d19287f7f7cbd57ab65ee5c860c04df513 |
| SHA512 | 9a4b5238b22af1bbbf361439710e96b65faf3959d2272e040d048e545d132a3a497592cd3faa10f006a137be3ec0d88c098c5ca6f0335e7ed82e5f34bafeb55b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c3df9a44a80be2db644f7f19a0127f |
| SHA1 | 7ffbd14ea799f9cd53767c76b167c52f7b0de598 |
| SHA256 | 002e8df80bf7426934e35a4309467a7f97c79644ed60e6db60031d1e48493120 |
| SHA512 | 99b60ef76536bf5ccbe7555da14af01d3203985cc9ab460283a261e00cc9e9071bee594f0d109be9925db4a9011684ccb7b84730e3ae0ca9a8e93c245ebe6174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee7d5b7d22def23d78fbac95834dada4 |
| SHA1 | 0aa757647cc713db3906f7918995489511df8d7e |
| SHA256 | 59d382361e52617e43aa26c3ed015638b6f24a6c19b6c785a8240ea18632640e |
| SHA512 | 45d2e030844bac3873228b5e04e8723aa14e11a783bd8f2e2eef5c721a47fae432eb4a58e84db061ebf0f8ee7b8d5072f38c0c07d72b525ad19ef376fb2bc35f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5060a5b6f10bd0c7c3e9052e2d65ba7 |
| SHA1 | 59da34c21e277c026526dc2d1830c95ba24ed084 |
| SHA256 | 98c67dba88fbd660d75e897f0fb92c5b3cfaa834cda7870b9b59df4b8ab7491f |
| SHA512 | d5d32f2677a31da5e8b341c128e53edb984a2cf9996c2f5646520c6aea2b4e1e4450f0bfb64c763e9cc79596156f4934fc37248615d24197d71a6d0e69941cab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54524a0cf7e2b2f18ecf23fc413e6d9a |
| SHA1 | b3c6b59266684f4e4f6fffddbbf7dd0ef412293e |
| SHA256 | 0f865b956a185c242441efbbff748030d6487a5660fa8b68df037c4e5abd9985 |
| SHA512 | b6b7a2f7c5c3a1fd2866e07e1d309e93e75fe610b7ed0fe8434155eed5f781f9d710a3cf957df17b01e338434d508ac28bf4bcfa5004854edd8df57bee5b6862 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 113f4470470a244db56f595d4c035ac2 |
| SHA1 | 8e920e516944e7d78089e4b4e83e9945b385885b |
| SHA256 | 8403f65f68b7e36ddaca6429fd56aefc5578ade34048558f025be76ee60f1705 |
| SHA512 | bb620a22813e8099e5061062e414b7ff2ecaea0879ec66b07dec8803de6808562a7c80fd38d22bf325d20b0ddc8c4bf94cfe2f87378659358a10cfee02138982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 177dc4c863e84f98c5d19df78dd87f36 |
| SHA1 | fb77d2a8a36a15624251a4a6434bc2ba18036c88 |
| SHA256 | f8547dd07680a82be2889231e64429cc40a24db1a446b32b2354e60e4887bb7e |
| SHA512 | 1ece9d920bfa66523277a54c8d68c62b214ca8be52878f89029059080f303f40462e6b7ee8e76473b15f9cd38870b7c7735ac6a110bc7556b6e1d9add08f4d9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2760694170a4d27393bd9e2b7ead38bb |
| SHA1 | d01d829dfdbe63f4f9229c5c86b61e793f0ad33b |
| SHA256 | a10f6b1cc88956c26b91d6ba08a8db9a0f0d8b65ad5cd8d4802bfe7fe39b0a31 |
| SHA512 | 165709c1cf44cbc9352cea5da8aec87b20d2edcb3730314063a5af9b0f626610471fe44ce542fab422d011822c325036a29af6b0e3994464acad8dc299f7eb0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1540002999b8f412a8d84224ee8d7eeb |
| SHA1 | a594f8a8c042ed6f713033b8d283ca65bb6a8e6b |
| SHA256 | 71ca2e1c4c94244fae439729aadb83269f5380fcd8c32a95765f728bc53fa7ef |
| SHA512 | 023d6daaa65f27ec09a230fb3f747c20d3f5c1a08aa4b817db778d5c160ffe0d40b2d24004d0726d529c8c26213909431681c9f2c3ec585f439d49f5ae7820a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21dd695d8d5ad7818bf31ef1d28b4ae7 |
| SHA1 | 1ddb410a8a82d0767afc6feecc5b1738be64aa7a |
| SHA256 | 8d6ae3c70bcdb8f0115e70800d91f21103d3491de028ac82225db67ab50d535f |
| SHA512 | 6c90bbbbeff340a9804fefd6f0a594b4832bb478911ea30f02d57beca97e43703c15c91564e4b81f7ab5e76fc3f4fe672d9b8c439af50db28fe89a5e504cc9fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f04d5d9cf6f764ce5f71943b44b5c49 |
| SHA1 | c8e936cfb84c14ab43538108dd97b9899e656747 |
| SHA256 | 3932c825171215ffb372d5d387ed3bd44a8503979e8d0328d301d22b9b7e29de |
| SHA512 | 0e06efb23de75c8387dac57d844b0f9b4ba44c74e3b53c80f0c07504dd415de31ba458fae774165394bb7eabec1c8a2429b37dde5a8d6e9bde15486a82e8b0ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68632119779481e1b4cfca67e1e58f36 |
| SHA1 | 2dff07248e00ab91ffd66b52c15bde6abe9069d5 |
| SHA256 | 43743e376b38fbb16cc74de95d334623bbc5fe6a913a38d7846c97c86ee52857 |
| SHA512 | 240b71c46bf7ccb9ba4fe5482d029dff74a98070b7be324ef34958d1cf5a4aa7ae233171dd5b23b7796b77b00cc1d6e5677ed547d5bac786f4e067d64506cbd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4087243d3a89be25d754367995fb6425 |
| SHA1 | 81db2f2c346616f33b1116f4784d94813487e970 |
| SHA256 | 7a7aa6954a568c00df7bd1f22b586496f1964dd6346fedf39257d2eed25a0f6e |
| SHA512 | b46dfb31b2033a974cb2909adf68a0f030f362e0f62737297bba05e175f8ea7668a5ccd84c02ecef58a7fedad3eabd44289ab3d1560f6f9147c5c3ea7ea7c590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f953955f9ac35d2779d642e6691f6881 |
| SHA1 | 88519e1fa338ccb4aabe38c722205f7ef97a4ca3 |
| SHA256 | 98aa506d65e8348358fb45a65516c76b0f84015da712f2494fd107bed5f847c1 |
| SHA512 | 444b3229f1ec2b5e6870b54d23d96594bc225f8f2331ce0994308c39e5b5d7141e73cd21e90354196cbf868c49c19a59f5f0eea997693381b692ba6c8b42b8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a8e824de18072fd51fed0346a9389a |
| SHA1 | 1d3c780e05674828b1f1e74bf00c729ecd16ea38 |
| SHA256 | db9e2790f8b291c2356236e554507054d4a176def29cd9b965b01703cd33461f |
| SHA512 | 012643a5bdbeb81be79a13861d46d5ca92105897dd75460ad534ea05917df7705aa16ea566f33c153fab0fd9d75100fc3474b0fca26b2292695c6c7eefc03898 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6919b9c9eb91ea41de358a45f86f1754 |
| SHA1 | fff050dd77cb6944bc22a614b022aa2506b9f6d6 |
| SHA256 | 3e3ba28263869190d3dae82a062cf460e509a65d471ccd0fa5b7a02b79cbddd2 |
| SHA512 | ddd7e3b87d0a24964781c1dd92059deebc8561da9301d9280dbed44d9a5057e5b75a1394c6d2ece3785a4808dcf00c31b2c5e8b0555c66097496a1d56f7d3b77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ac84151b67df1e0015f8a69a4b5818 |
| SHA1 | c2ce03b17d5d64ed6c6240ea91ebeee81019607e |
| SHA256 | 79a6a37e1ee83d095d078fb067364d7813c8be89bd3a2b2825e111f3c66f9113 |
| SHA512 | fbdbcde15036763ea84083051a9403ff29308eb7f64e0f42b569da58b28d4b1216646abb78082c734fc5ebfc8f3c6de8a1f10ca0b009aee29e73f1979004369c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 784b3f3fa3e546168393e3fb6ada6d3e |
| SHA1 | 004d32e64b619789c28298567efc405687be01be |
| SHA256 | a645b1b3935811829da06450e56400c35e0a8ad47ccc43e286f7e52699edc71b |
| SHA512 | 9dc68f821ea25e5fac284e51a9f85cc268d480283f9d90901faa6ee178fd855f274d4c265d4dbfab54d594b114fe518a3a739c3aa4c06f0b22a490ded9ddf706 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:29
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
128s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49fed51633bc873c397133e86dc800d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa808d46f8,0x7ffa808d4708,0x7ffa808d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17807908119858261308,11858402890566122674,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.satiricon.be | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.satiricon.be | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.satiricon.be | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
\??\pipe\LOCAL\crashpad_3472_NNROKUTXALAOMCQR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 624f95ec8cf90584b5b8646e747c7b59 |
| SHA1 | de57af8ffd91c43175640a14ed85362e237e97e5 |
| SHA256 | cc989f9bdf9b96b1f5304f0558107f812d56f81f3b77ab4e766e5b9fbd55c722 |
| SHA512 | d8c7c53a8b5f5d03abbe0840c6ec68a3a768b03e1175a1ad50b5ecd27835ff1fccb114e7bd07c3626e02ddf7a1fe8ba057fccc20b78b70d395a65d6505e00091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0934250398127470870c9363b072e12e |
| SHA1 | ee987549ef08268086d83b18f322fae65b1ff56a |
| SHA256 | eed18d3afb204759ae71bad7093bcc5e21810bf784f1fb83f06832a5d0b5593d |
| SHA512 | 4a5ad366b9921f36dd083ae764bc6e172946097e0cdd024d72e5ae4ceda4517ff169ef3f78359b99eccb3d3e08d1aad85e87c3e42ed3cfc2d45027b05baa901b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d05c1f8fac4294c0f7b0d8555912724 |
| SHA1 | f72506999098113ff9742e8542f452df50c98b98 |
| SHA256 | 90c9f766cf3368ce5a323adff8630356a8f55f9705510674185bf77c2b308fce |
| SHA512 | 00c3a6ee0d2709079d6521b6e57eb85198dc2790e80d9578659c5ecac44bdbb4e7dc02ad6ffce3ac4c530512281420ef8be0f7f1d3319012795fa706d66786b1 |