Analysis Overview
SHA256
589990c4c02a919400600b5f4f822ecb0ac91f488c13065a69835e9bf8b79048
Threat Level: No (potentially) malicious behavior was detected
The file a4a68e2aba14305a51abe995539fffc6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:33
Reported
2024-06-13 08:35
Platform
win7-20240221-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429465" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ac9631387c43f644bae607bc2c552891000000000200000000001066000000010000200000002dc1c73a82843cbd25f1329d656a7d51c3a1e38cde6264d32bef2d848b43455d000000000e80000000020000200000003ea5a8049a687f235d1acdb45c51544fe7f2003543bf325b24f297a13177ae382000000077ca789bcd765eed171208d6ba1c253a79c8cc02a324aae665b5812df3ad4ec0400000003a5d99e1d3427e0d3320b77dd42a02af219e7be92dcbd604f8fff835659db612c790b1f06dfff36bc2da79a9d8cc2ca3f77546bf2fc920c81ef38ffa2ccad5ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{952EF811-295F-11EF-B2C4-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0dca96c6cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ac9631387c43f644bae607bc2c55289100000000020000000000106600000001000020000000da4c9dfa819ebd078bd2000e529c3a93666d63cf3f018cf8cdbfb9e20c2fccea000000000e8000000002000020000000945c584c813e6923fc2dbc926ce3a855a0f9e631e2148f1862b9e20e37b015d290000000afd70a873a582d064fb89ed523f1a39ddcb711a28694cd911daef9fb4bd0d9d6e43fc00d8e251c2399807e9643ca599ddbc66ec3f351e70b5b7265bc956052d0813be3dedf741716b91c69238430a0200955a3b3c6a6c1a17a161271b283feb274249bf7a36a08aed747120ecc4656526bc2486159ff0502dbe595fb63ce1c03d816c9ea3a80727d5e64a915818bfb42400000008efb42ca67b9fa93151a7da1ec2e2be006bf785179455ade2a1d73ded54cd3ef544888dc8870ed52ae032c85fb8260fd71da99eb0ac5c01db0bbecdc449023d3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a68e2aba14305a51abe995539fffc6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5303.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5442.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fef1b35b27af384b1cf68a8914389fb1 |
| SHA1 | d9a7744bf0b9eb3bf19580fdce437aa93a2f24a0 |
| SHA256 | 0cf99e995a90d380e798bfc00285c5d9de32a221792d1595a5ef0efdc77895d4 |
| SHA512 | 7ca6f817a5c9a535f53190d52af80ceafa5c4b5bdd25ba6c6d2cdb5dcf0cd265fda23dff3b937d62c0ba07b776131ecbf7fe509d2b060d1ce0e925c4315f0837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e009a5ab5c61a4e5829038524add2406 |
| SHA1 | 5dbb9f6b1e49e085082a14a186263a3a2175b747 |
| SHA256 | f8ae42eee92211ce32183768bcfe929fdebc449c31da99c3ac4cc21ec08577ea |
| SHA512 | e1e45b61464c2c5583fbdce1f1f1f7c116c2d6bd9c60c16a84c86faa181286da8ff060799c4a3b69967f7a123d82080726c67a897d04ad8ea60d2eefb0e53312 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e4d3ae11efd6e5d2394837f3d9f22cb |
| SHA1 | 1e1b82d33f3c3b16bd6f97937025b8981011ad1e |
| SHA256 | 1fb030098ef362af21f09bb7729ee51e8ec68965120f35e433866383512460ff |
| SHA512 | 8a39404239a91e6b967f03adb761bbaea52c9019ca918d5343154c22ea1e1054d97bef00f3df36dce47cf679d54837ac36d07283d27cecab85ffac26ba845892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da0302641a507c7353a19293136bbfb9 |
| SHA1 | 775148f10855a74ea8d8021791ed0006ee4c833d |
| SHA256 | 5c2e14a669a7d789725e9c647886ba2390a97b0042a1f846a4fe2803254d93c6 |
| SHA512 | 874b9c4d81a4fe1f5c22ebdbbf2c2d056fc437d5a4efae1bcc6f4d291e587020cd8b57bce153caa069b4114fc6a0aee8fb9ed28f6b9f9fed812163305c0f1ea6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ed290b96fa66c4071bb6dcd2fbd0bf |
| SHA1 | c3bdb0b4fb1fbfe3b5d267035179e7014d8b4f30 |
| SHA256 | 5b30150aed1d7a4e975313601cf8cd2988e775592a5c869f5402d03fc57aa969 |
| SHA512 | c778fa96281157eab1d1bf7f2be644ba8f84b21c890a45e0f0ea3607fe7dea0fd1429e8558434598f755091437093cfac8a92e712e87823bd34b71e79c491c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14c335957b508df66eb1b87b95246a43 |
| SHA1 | 3c837addc662299422a965ce9cdee08314997459 |
| SHA256 | 47ee1bf5d441b7ca5c8c375d049f7578a7d51fb11df9347f81ebce261bdb2537 |
| SHA512 | 1ea5478fbd1e1e109fc1166b07464e9e505d5decf456cbd1888f71dfec519bb77616487c5ece643fab3700f5214e77724575f40b5f2ffff2877aff7e8e55bacf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb609d92b2ee3fb5f92c977d2d48208 |
| SHA1 | 511847722ac4b655afd2e2faadce31f09e2e6d5d |
| SHA256 | 9e57f19decfc140ddb94d0f30516b3807934ee74f061ddc9f293cfc36e710d28 |
| SHA512 | 1f74f289c9fe62797b2ca3a9bfa13686bff271ab7f0dc925ddab5d71edcee2f401279d29304c6e8907ba7c33b72e34d09b66fc73edf07d1a0ad30046ad2b52b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ba95d5a37dbad39ac8a3d90b5210e6 |
| SHA1 | 3205eb46229cc5bce7f7cee0ae3a9da039c6c662 |
| SHA256 | f94fff886560e4e2cf9ea3349b558b8ca0c9d406aef89169a9c775bd8e83cfac |
| SHA512 | d046882f679298f09e6ef490f36e157507233a573788ba9ff205bd2e1b0b09594f320c277e38f6b3f2b5f132ca4659c70b700543bef8aabb3e377cd33940a803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aed683beccfa8035749a92d9291f154a |
| SHA1 | 812cdbfe1e83e80cefaf8d8a3c73b209fbd3ce54 |
| SHA256 | 2e942d45211c79a91789846a3b08faed89fab9072d69c3071e633fdc1a745a27 |
| SHA512 | 6036e83424c819a2654e237b6a9709492f1b69b7fd4ef2926721eaa17795f8be0e330214e853300c040400c75c36276b4911c1775f701875c360ef91c6af399b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1446b954089806aa7864217b93a3b906 |
| SHA1 | 82fe0a624f66f0e86ec10956c0d38e4e8afdf508 |
| SHA256 | 7418c980c04ac834a91df66ec474db7419a6a4dcb466a25f9b93a3867757fe71 |
| SHA512 | 58d9b1d5837661b8ecbb95b2be5c8e5b09a231a133eba0ffc4e4f57bf21e4a794f1740ee92bbf68d03b615a134aed9cb99e2948a1804d927711bca998fad670f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9873525e4f57ffb43231a172948aa747 |
| SHA1 | 4e7a9d1bda4ed70c303c55a0f543454ece72b57e |
| SHA256 | 377aed88d6d74fd65d9642f38ce0feed9a223830855522fee74f2a2d20ea74a0 |
| SHA512 | 250ac402a7601c909ee674ee8b6763a5fee7c205c5121eca2661e7c6a207af65ea08ddf2d382c45d9721871f25f584959d06fadfefaf3863a4a4431e5c2103c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9072f359bbf52a4cc94f87a57792c2a4 |
| SHA1 | b2069021737bea75ead30ccef41711d66b58a1b9 |
| SHA256 | fd6ba885a06b15ac59fdcb656ddc2aafe5d1b87c40d99c9d20076bea212808da |
| SHA512 | 184af90da27663ded92021dff037743c7a097a71c7ad3751975eb309b6d2ec5d0d6aa73721f6df0983587b451c6551c2f83690a4337f1b576097d628d1af92fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d662b987f4bd532d0b273d1ad90d3b05 |
| SHA1 | 176ab08edc6ca51053426de4a53e76973b945a46 |
| SHA256 | d84287ff3504c3b029b874b6909ce90b5ed2cdf9b585a3460475061b78b7b071 |
| SHA512 | aac28823cc064c5d59ec4ca25efb1c6efc218c3d4fda15c7211911237f5715a4b2f96004920643965dfa50353099c1920e91612f3f4d4f3985642584288a0117 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 465baa8da451aa797a83431f2280fc0f |
| SHA1 | 1c72055ceaf1b250eef12b08626d13b666d115ad |
| SHA256 | 04d172d2c409855d93d518e76d393d89a21e5dedb768c56e4071f8c5ca53e031 |
| SHA512 | b26d250e23c5df250ba68db3078bfd5a761265a65d26d17fe5cf37cc2700c9dcabccd5315d75ec25eedf76e46c29fad20abc7a4c87556c1fc28b33aac2a620f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af955dd9a825661fbd4d8a624e9ab624 |
| SHA1 | 705afdb42d79c548a68dc4a532e28d750780068e |
| SHA256 | af89b6c78669b4f7a15634620cc9ed6db5189abbe401321a1fb5700618061d44 |
| SHA512 | 5857c765df03ae895091d188ffe06863cb2c634c905ccd4586df16838816ab49e6ff59897396c0888c5d6990fc8fef51ce81b95730a6785b5b8dc8fb09d4d258 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 301339a0684d2a57295c0f37ca146aa5 |
| SHA1 | a94f9cec8f1d0970eb21a035268cd8efe5c5a06a |
| SHA256 | 2c63630b84c03475622559b53d8c603eefe7b0fdcf062a609e83af62cbf642fe |
| SHA512 | 3c04f170fefd388569f6d9822a0f9a0f599c42267a5de201922a63bffee03197394f42fa0f25fe42c8e4036ecca016ba6b7f07dda28074dea7b043224135e0ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55657e4d593e00283dea2e1feb1c7e3d |
| SHA1 | 3e07551924ed51988fa6bb2155d0832facd01d26 |
| SHA256 | 92c062d6b98d3ded0e5ce8ce972663a6413fe2180b2006907e4f668bc53534e7 |
| SHA512 | fe06820dca4a1ffd5dcef1d21fdfdc9171c8dd4c3201c0c2c32efaddbd9dad1fe40c8c424119dd864f2c8fea76bd6d9aaa6fb99bed736a624fdc8683f9479a0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69d09ca014e841ba136f62d2ef98c5a8 |
| SHA1 | 5ca8f7fafac90a5c642d05c3259d8f1f90b58c57 |
| SHA256 | fa38533e4623008405b603b579c9d9ae18408d106e8c9789f15ff5593eebff04 |
| SHA512 | b03a33b6477f8d56cfbf1f59b7f17ac07ca1de9a658e1162390f0d67c38e1a8232e740882649998dfe1dbdd1b0a9a973ba338827a9d19824490625cd26e2de5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be317effdd3f7def9588836301340e2c |
| SHA1 | 8d4603994a4671ce12c0a33f3178ec742a44cfe9 |
| SHA256 | f0e95d4b67ea3b01751546efb017cf719702d0ec6170d5f0e0e8e7b76d3dd5ad |
| SHA512 | 0195d93756235fcd55fbe346c5331af5ae6ad422a9d5718c43390a1bc964303918487bf6e353a66bc691a1363c075cbf8998b840039a14c95ee07281ef5d72e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:33
Reported
2024-06-13 08:35
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a68e2aba14305a51abe995539fffc6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf5cf46f8,0x7ffbf5cf4708,0x7ffbf5cf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1203073929644632189,8080636800524900393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_4356_LQRCODNBRLIAOEZL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5655535c47ba3361863feba3e33f302b |
| SHA1 | 6eee6587d07ef9b9b881e0cf5168ec144e32bc2d |
| SHA256 | 8c702e41a18608fa22de8939caa4701d5c80dadf0fbdd9e8a719e29589a8f8b9 |
| SHA512 | b19a9f05d56774b4757c5895b70b2d3d2f63287290d08772bec50bf9c9a416771cb3c06bf5bd15a896a8881ab49713c1a6977444d1435205ec54c360f10f7e35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a93b53ef-b515-4a94-be94-385251ef4537.tmp
| MD5 | 81ddbad1b87df1f462228b716233d076 |
| SHA1 | aaff4178871bb23b37dc89cd09917bfe317cfaf8 |
| SHA256 | c3ded37a9086ea3c932e8c20d31239cf359c26546545d7ccc40518e6a2f58602 |
| SHA512 | c9abc8bd4cdb12aad6597ec6bff1c28d8b23dec284a3068ba7ede3b52a1dc6bb62ec40cdce12c7175bb1c0f9617c7962c85907a75c53170db4c387927d535b1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b9e61e856b4e751cab5fa25ee1bc216 |
| SHA1 | 9df34239a233302da4bedd775e5de7bcbaf162b2 |
| SHA256 | 6baf3bdab21672c94d2deb6caeb478259bf0ecb4cd24ef1a844e79d7eba832d7 |
| SHA512 | 1343c6db75656b22b7a3ef0624a05b21c77887c980cca3ff67be8f307743a0b1a633acb2e34d36ea8c18f43ebdc11158b9fff82932d44f8f7c5352afd58499e0 |