Analysis Overview
SHA256
a3a4c72ef89c19289bfa535aca72c80fccd6ad35015f86e00e7750104530810f
Threat Level: No (potentially) malicious behavior was detected
The file a4a39444d13bdded09e88eb31237d8c9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:30
Reported
2024-06-13 08:33
Platform
win7-20240611-en
Max time kernel
119s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01a140d6cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000073d66702612466043662f3dd0c58b3906dc9319f2c8a5412d01c1a9c284d9a13000000000e8000000002000020000000abc1b51da999e7f6669b67d089e3ddfa398f6c33857271573e92aa28f7e56f742000000030345c8ddcd8e2e1b0d822331e779b2f3f5bb74e64f10227b4d2f1e3bafa41af4000000038618773814aefe59576cde3a7073deb86fa89beaddcf64b2c0fd6a41e81cad0ca83be122ceb7d4096e661023baf092d1fc4582cefc7fcf28b9a6b94eba5480d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000febd5d8d03dfd61b0446340863a921e1ffee5a1a46e249ef2ec8828d5d7ad63f000000000e80000000020000200000001721b9666c1e4b1d0de58b2684eb2175acffe1742ee6df6d32b8333c8c26d89f9000000023e1fd809bd6793ebc87b00abb3170ab7bb68e6b74779016ef469259ef4bb07eb1778788d198b640674e6523d5c419d8a3b505bb3c48d911cb5d29a0b043b30c1f56635fe2a3876937d6bd5e15dc50e226fc8d87b2d8db06d1d63703e630bc09f81972226695525e556626bee60222e21373a445f862842892f36e481f899dba1070e8f027b41164cd6cf523247d60fa40000000662b61da8eb405077c8978f4aec2fe424504689bfaedebec6d812c1a7d3edbc23837889d1f5140b29b4b5e4178a2c76142ccf0d84b2410f2e36edb02f6137576 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3858A461-295F-11EF-8156-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429311" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a39444d13bdded09e88eb31237d8c9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB52E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB5ED.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80fb96b8fe201f25dc7a843825d77e31 |
| SHA1 | bde01af0b964492aa0b86f9a45a909b4c1f5259f |
| SHA256 | fc6996085bcc99f54d5b82494799d5a5141cda51f69487e5d28309599440d7bb |
| SHA512 | 1767c96736d1a705e705df62e070bc1923f10333fa596c92204ecb7f444e3c6779d52955897cb010afc13ccf243cd39f139d2892ac32661885bc596508dec2ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aa2473e9b57f71a612bff997570c3d5 |
| SHA1 | 8674f99a2b1954a8922e41cf3792bfec721bcf1f |
| SHA256 | ffb85b30c6489e1e1ce4a576857fc8f73156289612a09c235750d30fff376381 |
| SHA512 | dceda37a97f14333db6c3d36a4e44f985c690945c8c93d6c7843c603cdf12550e321a8e53b68cd8d735551edc3f77dd63d3c77c312e43a98bb682fec5b93e43a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aa9acd777a180ad38a5401ffdfa0ad9 |
| SHA1 | 6f385b921cd88822a6de873e86cf87e074c0ca33 |
| SHA256 | 763d51c7ea5f5ad938062118db97e9b01c7e587272e07562cfa9fb3d50a160f9 |
| SHA512 | a32e566fe5cba9285964c6e663c0eeb5c2266ccde21fe04e1d944a52f122e1f6db8baba6c776a26dfbc02224363658f4177886544ec3914ec3dd9a135a9383af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf427a3acc7c323ae69e46cce6795c6a |
| SHA1 | 58eab2534a0389d86b648e56331213bc11b0c5f9 |
| SHA256 | 524da586978d8864b442d50eb4b3e102fc462e1460e3840b486e69e2c76afb4c |
| SHA512 | 3e3760bbbe5d7cc6197ab65a98d9107dcdb06eac66e398f757e827d2e73b393c9072fad844663ace4be0e3b31c927a9af44f3f7cac004353237b2d8594fe6b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf1aa62c3f63c61e70f786390d3b6176 |
| SHA1 | b59173d20ba1a43bc3eec2fd6dcb82c447e67ad1 |
| SHA256 | 84f71fe07e1c721d31ff3fef2ef074008552682b8580c6eeeaad658d9df9ba12 |
| SHA512 | 8db78d2edb3162a4a7b37ebb8f5928a1bf2ac4ae865c65ae157b6347c5d56d2f053ca572166c0d59596422d6e01bf05db44c750092eab6f28260cddebb98e762 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 818fa6ff334d3f69e0c49741522749db |
| SHA1 | a0edb45203b330fcca908a363b3979dfc5f63a4c |
| SHA256 | 4db6ac71aa588ebe24c267fe79caf05cd808192e55bb404293c0dc6b1e914647 |
| SHA512 | 4acca447e9c8382cc7432ba852a4b6bae8ca4c04c60e9e740a2014b436e2d0b7fda05be108b07322fd890f4cb914e581a0eb993e1e2ac26e82eab2df1fc85e15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b0a854aeda4ba2ca2e93aa8791c597 |
| SHA1 | 770ba7c298459bf84518136ee41ed92affa80d0d |
| SHA256 | 9edc6d69237a546c7a643bfb0fc7e6e42bdcb9a5c0c3c61b203a51bba9558764 |
| SHA512 | db3f0aec3d650e4be13b0094ef90dc8307a91fe32a11a83fa06e8e14c0901be7518a45b4bc0a2d3e4b112ca3a068bd4fbafd196239106f4304a06d62bb35ae39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50070158526578dd3068b21bb3aa82ef |
| SHA1 | b77494c566fe7b9a6aa7047efa604089dc655248 |
| SHA256 | 9af44c2a49636cc731de5a54b672de1036598feb917a246a017958a3b4d6c342 |
| SHA512 | 562d18685724fa0729330b520f995bb5385e573c7c1eccffb5565c11265a9a5aa06b6b882f19664b03a591e4145a89b28df1ec1a5321d5e4c52ed2a39c802b86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98af8af025ce3d81742cb054e19c173b |
| SHA1 | 70c861c44811005c372edba2b73bb5e916535988 |
| SHA256 | ba5c11188803cdaa8c86618a35b0d88967a0989ab97b710df05e2d8ba4fd23c6 |
| SHA512 | 1d1d442a9999c6ade0fcb4e7020db93bfa9cadbabb07751b997e2d4970359970c52abfec2df95ddb2669696f453f156e15186f64ee1179e01e7a22ee5fa0f048 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e031b247107608aee4321d4cb3a4609a |
| SHA1 | 1abc52853005504a4273f3c5c2cd346c319a3d85 |
| SHA256 | 9463a9bfdb9fda26e0cd859a921f388ea9f6f5d0692cf34a86b42bfd8987468b |
| SHA512 | 24c71c2f1ac562486467ec96634d601759f13c5693b22b2013cc86abf6efce920301710bfc6b4633ed2a319e4e7a3f1659d29d99690683672a0eef172d1cb76e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2246845fb6e0dd0efc4c11e5fc29789 |
| SHA1 | a33abfb859b20b8a154a7597c3c0757fc618df9d |
| SHA256 | c7c653aeeef34032c3e1053454a2e959b7c8596af3ec700a681b30a33f69d92a |
| SHA512 | dee8198a07369953bc251f32e27ac717bfe449b0c9ebe189355037fc827c5296d31581b121539edef647cd36015a050a8948522b7adba966343b5ea177ca9507 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 077e0ab4a0bc892c6ca5e3f5eeca79a3 |
| SHA1 | ab4d49260010ea3e2eeaacbf88cee7e33a014236 |
| SHA256 | 38e1f720b5ccc8841bea38e6d5e41db259fcd2b837041cb0ddd3b6f2834dde99 |
| SHA512 | 899602c8d2dacf3a637f8e05af2e5297d5cdef65dd2764104a0b6524ea8d58f32c8cbcbc005b182024ac1b3023d867c28106887cd0889232c0676f0ed7a9ec68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f7df69244e5f042b57203031ca752e0 |
| SHA1 | a900d7b57aea70573389a6b759bd5668565a5310 |
| SHA256 | 5dce35cafc71e21e3fe35c67996060a799e39fffa0565b220efd3164b973947f |
| SHA512 | d396f253145c7c1174ee2eedf874e1cacf673efe1de97bdf6f4859d678d895ea14845d32143b8f0e04a75b59745523fada9c853ce0c7a882dbce238517561218 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00d0e1856e077a390e0f9f497c2c5381 |
| SHA1 | 8ade28e069ec1c394da2d569030d788057085ebf |
| SHA256 | f011de7705060f7c4b235f142f8aa1d1401a0be08b9e9fe5419305f4498ab96f |
| SHA512 | f2fff37c35c85a0b1440b3785556c9fff7631bd0fe0c7ff48b4fa5db13ac5e7ae43d491f1fecd8602dae40904826ea09ae10144dc38602efa825a51b2034865d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e167c80d336d67aeca6725bed745b8b |
| SHA1 | 9d908f797db0575bf3a01d8efd0853b0f84651f8 |
| SHA256 | d0975c19de55f6f4a0b5d0ad68f6adc294e8bc41c7121d770941905b6d4e698f |
| SHA512 | 422aeaf0f8e4ad572b2dccb4782377a1e4bfa24da575f4ec2d32cbbdd882faee7816c84b43107ef653bb2c7a85a48b97d331a46d1c4580698c0ada714019bd3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cdb659d4a71816349f8038bb3538c75 |
| SHA1 | 7dea53b7be67e327f35df27bda2077aaac5e0736 |
| SHA256 | 9addd556002451c5844684347bf87743c1a6e55d4365e838845a820e8888e4e1 |
| SHA512 | 1455ed4726cffc442c2b74c9ed6850e9c84bd749e0f9f140049ca0cc53c2d580ae50d3bae609fdadf0d61e0428e117c026d5b13be5ffafafa88694f739cdb96e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d11112d691db5c83f05b011e8a3823 |
| SHA1 | d92279c33885389ba4e937003ed8cf25eaa91207 |
| SHA256 | 7e44b565a6e9f1e6e6c426a3ca5879a0259c3458893d809a18a3329d30070888 |
| SHA512 | 2ac10983843ef6719572422f854caef79c0e733f94ae863cc83c71022bf89b956a04aca3cdaf26d0df3c6a2986f80a2b55c51cb80566292ae21f62987cf9ac82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce35b4c9be3671533a35c0cc0adde873 |
| SHA1 | a33cabb3aff04f0014700417c71d95dfee22d7bc |
| SHA256 | a78fa44c2ae47258cb434da9bfb730b5a150bc8bda7b9ccc637e51b3439f51a1 |
| SHA512 | 3311b20f97de0d7772be38b3854a691f0055cc4d9ef6ee07c8ff26173e0b12b02fb59d934b2d012594f37d96b19f008a2e9691427ed86dc3f3c369004407ef73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1899149623029812f76800a06b1eeab7 |
| SHA1 | 0bb95395161eee25ccf5e2f9a84d7483b4d4ee79 |
| SHA256 | 9f76f54f26192cb2c53560a5fd1208a47abd4ae30f9e88b7650d4a5d677ace96 |
| SHA512 | 8fa21737289f743069b1a76cd4b1e34a8012d89b627a63aeb057bc781e43cabeff6c18f7eff671805abdebbde72d5e29c3bc49cda7aa3d112a24af0f829701ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc45313fbffbec91b551490f20ca5f5 |
| SHA1 | 22975fde89b3c84d79861d6d6d7edc8c6dc5ad93 |
| SHA256 | 0786e6c3969a4b199bae4718b632ce5af4676a193c3b3e644ee54473664d6791 |
| SHA512 | 97b857f37a5a92960ec7a8061ddedd4a5e956506cd9ac976b4b1f309ea85054f87d98aca7d8b2d50928c0b077a56a9ef1f2a91ac551e1ebb321566f46d60f83f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2923acbce79e4f14243df8a93255ac90 |
| SHA1 | 2105fcfcd1a5b3b4832d2cf92a689265dc0a7e37 |
| SHA256 | 29989d3218d961246f4c5789e29dcf38c0465a826e89fddd62bb0d56385828dc |
| SHA512 | e504f208ac550a27390bd91768189a356188c4446b09f081af70699a15fc523f81008c9ab6009d7d520193d266849ab1669758d05e2448ca9cfbf6756d840265 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:30
Reported
2024-06-13 08:33
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a39444d13bdded09e88eb31237d8c9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18061166897268575669,13872256468654944664,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
\??\pipe\LOCAL\crashpad_1524_IMTRDVFXSNHNWPQB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 23e85dd9bc9cca2ebd31f950a209695f |
| SHA1 | 92edd12a4d7c6d2dcd63e327ead105d84a6de28a |
| SHA256 | 0b9b4327e7f0d5748af3d21e6dc0f5917c4a72e838e137a18ade2b45bb42fac7 |
| SHA512 | dbc26b43dd13582cc6bac90ac09e1f51484c462b61217050f8a38f4ed6d1306f81aac859dee5a9790a1c14d500969e6a1063004ce1164b3488334fe777b3657f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70e2dcb249df51653c1e1981d344bc87 |
| SHA1 | 42e4b58a9caecfde2d3b391694150ac99c92dcaa |
| SHA256 | 0e55e11a04bda93fc6eccb6fa8b5d9047724182f6bee9c79597f7f5f22266c0a |
| SHA512 | 489d7b0aae69e144bf6064c11b076329c70fd31469b96dddab14d7a17cb56b1bcd47a376d8890c67a59af2cb9a68c2ea918b15a56a9e7d874a45c5de654f09ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf3e62be9edab17136b5fbfa4cad37bf |
| SHA1 | 2c45742998f761b87bdcae98b9f0eeb816a8fd06 |
| SHA256 | 83adb081499eaeaa36c767a3d48cc574738b862de52c8250850671a6f314e8d9 |
| SHA512 | da0ae9d14f14764e60411e2b7da4698f101d9561e40b719f02b076517cd42515e6760445753af33237fc81427b4a7dd5bbba856cb1fb9eccaaec5897e3b81779 |