Analysis Overview
SHA256
bb4298f0c6ba55f07c8b9cd45cb0f871a1c415c214d9e5d7e729915ab5ec9926
Threat Level: No (potentially) malicious behavior was detected
The file a4a099fbebeaef065a5f16152e5ae533_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:29
Platform
win7-20240611-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06bd38b6bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d0fc322a989f683cbbb5c4e4163a4698c27cfe379bd9f7328c5558062e4ff12b000000000e8000000002000020000000771927fa88e259da0801f625b9d23096459e79e2fd912be295fce2e29cfaf32290000000b507c70993ce26d49c04f219f8d99ece265bddf4bbcd0900d6470557f8ee0d38f00fdaf7f5fc32fddecd03879265a4075560a8d89df664d930f5589eb5af9bbb52be446532b0d727d124581c301019316e983762c25f45ee28b579932d93fa6db62aaccbb50260041b70afdbac220ce3ccece69c3e8f856c0e704ed56c921a316ccecbec6082594ad9ea2d86f233f7f9400000008184aaba6ec49594636784b8845010143f85baf9eeb8ba2a17ec190b59fa7201ed1d52fe151667e7671199e835c825b5aaf086b9f06d6d7fea7666a0f8ec6cc6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000ad551a78681cde939684297db5144592aed78369561a19bea39681438cc34a0a000000000e800000000200002000000002a28304b06209f02050342d0a30111dfcf8a09f9b73faf9a359d5e985b456ad200000009ddd1acea2f498a2f0b5d9284a09f321655c1a2da22c49dfd2089acaeb6ebd1640000000b3f9d4a8e4f359c32821612368b1b0ced5037d74070cc21a851c180e6b3182a750d9d9a716466795437d818601537c9bd1fb8ebde13ef7021133a043dc23dfbd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B47CC091-295E-11EF-AFF4-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429088" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2436 wrote to memory of 1896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 1896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 1896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 1896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a099fbebeaef065a5f16152e5ae533_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lminit.ru | udp |
| US | 8.8.8.8:53 | portalcc6.vssgfk.uk.to | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3313.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba7cc4adb204245896489187290257de |
| SHA1 | c9de95f152d4b66121a82cc6f5debb5ea177fe5d |
| SHA256 | ff5f94a56bc959074de352d79ced0b11eb7dbf55f7b9741dff31938889c8d534 |
| SHA512 | f8203dde0613f576bdc891a23ffe43670b570c2dff83013f0df7ccc054c9d3a1cb7741b4533f5510cccb639101fc4e4a711dc49fcee2140ecbce62e681d0f357 |
C:\Users\Admin\AppData\Local\Temp\Tar33C7.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8f33eb4571d50935c637a530f47a78a |
| SHA1 | f0009f78891172a573854dcd1f76dc8b51ff524a |
| SHA256 | 1cd4de27ad408215728590e32a8043de499431ef460ea224d9c4e16383e12fdb |
| SHA512 | 94b7e57cdec4f43823bb4c26e3d0f31f83c7ec34e6d4c13147e2a31e8afcb9f0d788000a937dcce3b04319d5930c48bfae328e7d70d7f6e5b4553ee98c3eb172 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4457aedefeabfa0534807ddb7cb00a16 |
| SHA1 | b3e2b13e0904ea992b97d853584622ce00716bfb |
| SHA256 | dd2763e9fb1580e2e3141e0792c3b070de34b9a20b3150bd72fef02885e74ace |
| SHA512 | b25c9d3438acf145456db728f0d3fb8a96d86fed2aaa62f9e49cd995189d36736d5b7f38e0b7c67bc35e70a0dcb083b0f174ce6bd49de0b13c1208e79c6386bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 978021853ceffc217e7e00bc2689f39e |
| SHA1 | 118778dc78fcab0e825b2c9a2491dd3819ad2248 |
| SHA256 | 76f784c17168a14be3ae12cb65d6b1cbb8d58e9e5446da64160e044147985afc |
| SHA512 | e3501537685e38beaa63a56bc398b1b7f612b0edfc0ca022c4ee0da572ef6650c3b4c4ac0fdcc28af4e8da62a0b4af15318e54755043d5b91168d6b10941cb58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fe77d127657998b736b1f0666707853 |
| SHA1 | 835332f14a9af44e4295fef027e8f4733aaec14f |
| SHA256 | f6151d5883ac5be9d4f62f4affa01540b0b2d66597545226fb830f4a9fea32b3 |
| SHA512 | 9d82075e564bb1437b80009804816c1dc4d38427f387cb0abcee6d30987dd04e1c7cf13e77195ce6d54f8d3bb54be37be6c3a2bfe4f3b6086650012ca5b50ac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c817ff89f1d4bdc794722a89db75f69a |
| SHA1 | 53c7a785750e4935aac6714646681eea663889c3 |
| SHA256 | 8a15e5a156e530a670238b7d4219892093f94dcbe39169826a17cce40e17e52c |
| SHA512 | 99c72f05c0268e97919dc7585416eddedc96a254896d0ec84aee799e1031f7e2827dc40384497c945b1ab80e4f1b1f957cca4d0af028916b1a7cb1a281689e42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc75962347a01b8e77134e0f0dddc2f4 |
| SHA1 | 352d8251f368ce2f996b852028ba2e612abb58ba |
| SHA256 | 784093fe7f65a5d43bd89cd3352955ac81cfe658611a4451de16c518b2e4275c |
| SHA512 | 5c3e77081971a38b2d57746d73b62ae0804f4c6f3ea33bedcefa4b879f09ae23174e62c1a97519fc4ef7e3ec5bfcf4267117efe7f923e69749427ac297b53435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 140415c29e0b0524a08a7c2cd3295dbc |
| SHA1 | 6f1fe35d99c1fc0cbb7cee1d7d165eeffd77d30c |
| SHA256 | f06566a0edc6d3ed6f98dd8e01867a8713a3ccf6d54493b0017212c5442c5872 |
| SHA512 | 650fdb30835489dbd2fda09f1b58ec24b8d53d6b5b3b04b16de5d8a6bafcc6a2ce7e12ade3964cd5c8b71929a4e230e7e00dff897195e27d6d70f23ee14ac965 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09cd9578e4a67ee37b388e569983ea33 |
| SHA1 | 49d5b24b84eefdbc4bca7f4073ea45187573e162 |
| SHA256 | 435a01a30cbd17d71956f7c8b275d196732510bddc43a99fb687904d632eec7e |
| SHA512 | 7b4ef0fd2ed98b3cae12fdefe0020ab12fe4fd38bda3b0a1484e30602bb81741690753bccc45a2aa1dba55626fbbae861d6b1dc1f03d023b5378be87ff60a065 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b1abd1cc4b79f32b261b524a1d8f07c |
| SHA1 | 920c01d15a47b741e0c033ca3f02e3f19830f610 |
| SHA256 | c5b1e7eebd5bcb2456b923634ac721f26caa60f4c72f387c0fef40ebc04e2db4 |
| SHA512 | 6a2f040e15a33cb702e91c48a68d67369854d3b244c44c38e4e53ced47295bd10cb454265227c51bc66f9f0395d2b50f533bf2d22617890e5a4f178c64d8e79b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5072ad6327213f45000b2a733383e7f6 |
| SHA1 | dab1a471850c11867aefa555e178d8ef9c59fda9 |
| SHA256 | 02d2b30bb4d67ac2d357db46751c9abe67d49f647270f05c208ebc9e09cb684c |
| SHA512 | bc8ac53e6030f19011302fd3dc14a9005ac3c332ef349570d21e588f7ba9a420fa307c89692a42530a7a1409499cf9ff30db7056e6646569bb9355116c280878 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 480d002eb536972479c5b38c0a582deb |
| SHA1 | 34da8d2dad9a01c54ae935a8b67dac6fc0eca9ae |
| SHA256 | e0d3bde5fd87e0e31d70e9d22b41cfd89970102c1ab583b3af9a72a0a421e507 |
| SHA512 | 1a7663b0d8e39dfaa232ef8bd12793230c301ef411ebd31e011d0a59405486c366f33ab5d62292ecc08e36651a882e823a3fc85828ae4d134e198dcd3881093b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a89f7fca8d16ffa7e1ef653a6eb01c7f |
| SHA1 | 78db2e0067f736ec3c2c757f967b9137e9a785bc |
| SHA256 | cdd33dbd98f312ac109dedad18ece582ae0f65d3a351e21bcef1e3f7ed15b3cd |
| SHA512 | 991eaede53d5cd0651b1bad06c9f9733aba8ebcff56af3af09fa2129cb7de2dceffe6ac61dd720dafe6e069e061fdf2279d76faeda2899197f5dc8871f9b78b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6390e2642ad392a4dedbb7aabbda18aa |
| SHA1 | 2285afc974f4514cb10a1bd3a2b40d7e75e09512 |
| SHA256 | 69c1758a748e2ed823b2e16828ffe48d44af59adee5939f9ebc8097b7496ddc6 |
| SHA512 | e9ed0f517f812d874cb784a2646cd9a5c9e941c88f27ce70b5338ad23ab6950f1b4ae7cf1324357931826d0c8b80bb7c9b22e6d1b74f077da49d33b88c83edec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8c5fdc678a334fa5cec41229b85d4d8 |
| SHA1 | d3a2cbdd74e48efb359dc2ff33528927cfa54dfa |
| SHA256 | 1800d36b8830eeee3490ddd060469827d68d2c16c0daa5dda934a1cecafa1e0e |
| SHA512 | 55d412ea7a42efe1bbe1b8db7d7aa469e52c0802996eed4e3feccac2c77532ed1abdf7db9b3bb3a2596ff3ceedc4503b71d350a3f82fecef5eea123d75890cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68069721bc976e3531f4e4feac2dfd84 |
| SHA1 | dd0d357df5c8f305a439fdf88fa6cb4f57482da2 |
| SHA256 | 805aa9b5393f83e272c97086d8f0ca101525e020a29c0d87b74a062bd02fe38e |
| SHA512 | c98b869da021ea5ecca3fa73f1f7cfd5324dc5763ba43a475dd32a6c36a6e8fc2186d18376a5437514fe19da2a929392a6e5612904f2cdd63c0c9665b5d8bdb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 901969396506d33470e018783c717b74 |
| SHA1 | e240aa0156a967b365092847c512c6fe3d2b639c |
| SHA256 | e8febd787ea5d4501202d7150c96322973ae4497a1f5909adafab48f16509fb0 |
| SHA512 | eaf36f97e96b953016bde0a3d077706c23e341dca8e1141502eb35a48e91e382041f04fc199e698ab7eee6f50e69e37090c038d45fe9a476d635bbb1bc9b3a19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cde40907518ca8d4424972e96d8216b |
| SHA1 | 81949e9b7f6c8092d3db750f8a8f73b6ae09d691 |
| SHA256 | fd8ff4c20f9005ab81bbc5317c1988c369ee18daa9bcb29776e87afcd13a9f27 |
| SHA512 | 7af736bdbb4ff85da89ae2ba87ff16bca7ec9071fc789ebb04f27e1da5045801567f6e2e8b9017701652fb408f68babfc2877eaea0ec670a318822dc6521f825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f4a89ec976a31505b6f85f3161e2395 |
| SHA1 | de8e90641cd2263c6d24c8e6dae768a0d58473ba |
| SHA256 | e4fbdbea39de701e7c45d62eddd09c5d85d0561b0e8db22711f8f3711f61701b |
| SHA512 | fcf4bdc7d8d47b8a885bee3c71e358b6787d5ccc38b1f14712e903a973c4aec17b7b690c72c722dd383e1829fa3e44aff6bca4977c782f8599435510700fff9d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:29
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a099fbebeaef065a5f16152e5ae533_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe24a846f8,0x7ffe24a84708,0x7ffe24a84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,88621846680914046,3801801667854730811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4616 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portalcc6.vssgfk.uk.to | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | portalcc6.vssgfk.uk.to | udp |
| US | 8.8.8.8:53 | lminit.ru | udp |
| US | 8.8.8.8:53 | portalcc6.vssgfk.uk.to | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4088_RJKBHQKVKPZJCHPK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c0d7fe70b7299aae76eaf51e5484b11 |
| SHA1 | 7508d24a9e1691f666c8caa5e6b2c5eae83546de |
| SHA256 | 992fde873fc0340ee759c2e19fffaf4824155232ba05bf1b5130b2d8819b52b4 |
| SHA512 | 82c3009cca16ddba3802f715e23b95af48834158703126086db16f5173af516688bf2ed4c251731715bb1ee00e39664b2bc3b0e36265604c5013cbffb5d3cb4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | da69411d7537dc706410562ac768b206 |
| SHA1 | cf1d5bf08bc82c510d1d74ca13d142b0224be93b |
| SHA256 | 31614504ac951ca62e397c8b78be6c97065c888063541453708b34c8e114b0c5 |
| SHA512 | 1fe2a0ba0a16a321fcabf5add519edeb08fd771ce69b4161200907706ccb01871fa69375f13c995e13e4fe8c7186e75fb9f100a60adaae13e8b9d27d2b0c64bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49ec8dfef70d3d37c0efa7ecc6c64442 |
| SHA1 | baf3955cece3397c7fe642a5698ba1fedaebad56 |
| SHA256 | 6973c2be5f2c998e4028d950940dc18d032f9698887e3b2f31a41f4a453d8b9a |
| SHA512 | 65a05b58ffb3b3c0af87e0457c9dd4cf8cf316f32ff7921ccfc04d08d22488da041fd3fac307821e59420b6cdcaec968866841c53b5ea978e1c26e98b32e984b |