Analysis Overview
SHA256
79553324dbebd9ec8f9b53ac8715ef561d2fab2139a27747c63d3b8cfa87b790
Threat Level: No (potentially) malicious behavior was detected
The file a5076e53f16c2ddc042fc79431c9bebd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:14
Reported
2024-06-13 10:17
Platform
win7-20240611-en
Max time kernel
144s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7C8C141-296D-11EF-8156-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d6fdcf7abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435537" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000bdcdf20dbdaeb4a49911cd8fd41c271ad79d3841278e4459526a22f03f756d5a000000000e8000000002000020000000434ce9d37b22b872dc5c530848e117dda989806e573518a1ab2e272983075a02900000006b82b2011cdcf57669d4fdbde51cb9ea6d2ff31b524bcbc8d16a5b7684e59efbba3de593319e5988d769d055c1df142241127a7eb371a21e97aa67a575abef2836644562a323a0ccf6d9b04c246dd8ca1e4d9e4853c489286bc8e451bf7a8e29bb2329d3080f4480e823b5767d5ed037ed04bd27cbccdf16ef0ccfac79b7c4c9ca8ffed744a4fa9ee8a9bbc29d486abe40000000845e4d13c041c1ca54d0d7b33f7e7aaa22bd492bdc87b56cc21940c269505ccbe523bb26fb5b68bcf69824c8d233917a3bdc310afc8d96859492c29f215e14f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000003a6af248e11343696ef409edd520a46b55f0c275606c953aea9ee94aeb087ae000000000e800000000200002000000041cc16b676b2880c4555617fc5282295796e894e89c0723bcb7ee7d274dae4132000000064d9f3e4de7929f76b4609e833dbe35124a634aa10dfeb8bd83ecbacadb2122240000000ca684dfb99e0d88bec5c7dc9038fbdfd3c08c7529f1befe538144a75a4bda3609ba14a6cc7603369edbcf37bfce1325b74a346454d62cbe23d35b78388ce6a52 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5076e53f16c2ddc042fc79431c9bebd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 27xeo.69khz.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab99C1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9A61.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17435ee76093e89a6d53e1a394a49b97 |
| SHA1 | 7251f7cfb591779ead8a450da4b42dcdfd363519 |
| SHA256 | d3cbb97621c4550cb25704994baa53b6b4082839661c10089ea814ba04e18978 |
| SHA512 | 067b2564368497c3e0a7748fe18f8025c11bfb59798cb6588d2166d706ccb1ea1c741e568973e7ea65120cbee530927af3c57e61facee23d98f29259be34d365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e290360cd1d010306a90fbb2c37ca26 |
| SHA1 | 9940de2e757b937ee8c439c4d3a1bb9ae44c91bb |
| SHA256 | 67341cfd482270a164fec4baee72de2a13cd8420e778e7a194d00264b852660f |
| SHA512 | 9d43f7c7c7e16d18be9083a94b0181e5d08148a841c7af193df8c3e5364555c607cd504312d2a1aebdf97e808646b72363fc8c25d69e736065caee7bbd09f292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4642617e94b925767c80013d8a3134db |
| SHA1 | 30fc6a3f51d3f7f874293fef900ee3899aa9a1c3 |
| SHA256 | 5785f6ba60c4a6eb14246d3028a83fd9d364256b52364ef3e50899bf39a884a2 |
| SHA512 | b2e096ed366922ff5808dc4e5938948b1590bf1c184edc9ae747107915ba923e755f2ea0629b6f406315a3d1ed066872ecab9c7a9641b72201bde42466ae7641 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ca47748e01d1475be9e8beadbc871f9 |
| SHA1 | 4803bf8b2e94534b29e01a2f380eb63b99d76965 |
| SHA256 | 25be018244e8905568a65852cc669328163c55ae8a64ee78b362af4944455082 |
| SHA512 | dfd5b51f7a3e895dcd7b5ea727969696028d2ec60efd0beb70010763f3e70f2027557f9affdf921b16b07c115de4391a0cb1a89bdb9fb6ea15ccdcd46f4813d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac6ce8ea1cbb3068032f0da0592fdd86 |
| SHA1 | ce0f951da7b2b3f00944ce13f48dcaeb69907739 |
| SHA256 | 858fe5343351d683ff34dbc8483373dc6d97372544903ab630fd4c204fd1aeac |
| SHA512 | 27ea1730954902582c2bb25a06a8c844ffc464ab3c49158ebce144ec433442836086d557f079a1e8146ef8354db25f42861efe0c60220bce274839985abd7b24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e66794b3f8f3c35709dba910da645519 |
| SHA1 | aaf299229abc1c258bcf3b31a8f5746143f6225d |
| SHA256 | 064d1fe1d524b6bffb6babda9cf868587a3507289823478e6b30bb19bbec4cda |
| SHA512 | 73b8ed314452bb89e740c2dfd239b775cb3aef6fd138fbd5644f981b35091074b52602d6af21b6d04625d8b720b238f845ffbbf5c8a73a23a0a72d5041a0f736 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0094b0d9205c1cd5b625657e89f49c10 |
| SHA1 | d14696599747de15fcd0fa734652ea2f378c02e9 |
| SHA256 | a0269ea7a05fa76ae0e345a55f348c812cd48040c22581c3483a8d0e26cd1ab9 |
| SHA512 | d0e55ccf0584a3c443b128969ddc9b411cfd5b3ced6ba563985ebf1644c561932463dcfa4761723ce83d9939c7327a8bfaaf91a6b315b820d08e2359e0f94cc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f77569353c62c4683a3926390e09cc77 |
| SHA1 | 3d96746b78a9726827b0e0bcb53d0cfacc1eaeff |
| SHA256 | 5565da0f773a220393abae86d33cb99ca5a148fe5701514f42bae82e2b91ea40 |
| SHA512 | 26d5df0eb5491f78c6b7a7430b505ba10edc93334801b1a85adb127d4daddf17f28d1231b65104f54185d891f857d114ea4bb8208f3b9ed9ae42ec6554834f12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf43022a810e46c0e191ef63f9b0f2f2 |
| SHA1 | eb17ab5c4696270cf575dc2771d420d23f1c3c42 |
| SHA256 | d69c27be6f32364821062b1b452374e097eb95ad1d0f4a51de9f5483e89b55cd |
| SHA512 | 799f94c7334824b11eac02d4719e7cf656f4cbd82d0629f25f00b7e6791342eff86ca4308aee35cf6a72c4ac32a66d11f5bad45c9225dadc8489c148615f64b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a422f105ec7647b9d2ac6e4fdec4505 |
| SHA1 | 0a028a395e60d8c6f3f5c253e6948eeab034d274 |
| SHA256 | c33bbbe56dd95ff60539da7ab698d1459d85e26c73c09b2a3693ff926845f4ec |
| SHA512 | 7371328ffe4774b50aa5e2de7e1c2d347d5c0c455b0b39a1ca9a3461d078c13009d3a83ccef0926cf7667c69afb7d53be4edf012c4344aab180bb089ec6ad5e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f55bc3cf6eb4ae810d9a39f6ed4075cf |
| SHA1 | 3218ee1da73553afb8f2de194d207d765768c208 |
| SHA256 | b1ea5d264419953f54f053a32c1b1e4dec1afb9bc05ad35efbfbc36c3228994c |
| SHA512 | aead9164745c4c1a7b061252eb5ef9c3fc4640169310c98eafced87c4761df4239483d507dd85edf27eea9ff26ea6eaa532c967e6c3c532ca3962319b78c643c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 687818943e2e5d1a33b416f3354163ef |
| SHA1 | a79b82ce2d2253333a0a0a5e32f04331292ce74d |
| SHA256 | b47c2d5cb68beee62795ed094fe2f103ce9994c8674d1e30079e7d4d447c4568 |
| SHA512 | 1e7cd0ef0c165378db9cc8156fce8500e41cafa8a534ec9da703a35974749564ed0a67c94f7035ab4a93508974893547e558e835a87ab3291563b6f70bf09667 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c0895cab4ba019f25f90b4709971ad |
| SHA1 | 2deb1d96bbae64274aefd792fef6279acf9437c3 |
| SHA256 | cf34fdd1817ea3231fdf0d37aee0f06e2fde35f7052a3fa07b0997298f33cc27 |
| SHA512 | d70bbe78e1e7d6b13ef63a9a91c08476fff37dc1f2bef025b99f19e7d86c8b8e7b2111e5888c210f6d10a221ce5718d7ed8bf9d00f5615cf4edb51e1347765a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ba162db5c00fc2685c07c033fe42772 |
| SHA1 | 4adb272fb6520dbfa75200aaa2ca352deeea7bc3 |
| SHA256 | 7529e08252709772c7c9bfc960ee7b8c07a67252572692dd3c3e9afc5dad6838 |
| SHA512 | aaff73b0624d73c9c68e94a72a6dffa4acd491fb91f079f1a8004ca6c7991503ce0c42a7e33356625e6f7cfd4e86307a178334c5ff44a63320a5cc86cf27cab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67688b1661c1a22db48c34ae1e8bf5ae |
| SHA1 | c74d4655c0326fc2e2411f2c731980e8fc35a2f0 |
| SHA256 | 5c4db2f022774c29c902cf7a0fac09f8477f2c612079a6e49c0966a85605fd67 |
| SHA512 | 0fd7e9d8618d678ade3595b68ff278e0b83d26aa4f5c0197328935f123eb5f1ccfe7111733f6e587dc6cc6aa99e0d7b3d84ddcebd1920c552f2a04c6119c2cfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d356bb3ff97bc5a9339d1e5d3d5708b6 |
| SHA1 | 95627e6fc6caa9a3209f687f7639b9a74cbb9f1b |
| SHA256 | a330c686d7572d2c549995bdd6e71cb429b68a91cebc5405a7aecf308b9680b1 |
| SHA512 | c50bc80fd899acc9bf4b8335f670025a499dbc2916bb6301a3671da0e455afb06f4867f256f168b88dd28870db871395954a3b8e2e58bc0eeb98976fbd9af956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 608c1a694efbb9844e2a7be365ed60ab |
| SHA1 | 25edf3b1bf61b620acd88995d83a324a6cfb8a92 |
| SHA256 | 731ee5a38e16533338926c263d62fb08e86817054c9b29296340287ccb7404f8 |
| SHA512 | bfd9bb5492636d330d036c5d44ce0f64064673f3f91a04e9403f40b6122845d6e5f570f36baa1de9955bb028ebdcec7cee595ef3f5261b3b751ee3a476017fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c17f06d02d731eccb277fd3da4330ab4 |
| SHA1 | 7103616d34bfda7a83ffcab3f56d586aef4c2a00 |
| SHA256 | 1425df57d493513128d70cb97d0d6c66e9167f202f210f7d463d7816008ce9e2 |
| SHA512 | 2145048736c55c6341c5ddb1c44876b53f5b3b23207a2822e0d9988eaef8951fca800baa556ab0ac13edebdb9e382899ff4bac2dbafdb19650c09e4734b8c3d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e68562e675d635d1bf1e0c754d3ce096 |
| SHA1 | ff7da5909386f087d0ee76a8c4e3ce0eb8a7467c |
| SHA256 | 287046f1f5d7ea37e4d60415401f9bb25667248376d7fb324d54a878200e6340 |
| SHA512 | ba267f7cbf26cf963ef55ac42361f1c55a817ab0ede483ae502aa277c0966fdaf72c2046ee972526c0376a89ba41556346ff43d4642d79bfad2483716027bdda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8be8d65f7e63e3294b772e810778f143 |
| SHA1 | ca76d8893c71177520e9ec9c71d2e29058fc7d3a |
| SHA256 | 046f5abcef9144c4671d0c07f5d79aad93c3639fc702f2fda4dc4ea5cdfb958b |
| SHA512 | fe8966e7f006a7c4a7b0fe0313975d1aefb0247e7acc9f2a64e289f02ec11fe332a9b3dc9d680ea4a4b1918bb47b0502fa89d71a5f1d05de2dddaa3f3c6bd9f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4938c4d4075ac9c6714356dba189712 |
| SHA1 | 5ac08341043d33c239c7de0942270ee6085c18bf |
| SHA256 | 95f278b078748366dfa26fb74eaba41e69bb5c77a5d3ee4ce6db85b5ea201857 |
| SHA512 | 8663d8df48849fc0fc6ae2c3cc78a77a05760a7b7d7d52687bdbcd7baaa44d2144e3296a58443cf7a75760b14566c992ef9e97da514f2c1f72e8a254bfe18934 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:14
Reported
2024-06-13 10:16
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5076e53f16c2ddc042fc79431c9bebd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb260146f8,0x7ffb26014708,0x7ffb26014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16873877888686181756,16965407328089596389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4608 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27xeo.69khz.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2176_PFBXCMWBYSAKPAHU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc2ca1680e9b7146c5cfe9929bee7818 |
| SHA1 | 47c6ad6385a5aa26b181a4220af672870afb2810 |
| SHA256 | e6e854695eee892308503a098722e0e30a3909254921f1c1dcba41d22cb107c9 |
| SHA512 | 17fe405fc580b4df96031789a8560c6e1b9839eff3be371cb49640526f2ee15f5413b849ee8674d2cfac6060c1bc8a29333187ee737c0e941edeb1ff027881d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 35e3b6d43c2ecbe45e53593ef4d1e897 |
| SHA1 | 8cff465409cebdbd0fe9b58c24a047fac00952c6 |
| SHA256 | b74b22c18f6bfb8ac1183bf85d4cb11db7ff7d02bae2f14b3bd28d78335e2068 |
| SHA512 | 413c54dccde93220af112f67bb2c53943b0b916af4407b8ec031b5fa8fc2f72b93ac8c9f11773f5f0b1c21e26c0b6a18b25b5cd1338c3c5b6de886e9ba95de29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 459b6056a24f12af6dc3f79864456d13 |
| SHA1 | f142271772e06450231cd8a450744482b6d35d64 |
| SHA256 | 2d2883cf15e6e24bebeab8709aea4b88409f0865550c5725c688dd2b83b25d51 |
| SHA512 | 13c53f643f40b72fa41ff2da8124f202aed461919d6283398f84e7fd85e3e7b096ee8c4ae1d531741f7657b40980fa53fc5c0ae981f5d3443878e8245d33eb42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |