Analysis Overview
SHA256
390d0811c0e43d78c4f6283a2b6c6245c71af0d186f1c07f5fee0ed52a2b8911
Threat Level: No (potentially) malicious behavior was detected
The file a500605ae4eaa46b9a1f3dc15f0b23fd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:06
Reported
2024-06-13 10:09
Platform
win7-20240611-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9C3E081-296C-11EF-A381-7EE57A38E3C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a3446c330ed96b5563fef5d95460395c3f1f87a0bfa21fbd10cd60da5e285dae000000000e80000000020000200000003c6677b992347455096c4691859e0efe2bbaba7d8fc593b2c71c46b6b984b802900000008c1aa1db41f9c85ebba707177afab84339ea15a9ce6572f71e0138c8d18e1dd56331a6bb1cad4f372a08bb89753f868845eaaf82231413fe65c789520730ff19312615c675502d3fa7e76e4d92caa13d30be855430ca4e0df0f2d559a6591af94107de04d73f2ba95a5babd16ea29d801591be8a8310d82e44768e5be38fb65c08e6487c8830c21d3605f151503a197540000000aa16e0f1f30c69358bb851adb64c6f3cd6a4d16e1a3b687c8ae40179cbb8191d9dfd562b80dafc8fbd4fcc23f7081c1d773b049059f5f38db45ad0c19888a599 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000dca84c6e6b4126a5d89325bd4c4b9068c8045a84f33f30af9503e360d2e24fa5000000000e80000000020000200000007b11cdb68c1c900831273797d47f63b557974e8370bf77cce7ed4fc51b2a63ff20000000109165a1d9e25d1df889ba04dae4bc2f9464c1b724c2d37cf6a9cc7b90fc91bc40000000eac33451bb9d85a45e96577409a93078ed34a976ad98ec535ad8fba9369ce6c1c6db401854fb9effb91461dd9c41c416e9f05dd3892ca172084e0d78da31f840 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435082" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b1be7e79bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1900 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1900 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1900 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1900 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a500605ae4eaa46b9a1f3dc15f0b23fd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.pushedwebnews.com | udp |
| NL | 139.45.197.155:443 | static.pushedwebnews.com | tcp |
| NL | 139.45.197.155:443 | static.pushedwebnews.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2da5124f9a8bb20cf5b45f9e8d126c4f |
| SHA1 | 740e3ad4d824cbc0bb758a97ecd3050115102b28 |
| SHA256 | 96bb7752c44d21ef9ed1ff2e860ed4579d8a636909e34b1b993b532302742624 |
| SHA512 | 64143b20fcb0e7d326f2f12f3d80cfdb90adbf5eb0e4209060b8b49e4ae4dd9ba1aa16ffa05b19a0da5b0278507501e124378d411f16b0bb70e54d20ae57ed6c |
C:\Users\Admin\AppData\Local\Temp\Cab3F91.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3FA3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1787c09b3f626fab72179ae309421d94 |
| SHA1 | d96d1223b60009c11c68e6ebf757b1ee52d86dcc |
| SHA256 | d196bbdf38c8e9fa5f122ca2fcf7d3f35e682f39d53ad945e5699c5b77f01cb0 |
| SHA512 | f0ca4f202dc9b60eb23d3a333d4905368d5fc49d876a55a958e0e94418dfa1f0aa7217cae5da756a381d7315dacca122cc11eecf2b64af6d37d16a0ffb9ca55c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 878b2583a968a230f514fd41b5a00e9d |
| SHA1 | 1553ef795ec1dd6f33aca109f9411e600f4123dc |
| SHA256 | aebffa6f58a0bf1643a07b5fb77e2135d108e6498e05d8c844d5395228e55604 |
| SHA512 | be3c9e4ce2302411cb011d7ac9724a6841c1773f2f0ab4d400199c8c7f52fe319fbc6118a7fce7c3ba6f0e29e01993d8d36ccf19d4a5c93e4ea0fcd568263235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2193d5fa6e70ca35a7b4f9bbda63e8bd |
| SHA1 | 30a7c3e47dbc8af99dd77ab2693743128dea71ac |
| SHA256 | 0ad3175644fee2d37b67562c5cb45c1c40450bb884f666877680566ac0beeb28 |
| SHA512 | 75c21d893cecbea9f9cb9c93043fac9fe47368b74939e3aa45bf7dad4be3494e59ce26adf3cc844662afde5c065615c6720b8d827b5151709cf0d504b290db80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eb88ad765d0549ce21b164b4adefe7d |
| SHA1 | 139f26d905478feba2a97d47a4214360ae9d2d0c |
| SHA256 | c043bd52e2e3eebbba595513d3b0315de02b82fc3fb86b7ec2d9f723c365807a |
| SHA512 | 01509a55462093020a0f87ac7fa0a2a2a37a50f11f98bd0c9e17681c1c4abf23e2caac4219ecb6379785747151caff3cede9fd750f2ce8d5e6722b0d81cad9e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a9fecdb962f1fbe368a7d194296165 |
| SHA1 | 0e557d92510a110789c7aa3c7f00acb5a3af129a |
| SHA256 | 059da6ca1d4b5135ef2e54d665736d054f7f56a6288cd9a92fc8a61d24d95352 |
| SHA512 | b6c59ba8699bf3f891bea1fd2b9000cc7416d65097d00a7470f6db2c6f003a81b5f0933b4a542f8a032594b0f0b6936de75012dbcaecb764e39db5f1af809730 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9aeecfc487215ac5ce49a87602267463 |
| SHA1 | ba30773b4b01cc55cbe2f782fe54bfedb50dd582 |
| SHA256 | ba96aa65957b9c8a137c05858e32abbc88f08c88652c6fb91958f69d1e9f279e |
| SHA512 | 741a995882bd8a063cd73efeb2dc9737a3957f38bc17a1cf6dd2d9b77ed39baa02659519c9d6b0eac8e4fa646e1e8d7f37c5aeab189346a40b16af56aec97664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 376940699f77ea77135f1b7671e664f8 |
| SHA1 | 94e80fe2c092fa7197e924881b893c1ef9e5fa3d |
| SHA256 | 993d7d5e22be50b507c258b60fe649e1c3a7d815c9af5e2c0fc1a9b09b5dfef6 |
| SHA512 | 71fce161b67c141a04a687670156e7106f88cca0bc3837af07baed4eae086f56349af232c86cfb4892c6fa3e1c4d5c9ba748527d53b2c76027e2626d473647d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dd844fc6d47aa4a7a57ed23ee51b159 |
| SHA1 | b0ca590880da283479f56d2ee2e393c661067e97 |
| SHA256 | 4979b4f408eeaba5fe752d80e6791edc28ed0dad74772b18d4279805b894d539 |
| SHA512 | 6e77b44c49db4471b9ecf4985fd15a0b8d280f5f46d8b43debf6ea2298cfac5338342750d17b1438f5fe1816cceb28254c3ca8433a8a23c2731b6d16c4b0b639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf8f29099c3d44b92bf40b3f857c81e7 |
| SHA1 | 8703799626b378af340c788d6e8882087d2a35eb |
| SHA256 | 021de9122a27ea865baba30a4ddb330c62e52b795b694bdc0535c3a5c31a2d0d |
| SHA512 | 2d8892bfb5aec412a07b8935b2f8bbb471795735489fefc247ef1a3673afb15f0efa3b3887e79dd0446fd75e19b34a2e51fb126bc6ea0a414239b77e910a367d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8243f993b37e6831085fca23d6606f67 |
| SHA1 | cbdd71e3a1eaefa45b022812e453db6e0ce21fb4 |
| SHA256 | 11e45e18d4c9c4d7651301130dccde4288f0c657a11b378c03cf405de8182c2f |
| SHA512 | 002b7dd54b00f9191482e5ab483de16a5c21154da7d40b0db62253d540f23d79f6479afb07571ec668946f05ce7f78a23e1a8bab3876f959779d9f416754a281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a033fb1dc007b03c7901dd9f47ccc09a |
| SHA1 | 645c18e1926721dcc435929606c5d352b36f5897 |
| SHA256 | f3d6959bd632ed403712440aea444d85b54397d206e32f8dbb950a4201d0bf9f |
| SHA512 | 9bb887bba4b38ba1403c3fb24f5a408579b522b767f03e64570a428bd699ccebbf1e8940bb5b58c87a9a55d66fd36ab54da0b400239133fae8a3982da1aca4e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9213d204b818affec142aa29c7ba129c |
| SHA1 | 93d3e0517d76d4ee13cc755742413c5843976177 |
| SHA256 | 370e992461363c332a83a1305d404f31dcd863ebfb8996de6f42d98578c7545e |
| SHA512 | eb7d30ea7848dc3b7e43d87cefe85ced84812808fb5bd25ceded0439413ccbbbfd4ce3970f008baa29617b37174b84927d9415676b76ec69f8af335937a2b82b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bb6f071d57b4cc65c50a355690d9bf8 |
| SHA1 | 66fda2e4bd5e0231008190c4f23b652d3d2015c9 |
| SHA256 | bc433cd3f670ee7802f9371b7ee3468d153efb816c0ee7767aca63f37a102679 |
| SHA512 | 2b7dcb1ffae5e4205abb59c68e33bf769cb175ba5f174b985d07185f7234f39ac1b3a58d0e98e5b1934763635af4f0d53ed74a3825c71ac2f0aaba048155ee46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bf8456f0ad1af80281e613160692353 |
| SHA1 | 4a2241728cbd6f6954a35372fa1bf536480ffe57 |
| SHA256 | 4fc1935f66a2d6329caf19d94d8dd72791b3833983e03f29216661a1f96eb0e9 |
| SHA512 | 74aa2c4f31d1d9141d080b010c930b009ef9b6a5e78ff2e8ca7dbf99394cad3a0b819564371b16244073a45fa8426681bc9f1833497afb75bcbdc31ec9963998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d79674bb95a7f4ddb8a35cd3fd4c9eb |
| SHA1 | d115197cca60c27fd196d1e2b71638b01cd36441 |
| SHA256 | c04312acb008d5d0e93517e77128ef27bc8a00b725b3a3b360add8afaec33578 |
| SHA512 | d867dfa1e25b67928652c01134f326d2cf86e19f500acbbd0876fbbe8e6cbba7f4a46c8b8031ef1bc666f3728215a45e315fe97cd11a85c963799c73f4b90973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd5f2312f3cbba75d798092b2d650b71 |
| SHA1 | 59a7da81d30b101ca8e269fc232f27c0887729ef |
| SHA256 | 414a7886a86b9c207c992deec8aad9efe7f6e13abe8a7b873fd8e12cb9b82c53 |
| SHA512 | 0abc09d26ae9f3d2aada52e02fe79ddb2274ee0d7678c70906efac92b9e87dc51ceeb05916b4aef620d059330b3e962aadbfe02ee9732c62fd3a510b8c5cf259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81851ec769ecb9e936c22b8c24368a13 |
| SHA1 | d4dbfc17c766798a53d83efc1a714531d83b2a46 |
| SHA256 | 1dad6b93b02d9c5cf56421f4a49bf5e02243a309cae634b03eedd4d63fbf6698 |
| SHA512 | 58d70cfbd42c858a1fa3431a1a4b8b84c7cd11bd6542a9fe036367515d82c18a8da9896ca64c649c9a01f53ba1ac9858f6e4ca705e06d4c63f82a07a2a696c83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf9eed9ce68b4e2c364e5def00b27497 |
| SHA1 | 03e8e7b3ae9ef1d2b02abc1bb2739ef22b866222 |
| SHA256 | b28277a09df2ec558428ae039d7b5711e8280c17f4f718fbd7f43d3deea530de |
| SHA512 | 383cffd20d141f80bf1e212e45b8eb855f79a16e7d67ba9e768ff6459158004a4e55398a767c76fdc779ff61570ee8d1382cd48e953c8bfe14a81b367299243c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5af32a0a1d5a515e4335878fc046a57c |
| SHA1 | 2cbb197b3545281da186301a1e476e198030026b |
| SHA256 | 1c26bed847379dcc6c6d393ee4ef9d736dd857e2e5e72498e4d2129fc8777bea |
| SHA512 | 025570bba9adb7329bf4d14b55a6639436b5164763e678a844d59c501c392aaebe789d1c84fb58379fe5d7038da028ba9407a31354690aaaa65638e4eace1909 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:06
Reported
2024-06-13 10:09
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a500605ae4eaa46b9a1f3dc15f0b23fd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80fb846f8,0x7ff80fb84708,0x7ff80fb84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10528557811517927220,9936385224628078165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pushance.com | udp |
| US | 8.8.8.8:53 | static.pushedwebnews.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | o12zs3u2n.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3288_BSKJHMCSTDLJPVWG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ed346c805f46f3b83323f445a6d294e |
| SHA1 | 529d0675a1a9f06331866a88807404034f9659fe |
| SHA256 | ba869cb01baa5c92ead0dcc92f96b4e79324d67284dc39f7960092583908b024 |
| SHA512 | 4f0c7c3236253ce4f5c7fb87cd769528cee9d37ddd1e7d72628fba7d704ea8c2e0a4a96ee4b9f9bff3d4a6a8bd732cbf14b084aff0799761edf8586d5d63a547 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ba64cf2933d762790eb37f2e413dd98 |
| SHA1 | 522828807a53cb421462f433f85fcbe1d95336aa |
| SHA256 | 82d4cc60b7ae4b90105736bc416276013432e78ad0ff32475285fa7600010c20 |
| SHA512 | 7ff71b2b4bba10bc791f3ee14e581ae8c2cbab71e1ab6c837d1bc6b83d70ea7e27eb4956b8249a3d9b194a4406f8fca37161d0357dd041c6a5a3befb7a4b144f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |