Analysis Overview
SHA256
af1b77157b8db129c233fe63ac78ad56f8cfd880c7442fa6d00fb52da8edd58a
Threat Level: No (potentially) malicious behavior was detected
The file a4d8416b6298a499b26bab402b2270ca_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:27
Reported
2024-06-13 09:29
Platform
win7-20240611-en
Max time kernel
133s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a91c15d561c3579d1a056f8fb9dec18c37d5cc83ba313fbc58d739c5132440ed000000000e80000000020000200000007ff3c868890bafa7309801bc776a1c3ea27f4ad07efcc5a75a52b4aaf7cf3c1720000000cee81e864913b97e0ee07f1a238eab0b34df956ac6e4c1747853e49181e29f9c40000000abcb3ab3ac39d9ae6282116f86b26221d4cf57854526d82f27a0d965eb8a0a058ec91920260eab13118842e5b29083c72db5ea311217ee943f24f9f4b0181cb6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{193F4591-2967-11EF-AAAD-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000d1ce7ce4b4bf891e25727d1cbe9e9ae9fc7ccbd129ab05b0223ab0c3e61af41b000000000e8000000002000020000000cf364de68f973ea029c68da3b44d167ab6d49843082e5ab2ef2ef02bff12ae9a9000000095f8841b462cefb95c3953f71d16c4cab2324576223e3d829042dac48265da75149df6a1873e3cd4d7d727da23bf86b7fe8f6f3e7ee01628d1055b5535733e82becb8feeeb0283b47c7d4b357a92f71fccefe7bc3793db0badecc7baaed59bd53514ebb90c72604d024036d8f74c4c13bfaf5a9c3b30df6effb6c925d00a6ebd7ced62b3941177684cb2d17f423e3a0840000000d1b3471ace5f7d8e512b1ea8206571e65de6bb2ad29b280d82254a6b34f7e0b4ea9aed297d55854b03e0ffbaa36cbef5e7f2f9530bd7a5f315a2cdbdec7b32e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432693" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d734ee73bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2392 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d8416b6298a499b26bab402b2270ca_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.transformacja.net | udp |
| PL | 85.128.128.104:80 | www.transformacja.net | tcp |
| PL | 85.128.128.104:80 | www.transformacja.net | tcp |
| PL | 85.128.128.104:80 | www.transformacja.net | tcp |
| PL | 85.128.128.104:80 | www.transformacja.net | tcp |
| PL | 85.128.128.104:80 | www.transformacja.net | tcp |
| PL | 85.128.128.104:80 | www.transformacja.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\genericons[1].htm
| MD5 | 02519f4d481456a19846b4bd77dc374d |
| SHA1 | 3a6571c8d0709219314dc13237f1a8f87307d1db |
| SHA256 | b4107ddf0188465fe8e70822441ebfb1c7d09d5d498643306757ba864da636d2 |
| SHA512 | e9ea5dfe65969bb9dbcbb19e382856e687b8979c730ec5c6c1a8f11cbc30b8bf5a800688cbb2e18d5e3348d291b41ebdceecc40e7e2fd0c4127ab2790ab3eba0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 837e7e2aeb98267b04b404ebcea86f76 |
| SHA1 | f621ae088bec1b266e48455043647a9470e7979f |
| SHA256 | fc8a810984a85e0aae23713cac4040cff568c58ba6b873a3465e04bcf5f0b916 |
| SHA512 | 13c8a66213574b3bf620fb1a5c494e631b611c5ac247548e24dd6fab0b400c316052f3af7415567286e08b2f57f212ef5a49cefbdced227149427a5faf6ff588 |
C:\Users\Admin\AppData\Local\Temp\Tar26C6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab26C4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1aa9d73b25f646f53302eb00ee2e333a |
| SHA1 | 1fcfd745cc850fc8953118bcf7da6d17ea52e297 |
| SHA256 | bfea3690f4b4af6a03e67da684b7d9be470112bb8e946183dbcc77544b06d2c9 |
| SHA512 | b2ff3740d48526b4bfbad9842d20a7ac6cc007665787a6ad992d6c99a04f3200de3e2b2e7069ff73b5b7b8609e0b163d9b8b4ffa09cd8e7e7c9b42b2ecc35faf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a612462b73952a5af63861a84f819d2 |
| SHA1 | 5964158a7f47d93b4a370695c9fc032d6a38983b |
| SHA256 | f3617953249c800921448f099798d3c1d6b6d780cdc6aec9eb018bbf27eb8475 |
| SHA512 | 72fee116f6d7b5462b83d1918ce35eb14d2a0ffe79cec3414aea1613af22424458c374e169e06d302cebff40ef199f3564d9311c4f67dadbfb05393f30efd7bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b79a366f8559d9d2d963a1ce573dbe02 |
| SHA1 | 13235f2a23d42354c2afeebcb2da8542aa46f798 |
| SHA256 | 46a163e2637e3f645fffeafc3bdd10ba2a7e754a59555d37403a8e8dbfd37182 |
| SHA512 | d789227851a5d49821b974e86a30077fba2c07884e703d0c5dfebcc47e46f90f8fe08918f0fb59c339d3e885156d208899d0395641fbe6b42d33e20430143d43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e62f2681a59396dfdb150b34e2d8c4e |
| SHA1 | 1e6b85cd7802f082585b6afa39d7970f57860a36 |
| SHA256 | 0c7237dd4ba8b6fbf9f523a290e220d424d64eb6483799fe7324b3101ed2fdc1 |
| SHA512 | b0f709e38a558aa3dc6e01611f011871bb09b8df7528b81b1e97e37231db91dde380983a3878031381659c2b204dcaa082b5c8652b1e096b20942b6129b1e2ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba50a4a337ea6d00764e6cec113221c7 |
| SHA1 | 9bd65b77075610e591b44c0d09eb1dcd6a3983c1 |
| SHA256 | b3eecd224291f84c0dd91596656350aa0eb1b51f943e25ac27015ba89e79c6c1 |
| SHA512 | 0177af915a317cecf2055278fa65fd744adb4d1eaa7a074e7f8f5f2e692dddba4b37d0349f6f44bb60f11f9fed180ad7c2999b62ab76f59e055caeb4a75a35de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 050de27198fa49f3fca32ca657d683e5 |
| SHA1 | 1101844326b218bdc9509b4780b03f6b11bbe4e8 |
| SHA256 | 5630482ba833f16040f18d8fe48c743cc334455d74d41289d05226ab734abe8b |
| SHA512 | fa8cd0198969e71fa7f8e15546da97f895197c4579baddfb4ce1e39125501c984f3b5d0aeab0fda7e261d8b49960ed87b2ea59357975f6e813e468afddc7ebe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 013192ad34b985ee107a56d4a791d8b5 |
| SHA1 | a295555d11aab3bec8680643cde1ba9c722e1f06 |
| SHA256 | 537ac2fdee3ff6fe4fd4a9a8b1c7b778930a809b95b30831067063faf3aa1110 |
| SHA512 | cdf335b54fd930151031e331b614234130205189adc03ad81dfd48595c6dedb34210e65d650278075251601eab19c8224b929578fad46b9922e75b50e3c727d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0917fa6498a03842470de305ce6e24c3 |
| SHA1 | e61692a3f9db4c3800c2f70c379f23e454e35ab9 |
| SHA256 | a3251ef2451656aee2ecfea8ac542e0e280d2872a40c4340400ef0ef4e3fcc76 |
| SHA512 | 49a6c0bd3d415e78bbf2aedb62af20939c6a702ad8c46c7fc4aeab9ced2ce61ecfec090fed4f24258b1443a9275ab97ef2fb4dfbdca8d8afcd6cbfeb0e6c568e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b5392f485a443a04e8f00ec842851ad |
| SHA1 | 1c9c076969de155018ab58975d9f64b39783315d |
| SHA256 | 4ca15f88b4a6ee47b57a77e6c088a31ede0c247d60e29fc242fcd68350778020 |
| SHA512 | 0b2c2bc30854f2068ff8ea16fe930f2a15875e04ade8eab36b1c7d3c321cc75723ab6d9dd5af1f2dd4c2e3968b486de075ddd24585cef8d4765b7a7bcc5706ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93837461701c6ff0435e81fa0706b9ba |
| SHA1 | b778bfb33e72bb0a725de08be7eaf16eab82e977 |
| SHA256 | d0721e0610ab3b9bb55664506d13b5307777cde429df1be9a308635430d6ef20 |
| SHA512 | 01243ffc6e050dc4924cb7cc0bfaf9dc0c59b0905d13a44d75bc254ba9e68cde3120b5b53d2b39d527acca198bfb33ce8d408feac64be1aea8a8bd08a3fba6ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20aba81afc62d1ca8eea1b50124e7e62 |
| SHA1 | 97f15cb73feeaaa91ce4eba970daf2b8b32fb051 |
| SHA256 | e3094c42b536dd6860e4be688366d1c80b7762181cf1fd2c427ba1c5a185f2e9 |
| SHA512 | d51af7c399c8d3bf7796f4ccf7350fa681146b753fa172fd7a05209d55b27675e83ec7b174f31cf34f7cf7d8778e8727a48e1e299f7fc759952cb08611461121 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c88536b64ca243b1c5130640a331a75 |
| SHA1 | 782d9141bfdc689018731fb465ac4e792bc046ca |
| SHA256 | 12c3063153b00036e76fb7fe60203ec457edd4d710e09ecaadec428e9aee5073 |
| SHA512 | a1846141e131750e7965775499bba1108b537dad64e6872d6a31ddf065b2bda7a63fc27dc163f34ea1ee3ffecd6cac97b1bdb585b5867565449515422f188f5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cda2c677b1617c9801704f31dde0dde0 |
| SHA1 | 1e0dde0fee91e072c7bc6095644641544050b8ab |
| SHA256 | e50e25b43a1d21922ba91ab3c9f7fc172d749133a3ce553ba4d8d9b8daa983f6 |
| SHA512 | 291b73c10608b6c7f263bd0c0e535e4c6f1137a7b33ed0fe41b40c6829afe421d7eb58f6bc99ac07540f10574d2472e4b157daf21330a0e1fcddacf6ab2d0b78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4fd4dc83bce19b900ba1d9777f3237b |
| SHA1 | c26b7f5e133801dd2930dc67ef97515cf8ac2e16 |
| SHA256 | 6dfed60d430a5a7a0054884c9164a139d9c17d0a6fe3058c209cab11891be63c |
| SHA512 | 611f928c245bef5bd55fb34df4a78c05c85cd38845c997ed7898ee28bc402f2f04fe81056a4df9b492b2545a39ee9b7116da6de00923dfb02eab30f4a950fb06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b04c24a97c9c229b1913f560f6ffe949 |
| SHA1 | 93000fb336f6322b2e16c758707dfa7b52716621 |
| SHA256 | 1be3bd456ee2c60b7154f158caf940948725868679198362239261d1fdb83ccd |
| SHA512 | 64de120170e3cbce7e629bf794d0604ac9d865904e9e6683d354493a91fc8dd74ba76c1460e13c4286100cf59d9dd061c5c930b87aa53d4d773d9ee8dd1c2e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19cf0b1d5fea41d45404b7301332e9cf |
| SHA1 | c19d9d2913f5c243d7096a6540ed597f828979c3 |
| SHA256 | 4e8c1f78d403d65e1e0f9991e7691e41f07340583950bdab8716429523d7d094 |
| SHA512 | 0a79b356e58a477a61e7c6d6adae642266242e52e661cc4ef5f996e911aa7fc5fa4120968ef7a5f045bc14986dd32df5fdfbb2bcbfc458e4f843eae12488facf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3215fe20f2e53b5d81efa6f7caad19b |
| SHA1 | 14b6adacd1c60064fab33b887a19110a03746a5e |
| SHA256 | 60031b85d9c826d34c4d089e1de21b9081dd7cf0770731ff6ca629efe5bf303d |
| SHA512 | 02f7c4b9c230658c4480f2ae560018c5f819e561cc28717169d74cea5ce922c0ad19a26442b1f083b30e1129098de7d9e17d9242dd0418965b16ca7aea113f74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 532720c07168c66fb741251339552e1d |
| SHA1 | c47bda7127a6c27f993499df2b37460fd98cc773 |
| SHA256 | d38696f2e9b0d5daca4d53773511880b7f2b19600a99774bbc47631a5a974278 |
| SHA512 | 53b7d44aefa0db24a4505375eff956134ecabedd8c6c258ab7955c300455a5fc111c65a42e0c4d8f0f8585b7fe95336a9a903b0522f56efa3eebec201602ede4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:27
Reported
2024-06-13 09:29
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d8416b6298a499b26bab402b2270ca_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9053046f8,0x7ff905304708,0x7ff905304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,9010964336924977585,12636464598484653432,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.transformacja.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.transformacja.net | udp |
| US | 8.8.8.8:53 | www.transformacja.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4724_OEVJWUPNXXNCFOPP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03074b88b50ffc37c9ee363ce7619d17 |
| SHA1 | 3c9544ea22b9fc04d16ab24e6894d9cdb4991f4c |
| SHA256 | 14803b1cdcbe97d971d96529cc6bdb33878125306c8cb3ec76a2446911c8c5e2 |
| SHA512 | c63d21df7de862c4cf2de90768ed61e92b794b8d76a63f055ec953b4877e02d9728d49ce7180aa309ac15b122d8e1fb1a887443990bf5152bafd0c3f0b8c9c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bbd7044b67730b7904edf472768db5ac |
| SHA1 | 9c88cbdfb58c4c8259b1e30bcd7427e1528ccf05 |
| SHA256 | 430490fc0489d13cddbdd96843d0dfd82ea0cc5dd5423b78ef436841a288b065 |
| SHA512 | 85c7e1cb38ec9f224ade80d40ec7d45fcccb85b09674600bb3ad4b61b7f8e9bc98dad531c80640f3adabd4cf40961cba9e32b18d885897721251869219711f1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0cf603595b41ccf12602f176f63defe |
| SHA1 | 8734105a22ea391c82ccaefc47754d624087fea6 |
| SHA256 | b52666d6f8b179b544fd43abd94ff26d982cab39322753e1634d4be001671a29 |
| SHA512 | 97a9e9eef27d19b1fd60bbcc667d76f6fc30727d17121bc65c7adccb53a955d42a321849c35ea6d4a5b126b660852b617b7ddf54d5ad0b9466e4183b2b4cbea4 |