Analysis Overview
SHA256
bc91ae945994ea39fd2b9361f9acffedc099fe1e7224e10ab70173b844444b9d
Threat Level: No (potentially) malicious behavior was detected
The file a50758daf9f6928aaa5e7b1743d550db_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:14
Reported
2024-06-13 10:16
Platform
win7-20240611-en
Max time kernel
117s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435536" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f2b98b7abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6911431-296D-11EF-A155-FAD28091DCF5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000083de663dc72641b6adb29207342b57b660917753b153b5b95e256f970f0d08b8000000000e80000000020000200000002bee75cc093967926ee376edceacf7de704627b8857fed1ca4566344508fa60890000000f111d32c0e9f0e7b52aca3ef2412090ab6b4d1aab46410b1ed2719a377c0aa2751ba864d36d4f99d8df764087001a596273fd7d5937a247ffa31b85b46b6ad45476efacb9fb9946e00c2cce5158471381031dbecc7fb3b01a96b2568fed812e7a9b52a1ba87cadd103853fe9b2dc8cdf0ad14231655ff887e4c6239833d3e357869b246a39cd39ef16c2f23ccabbc28a40000000c5117f36f116c4c6f5097fede8e18710e7e9d48abc2502f854393a0afb65b01468cfead2ee57e738945dbd19b72ce046a94197b06d9b5a38390d88fd88b591d2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000775f866b34aaec23fa2463a6eea51aa11d9aef27303f4c30dc0123723405cdb6000000000e8000000002000020000000a60f53af1c39c0fb349afe1bfd4144fdc88edbbff50b214407dcc1bfe70667af20000000ba7cef9fbe5b73367d96f5ccaa02a95c11802817423080432bdaa19047236c55400000002854815d231cc8229b37fd15a14ee1a5029eff4fbca1d108c9d6590ee1b9ae78777406ebbeb62c17e97de15ec7fe21ea4580bc00ca63a6ac66d130ab6bd4cefa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50758daf9f6928aaa5e7b1743d550db_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl20.s0fttportal37cc.name | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7FFA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar80BA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f325c0bc197c84947a8e26946a68924 |
| SHA1 | e7474296f83bd6e30d4e63058e6bb09e6cd528bb |
| SHA256 | 1cece627b97c9b6cb651d691bf3c805cf14d6080bd0470e415a65c2f4fa6e835 |
| SHA512 | 49fd29bfb6646bc264a67f32da9a4598b8fd31efdcee145f2b756d05af0fdce4a4381bbeb55a34675952a20ddc434a2c1e728cee120dd70bbf646e44a14cdbaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a984f345820e2acdd7215327f641665 |
| SHA1 | 75672012fbd5c7f3f6effc690d0b34cadae45001 |
| SHA256 | f25cbb5c2d3801e5a8f952101d98155200e0766d12adfecdb2029d87825b4f25 |
| SHA512 | 9cd8c7f01e39f38e5da336baf739e264d079f7842c6c414aa82554fd822a4fa7ebe1e0f1ab302593a7ea152ade795b8fe32eda1fbe69b4b90892996a14cb37f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c7623795e0c8533ffd1e5c1309e8fc1 |
| SHA1 | ce1ade749fdce9c40dc3d880ef04e65cac6912f2 |
| SHA256 | 679a6f816fe832abe553a450ac0ad7181b8f4f9092b997695bae12f0dca47dd3 |
| SHA512 | a03510027a7f4e045396888140637bb2c95fac1d011153fc5a08e627322b0f99f3f8c45ecfd95b5f25c8db343e7876d5cf85d877820ae47ecc7a2c5c8308260a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fa495a8413c4ced08a43284e29a8d0b |
| SHA1 | 13bf66611ce688b7bc2ef42e5a790ffc8aca4f2a |
| SHA256 | 3bc1f9e6f2d3c500bfd7859a453d8fe7fa35d37c13aa575d6fff63e57ab6bf32 |
| SHA512 | 0dd72582aa29a87ee1eb6136527aa8acb8ac44ac28e2c76c42d06a165e4478ea815036df84bd5a3a421c065d5d584aae9d5f330564ec81eed82e62d8986c1076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47d8707ad395119e1d7fe2a5072c3601 |
| SHA1 | a2d6a7ac4314405511411d99353acb6f942e9b1b |
| SHA256 | 7f250cfacbccf63846ba24c46fd6d6b537f31973aa42b3aeaf718f3f165df14f |
| SHA512 | 0f482997295dbd0954d3355f131ca290e370bf7d07010e9cae126e0c3accf2237420873ea692e0c5d8c68075e420b11bbdd7381dfec27f59dcb1657317f17166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5db2bf1761bd68b7d4505c1ac810c580 |
| SHA1 | b3f922e2db84b58c3684ac7f75b8e77795fc2cb2 |
| SHA256 | 51af84f9de6c28131f500dea9bc42a9c1c0f16ac5da5160427246300baf52d97 |
| SHA512 | 5d628ab8e6edf4335e61aed0f12ac1804ff91b049019aac2374eb957544d071210e722f9c7d4b3a6f7414867a5e17e55086fc084d3ff3c33136ff8f11c02f13c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6ab26cd7bcbbf6d81f696eb18591b18 |
| SHA1 | 2687da6ce66153ea0d706d164795ae46030e1aa9 |
| SHA256 | 141fe2b6b1d4a9ae9d88ae4441bcd96f1360300f127fe95bec413443adf91663 |
| SHA512 | 461571fc0eb7f8a65505509e6a656684cdc8ce896d5c64c34da58cea677032b7b6f012d7317e8377212f1094653b091bfba9f46f9d88727f5a90dbc4d0e71024 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ae00335016b46ce57d5a1e1cfd70a95 |
| SHA1 | cdda3204a61aa2de2457da102c97cf49ef3dc577 |
| SHA256 | 58ee732bd3b39748f721aa4d8dc38ac3bbe83cfeb204563c7315dc0f23402fae |
| SHA512 | 7db9d632c55f27fb28ceef26b8794854d1f672cac18dfb1c45c307a4c971f0eb41ea03d05151fc54114ac7f82c673d3ede30324ee9ea8ab34dda3fc0591743bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa00fefe714580197c84d4a88a2cc694 |
| SHA1 | cb36e8d157e1c1c67b86439708cc5a844d20fe5f |
| SHA256 | ec78b0ffd74f40c1b4d16bb66257af65e29ab85494f4119c28d0f7348dcc29c9 |
| SHA512 | 2d36e9a4969f40799d705ee609d6c071fa9508507aa966a8fead3122fc5e3653dac585b7e4416d5065b666c4616ba8347ae65bf7c49d6b8e40d2717688104907 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b021b4624c4243a97ec46e114e39716f |
| SHA1 | 53c6d091278f1bfdde194944e58cd5ce58cf7ebd |
| SHA256 | 0a8b86b5bf7ad5e582e69b939a3387c36e2ddb804194c392d874f429ace01aec |
| SHA512 | 3d911c254667f54f0c1d5088bdc0a359f3027db9368dce769613bd6187b779e6998c13d21e5fd5971e93f4c9fc065e871d82b6ecf298d2ed894c6ecb641672b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c109b256894a206ec1c01b778694fe |
| SHA1 | ff53c5d9b0cc904d479eeb551e9aa47df84d67dc |
| SHA256 | b1dc9e5f554437756285cf80404ccd7c4d0637f7372c89cbd9576324ee2b9a13 |
| SHA512 | 325a828e8277e89e109cdb6744928b56b25ee86ffaa3dc76b399163019b69b99d3294135b55ee36f2af48cccfcbfe0fd351b865a5826bf7c5181d7300ec1de40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9369dbc1a2455deb779f0c3308096f0d |
| SHA1 | b69fd4896c155e1a4e7eed6ab9888b32a05a1654 |
| SHA256 | 105608bbe1ccedbf384179ad4c07a8bb7d2d433c985dae66d5229baf3d481460 |
| SHA512 | 5a0a03152d5fd4a8b6fee39307cced39d58b43b9a32643bd972c60c840e381c51fb00919bac60b8ee3864d53a6389bf13c1bd75092eefc48787675151f9a0136 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 794d33b6eacdd1b6957be011bac86d31 |
| SHA1 | b73af7d3aa27054716b774b78587f2ff95f16220 |
| SHA256 | 7058f7317a2de6a9b051b35e0c2b4663f0f6cca369f9fbdc278390c37d4cc890 |
| SHA512 | 2f7e2d053f2522d61a3321d88f9e58964d73ad728cba0344b9f39482a3996dc1a7294995201e58c238ae6e7f162f80283584b57f1c3354f6d57d95f3df5cd8c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7240fd78a0ffa966e4cccd24a88e461 |
| SHA1 | 8afaa086b1aeb64ac2eafee6cc0b5921afe3f196 |
| SHA256 | cca8da496845a1dbc929cecad676bbe1bb65bf6b3046d3dcc53647891271a53d |
| SHA512 | 0204da570828fe1284b0795aa47ed1db6930149e855c370c5ca3f382a4ef5745517f91afbe53d31f3eae73ec8e9cd833afcb4d78fc06d8cd3fee479d341a3b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d10c145587e41a6695fbffe6b8dde033 |
| SHA1 | 3ada91c426ccc5882de490dcc8c2e6a1b808929a |
| SHA256 | db2d18776920d531f780dd4d66393a8388669cf6cdb239731b78656d8cc48690 |
| SHA512 | f2e9e7ec767b33ca8885b0674ffc08c3e2b710afe5390081fe5fa0ba932248c08fe6fd63aaf5fa0168592a6b0ef201fa548f58667bd2d2f2bbc884af571e55d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee9c68c87ac78ca700a112ddc02e5e6e |
| SHA1 | 4fc2326646d2072a570f3147c58e3ea9a68ee96d |
| SHA256 | 1bfa91b46edbc16c4e855a18a48a8e8d8175557a038804b83a956754d3280011 |
| SHA512 | b737e023e18f63766d30b363ee8045a2cf195d0ece3d931965b4bf5a6deb049f5be6a674bdf593caecccb6686449859a0a3889357db3d4e7dd8fafdf010c42c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53adb9d80fb956957391ddb4eed56d7e |
| SHA1 | 10dcf5373d482d9586c4b9cf103219650863f2b2 |
| SHA256 | 87eefb69b3aa182ab73c3706f2041f338e6b487be8e6710d3f425665fce067a5 |
| SHA512 | 1190d0fcb79422a376e358a8f70bacb6f9f7a541ca3c3b9c202049866a596d2863a011b36e9154f42cfa5110f33a1723db46bf0b2e5a38ace33b68a6fd57a54b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3202be8dd7c3b6b6acd116832fa9d590 |
| SHA1 | 492619ec599c2dbb9ed86ca5d144d64ba6a95730 |
| SHA256 | e97f58a20d84a37e28e53077e6d27c5e6ac678258b295a0f2782672747ef79b1 |
| SHA512 | fe9e540553cad0e6d3fe1251c5b84f9996923be3ab3e592470ff9cd8eba31772f2febdc8459d0ac17277739aea6d20a352a45c279977998c5d3f16c0618d987d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d2d260dce6707a09a7093e62829f2a5 |
| SHA1 | fe69a61e402612ae1348b56c61e9d27dc689ab14 |
| SHA256 | a18100f48e24aa3a85776457a410b259c80e9be5993861722416b963a43c1747 |
| SHA512 | 18904ced6cff7763400b9c55358f0fbc3a2edc772cb35a4fed0f219a9e6af05848672d673504f1924c7921c02cd2d7f6b23b27c370106e7ada0c17d12f283278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dafd90a951f9cfed988494c849a4dbb |
| SHA1 | 08e98d6140faac47883eaa44b1b07ee17d87e734 |
| SHA256 | a9f50494ca2905214bd277134b4ca5e3de3d73068af6abdfbfab1e56edc24fa9 |
| SHA512 | 1ef8b402d5256f26ee8bc70d4fd2b0c92532595da8b4228b1c173257110cfacfd84041f3e84b0a23c55cfa2aefbdb18eb14796593ba209f1451bf23c51ac8911 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:14
Reported
2024-06-13 10:16
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50758daf9f6928aaa5e7b1743d550db_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7179313524089747848,14607362983862965436,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl20.s0fttportal37cc.name | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dl20.s0fttportal37cc.name | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4616_TQCEAHZUMFWVFYBD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7368663a93e5b6e312b99dfd1d2b3b08 |
| SHA1 | d030ecde37d5548cd1dce23c5567feb2e49309ce |
| SHA256 | 98e2b5699d1d5423287b70a7a793568a311ab8aa23e8f438ddf2758d7bc254a5 |
| SHA512 | 392678ba412ee207e752490fb6f44479b33717963f5ee1876c4dba1ad6fdbfaf3adc6fe666795572692e5c6317f83c7bc33000c1a7cafaad37f5e6a72224f991 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5bb28d6796f0748d0f4be3612ebac2a7 |
| SHA1 | b16d0ddeca5c535569479a80c7965650b290cdf8 |
| SHA256 | 5eed7aa3373c2e4a09192ffb93f198d91fe21532700d79ede22ca8e0b95be181 |
| SHA512 | b40e581a2fa9101670e2c90f114c9b7d715e55f7e4d5437efb28f90f27fc23d3210d4222469cbfe2ec1f6c14779d04583108fb0accf382076c376c4e1f1aa39c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a1a2a212678ad2f69b1ec9a18274d3d |
| SHA1 | cec645a4622b9c956f8c5d5f83ea348a53e67b7e |
| SHA256 | f834542c76793a96f51b649749fe1afe4a51c0c4762329075eefaf5bba9da0a6 |
| SHA512 | 1f7d9444cf4e1f802565cfd081d9f7f49e0897f540b9afe5ee62c70dcc592bd35cd2d81acbb5322ea399ff6cd4b7c7786b6615e28eb79fa03af821cd657307ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |