Analysis Overview
SHA256
6414b7dbd3c5360142497c5510375e95870dfe331b5f4abd6626d6eb47e23185
Threat Level: No (potentially) malicious behavior was detected
The file a501b5ad3be5a32e9be8f2fded7d0846_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:08
Reported
2024-06-13 10:10
Platform
win7-20240221-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c080d5b279bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDB3A741-296C-11EF-8303-EAAAC4CFEF2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000467e4a0fdd53146a93f9309a5f81510000000000200000000001066000000010000200000004db93637e3598d08855b8b1ea358b18863e129c0b76231cea83f383189acdb7e000000000e800000000200002000000093bef5f5377ede231b703c0aa2ecfb09821bbfe1724e4d3188e3995ddec4dedc900000005df2a87d972684dce5886bcc2503c70247f46cbf6be8eadef8c50ab00ac7a39a9168de33799ac1c3e06722d787380b0fe72a9de9107474f3b63b59786be09b5b2b89dc45dbced920e3753f79f4edc8e1bc1c4d476fe5040b3343847fd227f8ac58429f772e7b8badfe73f8696d3aff19f63fac2578d964c998c0c7d5422e9eac8b9ff6cdb82ff5af3f7f766904abe91e40000000f0a73222821a5b632f382195d964e290231a7d48eb8597bb10b99efca660c73fd563589b451dfb6dfe339e825fa897efddf6468730068fb6ac89e9dc99f92502 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000467e4a0fdd53146a93f9309a5f8151000000000020000000000106600000001000020000000df1e7fac65e99db8c404064f6ba980fcd5c98a10991fe26092be59b444798125000000000e8000000002000020000000fa15a7e3136573a0c0fce518e93a7b17cc6bb9e879d24e86c85aaca261ea89152000000023e8ba0a62d488a1c5e09d806fd9c590e0d0fe826705776fe8afbd5aef15c0f5400000001c2677de9467f07ad4f2595c9e91b235fa67e3b989e10430c07c3ddd3299f8b71476d9eb09e77db6666a952ff434ab82d99bcc9ac91a55b6c44834d27703c57a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435170" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a501b5ad3be5a32e9be8f2fded7d0846_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.hg2604.com | udp |
| US | 8.8.8.8:53 | www.365dushi.com | udp |
| US | 72.52.178.23:80 | www.365dushi.com | tcp |
| US | 72.52.178.23:80 | www.365dushi.com | tcp |
| US | 74.48.7.151:80 | www.hg2604.com | tcp |
| US | 74.48.7.151:80 | www.hg2604.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4444.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4554.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2997fc8c1741048074740d08948fc521 |
| SHA1 | 9dd987f0eb90a524338ac259fae8e09b7457134e |
| SHA256 | 3f1facc83a6fa0450f00edc9887b6dda174d7e481fa6126297c326a4aecb5b9d |
| SHA512 | 0e132e97bd793078d85d22e1c1c6ac446f1bc41d09f9260c03f4ca7a10290b8205664ed0abff14c3ea4f3ce402641c4c3fa907c5e5204fa911016de4216f3334 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4047ec71d87dda78734aa1af508418f1 |
| SHA1 | 6f512c770c45d28f8367773f55a9716a3dbe165f |
| SHA256 | f5760880c450ba278ca625eb1713bc3d65ddcbd5f5066260ab416d54de42ea47 |
| SHA512 | 99370ab1813afb299bf6b191bd6e3490ac835e7f7a8e4b0ee0e23835256b1546eb8fc1830163a3658e1380941bb2c244c127faa678a96b712f07db0e48811196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ec689e23a186ed7021ea1f5c9441224 |
| SHA1 | 5d43a783055d6c3920f2e77fc80337ba4eac2e9c |
| SHA256 | 63f36b90e891ce5e91e7c58b13bc555fc5224b855da7d1621797fd53a5fe6ce3 |
| SHA512 | 64662512c29e383aa461aa0c081c35abe5fba054df63a2e163802c8a69a873ce722fb4ae2c7347f22b1828c3201d5c9cb0cb3c1f7998b26bc624fd153317a6d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a2143fde0d2af4125d75d30e5284ef6 |
| SHA1 | 4d4b53d1461487d398402da70c3a2b245ed320f9 |
| SHA256 | c4c75a12c088bc29d93ef307a6de4fdcb052aeb83102fcb241ebabb904e2f4b8 |
| SHA512 | 485b361e154e7b178f41a557800f754edb212f34f45a9613e920f5cf29d2abfd4edb9827f907bb70ae581a981a101cef2aa0dc025ca960c13f2ff3c6e066ef43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0463d3d84d9a1aa6c2550da58a7d8980 |
| SHA1 | 0f45750632d6d4f19d085c91bc92cf3d9001806a |
| SHA256 | 371c88e39ce0f9569bda1fee055fbd47d3cd7a2110776964a7ace4628b658e17 |
| SHA512 | 66cc10976fe21ba8565035a6427013e47aa9509fceed80909570acea991ff9178e15df0fd21c9c7edab856f3cc4894d36c72f7a1f50a70fc2db95b664cd9651a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4efcd7da0d3a3005127ccc0b29ee5545 |
| SHA1 | dfcf65cf1d5bcce54a20091a5eda8148edacdadc |
| SHA256 | 490820b10bfe35bce8099d1a2fc01741fe6ec4dd9e46dda4e8cc28825f048897 |
| SHA512 | 56ed449d99be14159ffab93bbaab70d997b4e0069384ea7393858d03352a4a147fee69c09fe20ba1985ccda09b4555e90f92ffa5c63493197301ceec8392e58e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379af69061efccb257a4fd7240826245 |
| SHA1 | f4c3914d4153b082965055ace9c63787bf7cf039 |
| SHA256 | 9c8ff646d732df61bb009c9ea49ac4258f1a71486b833089e77cd214a7448d00 |
| SHA512 | 7c4da4ec18e50a0bc7876212f8df1e3828ae91de4927adb93ececb99fda2186473326865959766d061b6670ea164e00ce475290f73c15021f91aa669d6cf9d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 260a1d286ea19b3477b2b24154a9bce7 |
| SHA1 | 2c1a55c2bdb00cb61bd823a6a9ad5eb037b3e44f |
| SHA256 | 5755d2f7ed352fa97d71d1c3f897f2ca9a2cc0fef9a1a35eceda519f6b14cab9 |
| SHA512 | 57e609bf438ae68198b0599de5a87c137299acca99c02780dbbe801fb753bd2a2d79b835805732b375264ade9f597dbeb2494dfb6d486b7cf1676055bddf764f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e84cc11a0e5aec8515f79ed0627ddedf |
| SHA1 | 299fee3892c8fbebbd5fa9d9ca2a3313bdd42138 |
| SHA256 | 119e583f7acee5c763f782d5d9c29dc325c638b41a58267c0ed3af2416954d6c |
| SHA512 | 5248e8e7b5cc612fd1f6c26dd8626d139f008316ccdbed917d8c595e8157115bb48e327395568c35159b135a7c3019d720caf624f823636a6e08da5e5a0f0e1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6eab1eb0496f597d303c40b0f1acd43 |
| SHA1 | 79b2a9d8c77527a6cad1022fb42ca2230df56250 |
| SHA256 | 1568c08d980289e54a881bdc77afc0ba72ad23b7e1cf86f2f0bdcbdbfa7a10b5 |
| SHA512 | 1a2436d479e242e423d875436af2c9059ed81c3b9b6dbd9468da63955d506eda3f4a8a9217233ed62bd74eaee7d794629b207a9f39da62fd95a5783350643dbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2df20a03db9e858f69b2d75ab8bac461 |
| SHA1 | b6ed5e29e28c72bd493c9b9ad14c2fdb7b9248df |
| SHA256 | f17b1bd35cf18d2ba826f047aae1765e21584fa1e046c98577800e330fcd001d |
| SHA512 | 632d993b216ebadbcc6a3b1bc4e0d5e18984fe3be0814ee2dd9a626c7613626812910c8d588891746cd8e3f387046e4a44e095cf8d1ba804d2943f94e4ac226f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 599dbdadec4593491eb1eb8b4dddaf0c |
| SHA1 | 71a06e2fb0336c781a3fa7ba371d2fd200b9a7a9 |
| SHA256 | ef36d8a608ba2bb2558f72050f9b8fccb80d9723d78208499b6dd8773fcc17bc |
| SHA512 | 327927e9b3f88d4e994dbb7294bffda9e5fd5dc304f60edd2fb59b00ebc8f9be2cc08f101fd3df2fbbceedff966285186db2f90ba0f91411acbbd1a3b495f96a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e2c0ec30adf070c8ecc0201842c0127 |
| SHA1 | eb4b5b9923149efc453298231d20013a0c0b655c |
| SHA256 | eb9946f8945c3f2f2a16ee219d41580dcc83c687b651b4b29f8d9384ff321e54 |
| SHA512 | f8b17301eb72533685b36132b2de0220932cf72ec8d33f948f3a70994ac0cd7d095f7555794666090faf9080ab3404831b3bbcf8864830ed144314d40f12c0fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ecca805d80a2153f6cb187c398e64fe |
| SHA1 | 914a250fbfddcbfe4d450897fcddbf0dfa01df59 |
| SHA256 | 6916beb113e44c74549ed46b86ab4cf8fa9dd9a8fe31ec587cbf19c9c5c9804e |
| SHA512 | e125d243f0c57f6d5a7ed70d269de4bd3adbad008c3d3ad6f078c15e1d43e99ce3f49de6dc8dacad381aef135e074eeaf7598081a2e85b014961ced33edc2212 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7913499002adf75efb930a4eac6c1d3d |
| SHA1 | 3f2a6a8b1e20676326c23ac86fcf9c96c1acac3d |
| SHA256 | 0d6533d235bdf6f58a4a2124dbd01d9773f73af13f3b95d4b2f17d4ce8a2bf1a |
| SHA512 | 898fb23a1b8b6844daf06d790866dffd5c11f4834b6d3952ac370ddb29c02ca87c483894760699785db196b3d9ed3515aef36cc3b1e57d74d3ce807018d8a9c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4bf8e8dbce0f20b4e9fcc769df3a3cb |
| SHA1 | 3394c334ea988334b5397eef718cbbbbb57905db |
| SHA256 | 0d8265b415473f9f582ee2befcb7feef801487fb10e21823020bea9d1bf925c7 |
| SHA512 | 2b49966381691a77867d2c83489f6380b12e925607492ba435c4632b6c126024831fe34a428b2e1b12c27c19683553dc20b46ba53422f8517ab7cdb3b192ce5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36019ee71d11c94b648ce2884bc322bd |
| SHA1 | 1bebc84758d6c60824553108940c4912bf5c88d8 |
| SHA256 | 5272e37c58e1fb0e0a96ebbae0d8529d8a9baf9dd68d864205be82131f79962c |
| SHA512 | 75984305349a8d7a7157734adac30f34531d3be9fb65675c665201186b1124793262d97d8d1dea5af1b57f4fd2e8d6a391873b8ec04be40246ec1681c5cc545f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f3b8bc24b5b94be81805eb852e65eb7 |
| SHA1 | fd7fb054e588332eb1e7af0b6d3db2bd7fb5b7bc |
| SHA256 | 67007209fe355805f17684f26c9f9b6e1741335391d9b93432ec61dbdae96510 |
| SHA512 | 1d08a0bdb11fed72137c7b248fdc9445c562b6c5693f1fd1b2528b79cee54171b4b446c56206ad1598be0a5db6d1620ef2ca2aec509485fdc6aa0d81ed7cb0f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dfaf01b712022e92c93aa916bbb0785 |
| SHA1 | f58118cb5b6db297570ea5883debb0b5e59fb3e5 |
| SHA256 | 6e9afbec945065b41ef9631d9681bb60da19795c9784e9d2f8c2da635ed62973 |
| SHA512 | a08986ec9dc8e636b9d018809e9159bdd3db2121ea290e8f59ca5f5fbb42a346419c5a20c2b6e03260c494b1ebab06466bd18d7a4a47d6abee21516314c48095 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:08
Reported
2024-06-13 10:10
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a501b5ad3be5a32e9be8f2fded7d0846_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5487491698188572911,805625764900390683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.hg2604.com | udp |
| US | 8.8.8.8:53 | www.365dushi.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4048_NTGTPWNBIQMHLVCF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d81d03232d71a6d4a298894e3d1b029 |
| SHA1 | 3c6013838c8e4152757331797851619d05100ad2 |
| SHA256 | e34a62a47fbad8c30987f7d44a5a111ba976c6bc88a32eac574daf96b6e9f01e |
| SHA512 | 237676985320065e85f12b9cc104ee7d9e4a2ce17c94e44856f0fc3acffb7542e016293ab82ab71168e59d6434a088058f2d6d092b4089bb8723098b5059a983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d385f74b0f6ba6dfc32a7f2f65b60be |
| SHA1 | 8db8cc91f1ae58ef34da2b2d902d58ad79bf042b |
| SHA256 | cc2ecf0032f61b18cd5926161eaa60d5f3c401c070596e3a40b0ae6eaee21234 |
| SHA512 | dae55b90c8f83d31bef4696f38f7dd6987d81413533cca3da918c764c8abae25ee4f4d4609953fc6a6a4a8d61fc8293ca8d0f09e751de6ab76104f8148b51157 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fbecb6f367b462395821897d9e392c64 |
| SHA1 | fb783939c8db7293bbb6c9a0501892603166b7c1 |
| SHA256 | 91cb4b0c24fcfa8241b233f9b067a758d065a228c124417ca0822153bd170dd3 |
| SHA512 | da3c228a1967979e3eff5772b738618091a9bfc8267928f0c02b25b31b324afa1e62c904f95a3a03b0a120d15c52f233d6b3fc64bce60ff39e42d7988174c6ec |