Analysis Overview
SHA256
e8b140d962eeb09e71298b7abec0d07e111749b0d66a3639fefd555f6c43c9a6
Threat Level: No (potentially) malicious behavior was detected
The file a503b042642c7b88e8ccff8b6bcbb85b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:09
Reported
2024-06-13 10:12
Platform
win7-20240221-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{146F20C1-296D-11EF-8A7C-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435262" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a503b042642c7b88e8ccff8b6bcbb85b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.lody.news | udp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | tcp | |
| US | 199.59.243.226:2053 | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\Local\Temp\CabE64.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa2f51fb08e7a465165eb97c812452ea |
| SHA1 | 3c2ec851fa6ff510e92b745c574af89bf5cead1f |
| SHA256 | 64d8d3542cda12ec026c4bbacc7fc13bd746f9cdc228d6affc1dd73b2a19b9b1 |
| SHA512 | 03a2eb26470fc5f9123917fbcc09ccb2c802c9d66203c81dcae6de8977e9aacc6c0ee546c5965a5bb30c27d6b0936dfad3b7719c08becba4e6c6de20eb49be81 |
C:\Users\Admin\AppData\Local\Temp\TarB86.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD24.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 30b75e9870f20731a41b611a15976b5e |
| SHA1 | 148ad6177f2fea1d2b570c0654bf2811761fa75b |
| SHA256 | 29ac91ec81c27242aad61f1f5bd2b068791c1f96c510d07675c03682c603977c |
| SHA512 | f4382ec2d1d553936c4f311681632ba2c295389c7593dd58342418f107932a588a4bd846c2752b70efce38abd1dfdce9fbe3bd10bbc611091826576dc5a40129 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b44e3e20568b540da7c8a81f37e9b3b |
| SHA1 | 580b582d17640eaa11b1403472a9b39f538a91be |
| SHA256 | fe5b21e8bc240cfb3ad55505f8a8c8242c7860be8d4241a198206e6abc43e9d0 |
| SHA512 | 4db76017b8a8d99380a11b9aac7dfaaddc317691fb54d823f08fe95913c98c588d63f91cb1ffca9571d063fc607e3a844cb41efe0e454877c6018f6f6cd4a04f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 771f5a7ee188e4e37e11bb82715bd43b |
| SHA1 | 4bfbe4038fd49b098c3f40c42b44b05e03918204 |
| SHA256 | 35a13bbad8ec05f7a1735d4ac59a934e750ae391e98e1643859beb05517576ec |
| SHA512 | 05cbc55d30cd1745ea55eb77eea2d6cd48397f3c4a757d9d2f968f245acf0fa03e79b35655fd75a6b901e90d1ca225e0870a1b1553991a3299b3b63388f33a1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f86e718b969a2b25f14a229d5e7375a1 |
| SHA1 | 61ace616880324322447c8459e305ef0f88897af |
| SHA256 | 2625dec4414e0b4082a29d26e5d5ab046e5d6726baf7716e85ea9503aeca38ab |
| SHA512 | d75de92f53963b4b826ba2b5581c3e80deca86f9913bba1fd522159ef94b2991aa7ee8353d56701abffce77ed4e9f15c3ea5e5a8b27f11efe780dbcec7fa20e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 634ac189479d9eb91729f65cb191d2e9 |
| SHA1 | e58fa15f7362cb8303526596046b434d953f3fad |
| SHA256 | 54e4f47b0e45f231ad5738ee9ed65fa5a4da60e97596b0f5ff558118975dbd68 |
| SHA512 | 269b5d284abc1ca3d1b66135d9e39261481b4149e40f756a7037ffed9340a14f3b500c92a591b1e52b3a3db468bf98c7bf69d19d90601a226f015eb036ecf7c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab347535e0ce6a9077cc4eb557e6564 |
| SHA1 | f14b551ff0635d5b271443ac30b83b42d13fd4b9 |
| SHA256 | e3bab5e0a8d66c831545e368bae4f6817274b016174e033563e38f30d0e1e3a5 |
| SHA512 | 19d8b0584b5fc8fd9387f7fb9bcd58fc4f889785610a5a07720dbf6797981bd6515be3da80dab57bba596b0d3aeeea070e32d219762980fd9ca5581592bf6a34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 340699603d60e36d582b3bed88028c42 |
| SHA1 | ee7c89d265d4e9f7febbac68fd1d7644b558f6bb |
| SHA256 | fcd5649e8d7f8ba820dafbc06f43409b2d7ef39f413784ba98085e9bb18fe889 |
| SHA512 | a10253b84d493a5c771e6f825cb04e2c8e62a37bf7154d618b962b0103cd3dd92904ea8118796b143ffaf3adc2b98fd051b1751acbf390780eba7ac19ec11b54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 31214accef91eee84cebffc1c21d172a |
| SHA1 | c57ffe72de0e1dd617896401d70d99af26611d31 |
| SHA256 | cc21a96e7cd4dcbcd8cb4a98a58616f1666c4906b9062a9a90e044a1a9fefc98 |
| SHA512 | 3bb70f5ba2bc230033d9d8d2735b2ddda77498fc0bcd341e18dad8d6bb930d720496bcf01da466ef55a2c397ddfc321f4c652cb5f1859da42fbcf729f9e1dc74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac47e30ad05ef5108f9802f025e091c7 |
| SHA1 | 88f26d140526c7bdfb95c993090913ac842cc514 |
| SHA256 | 6539a2d4ebbfa2c18ee1ac0ab4cdbdc7ac9ff1eb63e2cadeef1098397f9cc938 |
| SHA512 | 3a96c9593ba0a3f6ff6b59af268012cf6d4c3e3bc0876b8e693a885b8b26db6e4aeeb11f44a46f02d2c506d8941762b33531f541cfaeddcb97367d3f0606d689 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4066aa798904e70aa9b418db3c7693fb |
| SHA1 | e303b48e04e73adc87339c4acf2243246bb6ed91 |
| SHA256 | e580888cbc695aeeb7353342a16a938fa1c078d6f65d1a39673ac0bbce14e3ed |
| SHA512 | ad1e2ef89d0c00e8f8e4ab79e77a4af492874dfd443b780ddf541d65133412e8adc9d8aede6cf54d838f22551ad892cf8e99ff1190d9be8b3e9796025c252d46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c97c2fd2ccf7a9cc1d523c7b2cec87a5 |
| SHA1 | 1058a0ff127a6bc939aff7514134b6ea91b58e50 |
| SHA256 | c71e0dc7d0f733b01a631f61bb247935407bdfc37412a5c7f2d6f36207a452de |
| SHA512 | 024307504fdb504242870b5e3912b556079e56739e60a85974eb81df248b8308e1ea8e16f6418eb1c6c96f62214139c0eecb46980564ffdaa5b9ab74af71a1cf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:09
Reported
2024-06-13 10:12
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a503b042642c7b88e8ccff8b6bcbb85b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53f46f8,0x7ffbb53f4708,0x7ffbb53f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14087564289465818711,11443963360185573523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14087564289465818711,11443963360185573523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14087564289465818711,11443963360185573523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14087564289465818711,11443963360185573523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14087564289465818711,11443963360185573523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14087564289465818711,11443963360185573523,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1396 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.lody.news | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 8.8.8.8:53 | 23.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.160.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 199.59.243.226:2053 | www.lody.news | tcp |
| US | 8.8.8.8:53 | lody.news | udp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:445 | lody.news | tcp |
| US | 8.8.8.8:53 | onesignal.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lody.news | udp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 8.8.8.8:53 | stremanp.com | udp |
| NL | 139.45.197.236:445 | stremanp.com | tcp |
| US | 8.8.8.8:53 | stremanp.com | udp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.234:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.202:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:445 | code.jquery.com | tcp |
| US | 151.101.130.137:445 | code.jquery.com | tcp |
| US | 151.101.66.137:445 | code.jquery.com | tcp |
| US | 151.101.194.137:445 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 199.59.243.226:2053 | lody.news | tcp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.10.207:139 | netdna.bootstrapcdn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_3112_BZEJZYRNGHOJMLQV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5310d66378fdd954dc9ac74b781289de |
| SHA1 | 233c3101fc04cdcb3e4e1782a963f5c25e35bcc1 |
| SHA256 | 8459ac4c8fc44e33abb843a44488fa0abe5f40a901267c1d80bc5003e8c953eb |
| SHA512 | 66f1660067897eca358eefd55b1a3611217c28d2645fcfb41c6ad3bec399710ff0eb95b7732144f7ae36762e672f380192ba362b32d5bc32b5fb502a728e1ee5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a373866e7877abd69bd236f6d805557d |
| SHA1 | 6f485b7c19cf6ebfe81521c634f01fab174f0500 |
| SHA256 | df6fc79cbf1fb7130f64d3712478060e107dfb70c463208179c9867ba38a7bf7 |
| SHA512 | 506464d3095a5a5aafa7bd41b2bc5ff28bc312cc1ada725601282a0d61bbdaaae0247217971b454bb326367a28f35bbc69dfad92afe021cec6a95ee0e7d28439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5f4b15a9f581beb407e165209f0ef41 |
| SHA1 | 259104d9dd5a8739aff2e32fc0f5c94c4fafc160 |
| SHA256 | a7ded89c5453f1ab2ffecf95ab492cac82bb9125d5069cb6bf9ff040fedc111b |
| SHA512 | 2dad3c441973f65602e0e5f5b35d4b6ab1936a763bc23e86b1a6ab4217966ee503a4e98af7edcc9202721b412e615b650854abfc1161ced45692620be25bb6d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580dc6.TMP
| MD5 | ee4cc9b21ebbc89e18b1f1dda5d1ca99 |
| SHA1 | 120db4a1a1c3fdb5e9563304cc42acc36663377d |
| SHA256 | 86c09ce2b5a481ffb34fef6f3bcf9d3438c739a0c6330a4ea279c11beec3b969 |
| SHA512 | 1a6aff7e94f58f891f257b86565aa8db97b299c061d7e48b863c9c41d8394ad7916951ec98fb5bf1dd0ee07f7801b7acd21d46f7c4a06b9e651dd28212686b38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 223ff3b7a0e42f5f8303a1d711c8cdbd |
| SHA1 | 32bb1a9decac16682b2fe0ad1f0aac2b29314fcd |
| SHA256 | 9f94a39a74eb2753feb4e341b5dece6ce38da0013ea707982c5d82a20dbd9188 |
| SHA512 | 2a7f17aa6825cf0497dfc639cf8a88c48915e20b65fba987c13d0160b60b555355f4835b232ec6ad41eef68a2fba7f91cd687cf1e7593313a5dd8886df1f2202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8ea13c7c6fdeddceca50267ac0dca54d |
| SHA1 | dbccb87bd6fa303a50aa4d9703d7a87609467caf |
| SHA256 | fb6c9934cb7cf64187e2d3c39066a3b662f75665d3870352d25a843f0c558fb4 |
| SHA512 | 1ba4bb3ff9edf26a1761b1b7df9378fe9d2cd568f61c94839e9ed616fc749d0ff5c612eec689e4060b6cccbfef861383c4cfd740f4ec4ec9aa7395546d8967d0 |