Analysis Overview
SHA256
fbb964bc6a6aa841dfd978b3244b6b923ea8eae3becdc3e6968b1e6e4db69179
Threat Level: No (potentially) malicious behavior was detected
The file a4d5fda0bd45a4dd6791226af568a25e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:24
Reported
2024-06-13 09:26
Platform
win7-20240221-en
Max time kernel
141s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20720b8c73bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000135b9829b58e1e4ab3aac45d0191b015000000000200000000001066000000010000200000001b0b95609edbc5c92b02305e89007dd0d3a9fa7a587914dfe4e173057b715622000000000e8000000002000020000000d880da9e11e14ab894ee7e4e4eb7c673b51c0285d38c710fde0422b1b9427d632000000056de6d7f387cd3608342a7eff7fa86a643cf8e02fbb0dde2e55992392743736940000000d731244fc328eaed77b8f5e75fa0de47901585fca0a955734806fb7f1e43283e3d7fbf268675c903529bb6977970a92013e86165ed2565ce938f4baf2f1f1260 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000135b9829b58e1e4ab3aac45d0191b015000000000200000000001066000000010000200000005559380aee4124d9cc567c492aa1c7ae2b58539c15fadcd5469c32da47d42a89000000000e80000000020000200000009976d33346c93be9218acf12909d493a4bc56de72cf10eb1a2894e31d20b111990000000e14807857e057bf7f002ba950d12aae976a32ef4735f1dc0e296b2a815d6096b712302dd2c4b6d8756cc8c70b69ebf0913949b112a70f04069f0bfaa78836a3906b3fe5a29db575dde370a2ba24ebe4006871d4aeb0b39b0257b765b15a5ed08595084a590f4fccfd7a48ac7f1061396166b6978034c30522729208144f19acaa8074bd1408a2d81476ade6cb8aacce540000000fd3a4677ad1aea23cc5e08875450de511d00614680b2092defadea68436fe9377b5b0b43466a2c3ca850037d277f1cb111f55ea17f46a6563da8cd4eb6401509 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432528" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6D93551-2966-11EF-B238-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d5fda0bd45a4dd6791226af568a25e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mwola.com | udp |
| US | 162.215.248.174:80 | mwola.com | tcp |
| US | 162.215.248.174:80 | mwola.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| US | 162.215.248.174:80 | mwola.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C58.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D49.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfd78c442a4e575ff914ad0e30251031 |
| SHA1 | b81dad735af88472c09bbd65cb9e9a7c453dda94 |
| SHA256 | a29c81df3c392bb4339e09a487f1e3b7a3b44a7957b12a95d888b5ef6f2bfeaa |
| SHA512 | f127b33a1697e8d0879e48f517eb1d711941a8b1468210081f5d6b6f27eb53c8ebad3094403667a41b91f3b604dd7ee137e3f45da42ae9e2148678570c24b036 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57ea955525b62ff23d214f6805d539d8 |
| SHA1 | 58e4555a1578fc6b81e5bdcbc9d883e9544862a6 |
| SHA256 | 78fed974b6de1d338ae15e3a39f504b3a2f57caf22dcd18dab82765a6a083a75 |
| SHA512 | a8320bdb61f969454a46c909635757df28a8570a401647effc3ce4d6ff51d8fa3efa4fbbc91b66f1fda3af3518ecfd550ab89e692e43ef6f988419fbb9ba194b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92613fa5a007a789c36cccaac73f5eaf |
| SHA1 | 7a9745c1d2af43c2dcf7da68b3992c91ef9c931a |
| SHA256 | 9b383d9c2afc076a7cd6513593434634e739cae27ff1eb7e9a97a113beb91b96 |
| SHA512 | 2199820f795794493bd74ff41470fdd4f54b31864bebd904ddb4cae30ab5721ddb0f73389e02a8a151901db9160328b711757046e549cff625ae2c76481d0d22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 108ffc32018338f2ce01de8c2fc9f28d |
| SHA1 | 2689dd6f877f9a8e83adf9fe48fb19ee666c98fb |
| SHA256 | 1dc8a35c2d6cd574dff6af5040c057022b5d9cd1619f863228bcb0c42c66ae11 |
| SHA512 | bcacdfc12c67424ae5e8d72cfb0af653b14650a82bfaedcc1673175a81e56e055ce1ac60d6a98e322ee32a9f6cf6b1b9c56cf9cb8e0f5aa6dc6aeaadd2b435d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9fcf594e3e5587a35ce0fdb89f93fa5 |
| SHA1 | 7b47096dccfdc00007557b0547e8b72d32507221 |
| SHA256 | 4a5e739eae8402a15822d9ee17269602253cb33581c2dbd3c73e857e93f58224 |
| SHA512 | 56379a15b5977683be595d820785c475dcef29ce3b6ec0206d1a5396ddd19e968ca98d35377a0452c02dfa42cb0891b71c55f3a0fca823c9a24074889dec1bf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5888c49de7c46c2d1997b7e9c0f732f4 |
| SHA1 | 1fc427a073eba4d04f4b0962cebd09b67bcdb182 |
| SHA256 | b2e120ead118cfcbb4a0dbb2b774e8079a5e0ab8eced4f14682a708630cd17b9 |
| SHA512 | 140fca5f006a6d1982ccc90812fba7a4343275c3b8ab28ddff3739ada9ee92bf57a20aa1be7c105151999a845b8d1d904d2de56bfb4199700c37066015601a4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0c6273715eecbe5df140083c30a67f |
| SHA1 | 43fd3192996965fe886a78e9e040e1a01b722468 |
| SHA256 | 98dd512fbef82aefb0612239e980dbd2e5d08a84c8c62ffa5a88efbeaaa24ca3 |
| SHA512 | a0ed2d2c68e1f9fc0d5bda609a7c8d4de696f55a6e83d8afe5abb709b4eea58e9e1d661a6112660ccda230e3c74e0fb1a2add976771a979a97c619cf7cd4e52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7ed0f1a00e029c08bbf94d50495c313 |
| SHA1 | bffde3f5b4eeb7b2cfb75342615f7be1b965e5b7 |
| SHA256 | 7c3d4b4549383ac8c3ab50db6f8696d09934454e4c5dddf707eb6ad52dcec84b |
| SHA512 | 5758764ddf94e779d9da115262f1ae25dcfe5bb123339c7dfd40e4ed94da4d7160501db221abbeb87059447cf319631ce5846684ace2fe477f8e10e007163a7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 485dc506e8b15135e4a0b7e5560cac31 |
| SHA1 | 78e981942441706bd01ba6a13b3f6328af2269d6 |
| SHA256 | 5b734e0207bf786518e44ac7cb2cd10afb0b0c378deaa140e7ec720ac3b51011 |
| SHA512 | 70d63c8549762686fcd1e3b2f376fbc85ddfd49fde35c9100f705c2bfd61167e357d7274aa0349c17987d63a1718fbb68e3eeee3ab091546ee62fcabfe874c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 291823f071bea5646cedc28d55df5d5d |
| SHA1 | f3b4021e9315ea9bd653f640705ae4c5dd155ab2 |
| SHA256 | 23fe2bbe2201d33c5a51745aacaed0d56388f676944d52afce05ff14b54619fe |
| SHA512 | 2f139201a3a0f6cc721bd4d6f20189afc83a2de4960004f6ba7b7681d34b0e26505462f6209f863b10967e0fb092289a56656717f5cd35bc48f81bfb648d1169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf85aa11ed77f286137d63a43208fc2b |
| SHA1 | c3c02f081a9653dbe87d71aae0a49f205369ef4b |
| SHA256 | e87cc21c6c5c17a8343add03effe2e52185705a740bd7bf4533b9d12b9e1d5ac |
| SHA512 | 1186cf617a8e482f02394d8c8053c11e6e604c10c4c23d6b74a34d8906f06bd7571a71a10178fd4c61c868f2af7a187c7377f9db104064c01782f2ce98d0b836 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3af113a78a126e331efdd246eba0a011 |
| SHA1 | 6f665098df87558cabede49366af8e3f015d9b05 |
| SHA256 | 44f210dbe450aaea1a34affd50d768fe404e9d924e849d7f98a4a5130bf5ef98 |
| SHA512 | 8bb0902dc4c1f2ffdce96e5fe2c282ece2cbf64f973d9a92f1960e59f160a803ef48d01797ec48c261d96d47fef9458d0a05a8568acee73c2047a5f169bf23b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3f905c040a9b74827a85cd63712c05a |
| SHA1 | a152c41391601392b6456b9ff0a4f447c2391689 |
| SHA256 | 296f68bfd8269ee4cd341f4ae46465995aa3a83d17970e96ee631d3b4e7b3346 |
| SHA512 | 0847bdb0505885c5aafaff8b8d26c80c762b18d24a990247ca733a3909b24dd408f7352f7d8051d56fef8d2fcfc2d6be5cde09042c2c314ee4c48d7a28dda3a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 669b0b096705433e1c8bc3a0f71ea119 |
| SHA1 | 93afaf07782595035308fc15ddb3d36b52f7fc01 |
| SHA256 | abf8c321a41684ac02dc0cb5dd98e2368ef45fa4182d42b5fd1bb7525453b240 |
| SHA512 | eccdd58748e6ee23799e12893e1c61944ec15cf3c4586e09564c80eca5324a484ff3067e7ed574b0dd236a14da33641df142a91160d28a6ba285848a743f47ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 982e72ec7129c12842af3b378da09d20 |
| SHA1 | dc928ca43236657409b180dfdf7139170b94a876 |
| SHA256 | d9f4c87958781e11c52921f07e4c3faacc02e7ff2718790a38d09de5b38de8db |
| SHA512 | e72f1e3c0ff4982bf34dc641956147aa744011151fdefe43c76aca3df9f28f5dd741a9b660f9f76539a27c0978acff18f9699a0970c9fb338357f414728c1af6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1233154bca03929d2f07b4c895c0a9e |
| SHA1 | 929126e4972076fe9b52cea3f8769c369f86f045 |
| SHA256 | fe6f6e8fdc677373077bc209a4b80f93629910791b7432f75b9c4ee686cc3749 |
| SHA512 | b2a58378a04a19ac2910f62aa096d2ce0df392f0d9faa082e03bc43d878544c8942ca99dd0e8d55792bf72d727ce110fdc71bde4610c2b43df43c680c536f456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3d3678dfcc5c0d3f396d38448227564 |
| SHA1 | 7f159cc6c5268d4e235e04e85714c9a5f1552f25 |
| SHA256 | f2e85ab1b652d9f931c2a8251933348062198330a6ec3ceb159cd7f1259f61d8 |
| SHA512 | e28fd71f38aaa41a20512085346138381357fd461c7bca9251fff33756f8871e50793624637cf0edfa8e8e394d41c8aa13dcf764db043e296d3a87381a8b8ede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c86b9227f7ab55f9239125690378f87 |
| SHA1 | 4df8a7b206d2c6e5a0b5d4aa698714c5bf5cd4f3 |
| SHA256 | b5aa0b0603828f2147644797e5e93ed6b2235395a2b1cbf93fa47b0327bba5dd |
| SHA512 | ac2b3c88022b8f1b844761f8be996bf419396d928a1e624b28d4e5bfbcc158c786626385cbfe5b2b87d7c2715ae4813a345156a2457d7948d04ad9b107ffda79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5da0556febf7afb717fc0a8d0b63b6c2 |
| SHA1 | 6f88e23275ac4706096b6f3a3d9b331e3c949575 |
| SHA256 | f2c21f9b886cce306daf641ac2c6b553b3daa13c5e6214c9f94ddbd4a2464266 |
| SHA512 | 25ec8758c1c8fc58874e7f27336924a3919052e8dc8cf3d2ffae0e680656c63c3dc1e567316a24c8bee5616e9c573090577cee20c0f55dcc1c1626c38bc2e831 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:24
Reported
2024-06-13 09:26
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d5fda0bd45a4dd6791226af568a25e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,6503352498512098313,11593750990510228933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mwola.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1416_DYQPXYEQQTQSDDQV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 321d386a572b67e9284f3013f0d90c44 |
| SHA1 | dbc1441024d022dc5fee05e00572b5dc8ab7b65c |
| SHA256 | 2726297733f9c3d4b37c06d4d9f74a8423606c4b3eea794fb6fe972995963102 |
| SHA512 | fada1820d6cb26ecc6b95607b364eefeed209962a75b5abe02e242786266242bd10b5e99cc9894100ba6be532766e376f7082dbb756b5d3701f1f342d14bc4ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab67573186f4222ecb111f1d8a50450b |
| SHA1 | d9ae8c37bc7c5bb3162a7e03ea8a3829451bb1dd |
| SHA256 | 803d8dbe74e50b1e5655779f14e9d2dee915e6fb4e3452c07da110af3411c9a5 |
| SHA512 | 82e2e00a026838be60b6658c2dffffe497204582681ec8974f8eabb788d2a779e28cb3cbe5d781a7fca09d161033a32cf35905af181d99ca80fd27a8e9d6b934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f8b7b05554520e9cdcb99c8781d1d01 |
| SHA1 | 4ee0862a30363625ca9ca703b399633b253d3606 |
| SHA256 | a2f20f7070bbf6aff4d4be03f72b9049799cbdc4d6a279648a91d7321101ff9a |
| SHA512 | d43a6a45e70a18b8575f5f04b3a0cddea40138406c9be034cb06fbea03d3ceab2384dd723cea1974175109b2dcf3c5b730473fe047c1fba0fc40bb6d48eb73d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |