Analysis Overview
SHA256
39f2347e8c49663189250f1e5b4abb82ec9352ad2eba6fd8af63263f89f2562d
Threat Level: No (potentially) malicious behavior was detected
The file a4ea086a1fe11d136d71db98d7275091_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:48
Platform
win7-20231129-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001d0e17d82354f244bbe0d24bdc05b60f00000000020000000000106600000001000020000000e1c0cf3c46f088a1c81cf2361900caab3bf6b203136a9ce9fbc47f64d17ae3e2000000000e8000000002000020000000c18f52ed7cfaec86a7bc5e7df45a9eb2e51be0ad8381a7392b8c64b0229581fa2000000070c8739df984946be427a050c6dfe94e7fab64981149e882c26e1317a113bfc740000000a32df1add5754f3e407dd38f813d3e21adb84bbb2082f86efe6a080345a92d1d40ffd7cb6ad2afc57f314cd323c4bbb4e5770ae56a04dfd0e02ad34c8e27af2f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4CAC821-2969-11EF-8857-46361BFF2467} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001d0e17d82354f244bbe0d24bdc05b60f00000000020000000000106600000001000020000000c0afd7a92f22a4f6e2ddce60a7341ca35378d8f0c7b531a33e99d97a8260f025000000000e8000000002000020000000678bab9cc9311ac7dbdaff68a6a30fad4be0571f66e0385bb396b1ce03a64b6b900000005146711a3f1804d8d673873da1da7baf5c379ea285edaabd7aee69037273baec45758f9271d3139256fe4ebbff93a49a9825c5bad98700c3a46c766445fc9929c1d26b2e39f930b3e2629687cf045dee849e3d4881a6da402b13249ae91ba7912683cb29672741ddda351da578f773c7ebe8e79c26811da6dfce5db35afb78f7725ca6ec75fb15bde5f58fc06869f272400000008081e1f591c7eb3e7114a235728facb8e6a94e02191ee00b6881e9717b7f81b66ac3eb3b3db7f5e3c4bb58d0252e4d182d9b647aa032f5176465a1318dd702e1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433812" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0a6598b76bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2884 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2884 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2884 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2884 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ea086a1fe11d136d71db98d7275091_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| BE | 88.221.83.225:80 | www.bing.com | tcp |
| BE | 88.221.83.225:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JV3JMQV\ae111d25cbb9b2d7293e8bdb2fcfe8b3[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\Local\Temp\CabD4A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD5E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b61355a208a69a298fd72a7e2732822b |
| SHA1 | 0bfbaab7979d858151d52549c08b3bdd8fd9e273 |
| SHA256 | 763fc642e0e0754d9744a098e0e63c8d0d0370785fe62848a1c8234c2da80def |
| SHA512 | b9bc949baf995264bb05d5263ea698d18d28106a523c26ca4cf41b9fddb681415bb7ddfd786a46a96a7f7ff39d7aad0e5614d742e8b80e04b7704c92c2c870ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 6399946c7a6f12dfd722fb62ddd8d0df |
| SHA1 | 952d25d21895641499a9024f589a80507c8298d0 |
| SHA256 | 89e3602fa0bcc72d17c3c9d819cc1d631ce06304988b32b799dd06f87c111253 |
| SHA512 | 70b50a857068e9e0e703e843740db6dc6b5dcafd5c76b31afe653f4190eca6e7a2c87995b606fbb4d10e9d0ae0babb254943ae7bb261f5d314cd5a411db6b669 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9ce0504a68edab7eb6765057bc99c33e |
| SHA1 | 4dc386c6090e24fc482c1d251ac52d3460d52c51 |
| SHA256 | 22178b52b17a2c99c22dac0cae00ffd6c69f5c2fc175151e54f1e100f7ea2228 |
| SHA512 | f0660d68945fc37bac924624f8b61f9535def5acf869920c14ff9ad89322fbf9aee77bc81a8b4f6e05d6c5f546128b566a273bdaf9e92b5d85e27b05caf1670b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75b5ce37fc6784c17da8a784b7e7aabc |
| SHA1 | 91dac5ded4f54c999cabb2c698126025f126727d |
| SHA256 | 1ad24036fc74751560fcca4fc6d86e2a643c309eaac09a470aa691c54162ad18 |
| SHA512 | 1b0417ca72600a1410d26296eb4cfb9aec02f56370ad65fde9850deee4fe57ddc3ebfc80b37269991c16d4e70428b2300b5670bae3cd5bcced97d1629c5835c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8a1f1ef796c670ce1faf6ff8e73810bf |
| SHA1 | 06301d52c84059429f53e6ded702671587aaa054 |
| SHA256 | 33ca59a0bfe9c4458ab77bc4008b650047c548032c681ab3dd8abd5944303a16 |
| SHA512 | cd94ca7e96f896071570859287cc99907373c7853e6d14b124b960f9755a47189d8dcaf37daa8ebd48f2a9dd4090618fb5b910ca8bbd8c159e56b073d9f267a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9566b040593adfca3bc7e5c1d935cc21 |
| SHA1 | d48e8e6a7a3782e2a7da5cd3e2535bc42f05efde |
| SHA256 | 2e2352ba326c39e63bd701b03c182c62f9a3a26c9d23f8bd9a95bcc72946c29e |
| SHA512 | add9cce054b1344bc7460d255f105b929095223dfa619b44b2c44c3b052de1b8b7f34e492ae49b4a14cf3cb81a4423115608b1570bb18e689bdc22d4ad4dda23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74aa39873e40a39f4c9f1bd28edfe904 |
| SHA1 | c2f43d3f903e69a73e471a9cb1f967848b9c3f5c |
| SHA256 | f5869bc4ee703961020d72928cb115adc3eda01dbc8b95eec2e495bcd98e25d5 |
| SHA512 | 8e115502872fc731f850280bd6b7174bad131bde3aca4045ff23919e27029ec4bc3578a409417ed8caf580e420ea04f98d8b61f617511330c3a25a68490bf14f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 5d11f6fed708b3cfd11c8153bd7ae5ff |
| SHA1 | 632248fa9899b35e246ff1d66253cc459a4234cb |
| SHA256 | 5b696c9d9f73e33a2f28a4e0c9800035c4d24edec09a47b6d242939cadac6688 |
| SHA512 | c2635881ac1aace2e868840ee9ac732a1802262dc28c176f87298866e810a34869fe25632a4ff90b1c300ad92fcdc44181a87d72d201248263f21f0ef4640793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1bc0aa0b07607d9635df0d9da1a7889 |
| SHA1 | 2ed9f34207d6ad34f7c167febf9515e35344f139 |
| SHA256 | cdd59c4de77009be2d86c6d8b38a3012f10b60fa17603793b7b0b440ac5191f6 |
| SHA512 | 98e3b8bf339a65448652e33e8479f6de8791ea559765ed2a7c748016b164cc35e38b2bb827d85be5299a37aecf4fa21e4359ce7514265753f80b19d818ce75fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 379126f02ef281ef0efc5a76d3775fc9 |
| SHA1 | 8da7795edeee480e78659871be090c69c8f7731f |
| SHA256 | c77650be4f69962369f7f2e0664bb5b27d5632feeebbd5cfbadd004cf74a9670 |
| SHA512 | 49b0c04d201f0257f8f0a0dfafc4e5e570401270697704d7cd4b2cd65a721a24526fe9c6817c440c67be1d00f6ea7a0528ea3f4682b4a9245f3ad33255756023 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | fa853f0fe5d985d0c166dcf8a3caa8ad |
| SHA1 | 93e893f2cfebb64a6e4b3b63856c5f544c0e9798 |
| SHA256 | 74148c3b931693d1b50e6f56d8fc03592ea30663c42204cf20349a571aa772e4 |
| SHA512 | 6ae905a499b8f3ba0061fbd9ec74c4806028c65a4d33576438d1f1dec1b7e67386b58ae68cbb592399dc9c6b806dc3892c78bfa1b6383f3e62e448d3aeffde55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b669d14700965650c3790761ab8157b |
| SHA1 | 5d9f055ac80ed445bad92fae339e7e315e314fa1 |
| SHA256 | 6b698ca6514a83fe4ad530946fae654f832dc376bcbdef2481ff0ba35f020e52 |
| SHA512 | f6bbef95c03828791b29177bb53ef994c259ec397c185d01685e9e1625d2101ddc8b366bee8191a0a11d81efaed7eb6d57f96364b7ad2e4e1a06452f31afe1e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cacc17b0850fb9c159bb099c682bfdac |
| SHA1 | c8f5f03c76b6a2671e559da8c16522bea317f343 |
| SHA256 | 763676cda18154b480d4d978bbb8fbd442181a3f2fad3e3bf05aedfed77ee294 |
| SHA512 | 02a98a243d5d1e4f9b1d2a52c50bb9a81001e083535a7da1e5353e62d19c0b32eb11f36742750295f4bc031497d65abd94a0a68a72bdfa854a08cb111318a715 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdfae4966247c7626413666ad28deebf |
| SHA1 | d81a90fcbe001e0f4be660366c7820090629b391 |
| SHA256 | d6cd9528a7543765cb03a89f2ca74e5e0250f28af321598d40166c1dee2be2e4 |
| SHA512 | 4ff1c4d770a8756f3672f21148b2f7018a258416180ab06eabfb295b5bf0e9e0bef5546c3738fcc176d246f11aa7389f5117ed1a0453663bbf0433337369a9e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd7094d3171cb42f50d32b3f5ba99fa4 |
| SHA1 | 603d7e77bb64a1da0ef82f728c2264edefc9fb34 |
| SHA256 | 40d075da4d4bce5df068acf06e133117bd281f307b1ea7ea2630d8ce294535fd |
| SHA512 | 34d1b8bcf8781d17dedbc21bb3b7dd5ba9776e57e650c6144393761f016addd838d67bac158332938614c1d5cbae4c38ff80cc7499f28470818602ed5d9039cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cdcf8d6489d7a3adc09d33e95f7cf82 |
| SHA1 | bf01f54d1fb12f2fbd581e4b86fb8a5fa98b8dfc |
| SHA256 | aa653c02cd2f3c5001d566b666f3f27eea5c62976113a2c0eb182cd2c50f06af |
| SHA512 | eed65807dcb180e034b03205b7196aceb8adfd390b2a74a7f05c186e0cbe753c7e1768d3a027300121cd8cb0c5670d540d4eacaf6779afd8e0a12ea47b450000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eba8516c38aaac11080a1f32341d9d88 |
| SHA1 | f2ec0a9799c01176994f7775318e028623372c33 |
| SHA256 | 614e7adec2b7b7b3a2605e73ecc5ae065f099ef1ddd962df96132f745ace74e0 |
| SHA512 | ae7e328353e6a427414e17fca3a6a093b38500902e9c471fa25971ad4d70d6016fc09f176e47aa10104ba4705bf8f1a9c998d5585fa48e92286aa256e66e48a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3528ad3f9d7d9e015e2fe2f87cab41ce |
| SHA1 | 8b5ce94e76dbd2f10c0190573f6e5a4841f40830 |
| SHA256 | f24281a8e12065a1006b1cf55ac7d87541f3ca1321c6f9835ee124610643b7be |
| SHA512 | a2338e7914cef08ccb81f78fab2e2376afd9a10afc2c448ddd8f00843eea7d564fb203c3d6b6dbd205a47aa4f052b1a4f5edb1c04b5e102295812c4df9664c85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c292ad2fb751c16a00489cd35ddf242f |
| SHA1 | b0b684293c6f3c9c4a77b7acc658e88951585ff8 |
| SHA256 | 1402120d55a1a3b38045080ff2d2fe6347ba3419d659d7f46e3aad46bdc50609 |
| SHA512 | 0b47a68dbbddf7655d34995f058f65addec34cea4d408954e32476acc465d8f0e8844f844ffb79b70ebe62e52319287df0c842efa5a52c03db4350670c7a87fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9a39e771691cee2395483d652e222c0 |
| SHA1 | 49a2dd7414898d71ca3b8c59bbdb59215d3f5177 |
| SHA256 | 90a0f64171930bb53ec8b5b006b17c0fe9dd2ee236759145567822259f9d4459 |
| SHA512 | 8d35ba2876c2a73d3d25312b3628b29f8de572b42fcad842760f10e35224367cd4a1a28c19ee0bc471ad784c9388611b889dbc6c42cfdba7ba2e6a18ddca42e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c76a3dfed469edb3a8344e7b0c3cd416 |
| SHA1 | 77ef1aca1c9383c1e1b770ea904bfa1d3116bf81 |
| SHA256 | c8dc9060e277773515e3f4a8ab9f9947331c2fdadf0138d0b4a52761ffa28253 |
| SHA512 | 77bb695e36d36b50d980c34501ae1a6608deea3955a941f5cb50e01a6b5b148dc5975cf47cc402d8040bd6bc6566c55e9b11aeb454911ffa116e1b2006bd24d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7af1b2795667bbfa5008825c36cd2a9 |
| SHA1 | 8927dd7b309d7f22968ec9675fc2941a84e51d52 |
| SHA256 | 2499f23ab8912694774a59c8203f477254b28c2d6e4a3a193e47a64faac7b64c |
| SHA512 | 8be105f1d6259e61c8e2aa3dceff9a90b3a8191e9459f1eff9584de671e8b4285da1d2625dfeed8060dcf48c71e1176a161eb2ed28cb2c0017413370ab03fe34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cf166d85c622f25f108918b17c6fb37 |
| SHA1 | 04f9357d711fadfb2721e7b7f72d569a4e66098b |
| SHA256 | 760ce702cab249b3b6449e92997cdea859a80431c5a5792975171f952956844f |
| SHA512 | b6e9e50901139bdc236ec2ea6d870c6b9f324be049891e4a1cb5d3c872011eb0000f7a11d74ff8bb7d53fb54b2295e7efc0512202ba9284440d0673b4f14fae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4985daeaf153759d895b7d261f4c723e |
| SHA1 | 9d9d93e461ddc4a411f7634f5d310e465c8ea424 |
| SHA256 | eaf08e7c3762386051592d1344e74e3e731bba2163fa2176998702278a694eaf |
| SHA512 | bb35e83f154e8ebade0ad8545c0802ad6402c588905fda2c40cf8f10993cc26d707a9088b0637b823e8980ea2e900bed1892f3722a83cec4d93afbd1fee12cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1c67bf8c9f303311c176a6a4058258d |
| SHA1 | e111fb950f25315aa9278f2f0ba1cadd3588875d |
| SHA256 | cc52be7eda5b960adc6c6fea607f11af062d04212ae23d7a744fe27a3904c8b0 |
| SHA512 | e28714307849d5fdfeed1fea10250920dd773d02c0813783265f04b74df3134d255313d3bc644d9299f1d908b37cad697b449e711e9415cfd67adaee75e3ea26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d2347ac9d8642a1264542a1fcd7c9ba |
| SHA1 | da56aafec7307080320173344796f623406da6ef |
| SHA256 | c6a0e5e4b75c3ada400b2f423688bdd2688ec23f37100236eacd520a7f8ccd4f |
| SHA512 | c2f825566c3910e3190af4ec903469ca9f3b1186c40d6b5671df96c83d6f024f2733931a5c306a2e72782e8e68c03eed18827aee094e3bcc08ca98a2d6366cb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61741d6f766b1f1463775bc32a76dc50 |
| SHA1 | 55e8dce4fe71ac4a6820e5b3656989bcb11be6d6 |
| SHA256 | f9d4ffae175b4a51cd31bc30fb5131c54c0355915372c3348d11f599f506bc25 |
| SHA512 | 5a9f926ef82edd37139ae06adf5bdff91d10fb13e0c231c1f5d773c4402ab7e9ffc7caa57e8e2fd7052aca2946420f679b8acf522ae6f2d1978343c4d9e91e4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cfef034f94677cdd973cb7530fd51e0 |
| SHA1 | 6895e21a5812f6bcdb657c752a39bc0635aef6ee |
| SHA256 | a4543c07e6c02a9da1c08ebaa5a3327d32bafcc63255e78e27a35a94e349925e |
| SHA512 | 9801d9fe6daf7eb36ee722c392f0a7f9cce17308f70f76dc9918ca01070986565edfe530430d22c8b6bd8f855825263b1740fd8cf3d7d70319a68daf49776c2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95076dd68e0fcb728dc5e77b5c6b9646 |
| SHA1 | b0869cfd22d187a7c0e88b85b14b9c5f6fe4aa95 |
| SHA256 | 2b872a694a38ca2275c6a2ff900210e2045af98bc2da7ad9bbf9c69b711fc812 |
| SHA512 | 89c0dba921cef9efe4e9f537b9100cb4786dc8ac664f01ecb0def26f65979625848a2be8241a257a1db8c1bdfb0239f96dd14596a88cc99b096e3965f28f14b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83703c6d926c4784dbc0bdbe38f040d0 |
| SHA1 | 9cd3b2254c436266b3075f5caabc9380226df1d3 |
| SHA256 | 390ff513da77b0253904cab7a7aa24793f5111fb2f237a9a65dd13aaf87dcb0f |
| SHA512 | 57da0b459f2b45041a4c146a9c3408a454222c58b116aa7d16dc3a6410d2387be3d8378cb29ec7bfb45fb8560076338cc9d57f2cbbb9c42f554a90cdfb114bfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 012bb40e80cfea50d522f3a33e249bad |
| SHA1 | 3ec4e99a868a8f5984a2b0a08cb26d4c901e04da |
| SHA256 | 21a2a1c3ecb0bb3c496a9f7f2b6dcce3ec014b226a66a8c8cc48977e8ae3357a |
| SHA512 | 426cd889f0cdc1818dbfeab7939303221cbc1086f6275ea35aa8631d4573c3f8bed644f5e0157a93fc72438829a0d6c0f2184a3dd7b6b60db882b69c10594df7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb2c696949647d6482c76e023a0aed37 |
| SHA1 | 8487495a699cdfabf4f439aa4c7aeeeeb537d9f1 |
| SHA256 | e8d10d499d095f8e4d14d93a1487ee90844e3abddba7739643e53da2ff84cfb8 |
| SHA512 | 835c88b631096ab2948b3c3586f4a73092b3182536697458b4e9907f9aaf94cd150ecd1e49350635f42a523bfc99c1e58078b5ceba68f930e4952d89ac39e871 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:48
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ea086a1fe11d136d71db98d7275091_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8342861990352381868,14002095702993062705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4608_OWWLYUPJOTMWQZOL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7a8599b42c955231d077cadd641c8ce |
| SHA1 | 78282c844a7edab6c60e5e12a9a1114223f6e0e0 |
| SHA256 | 43befb3d7f5ded5086587e01bf494f27c13ef370e76854732028a5dd2da3d84f |
| SHA512 | 38be8b74744024ffb7688ba56d46b939908601c9ac31966f6f806d94bb8b8ad1ba4a562d93a9d8c173212119775d0a7110a14cfc094cc89c7b139ffad8bba75f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bf560e390b7c3db0204177f01dbca1b6 |
| SHA1 | 0cde0bd6e5efad878349a0eb1ba6683f1a1b742f |
| SHA256 | e08f181c1291d4ccb7fba3749ca3febb9d9ba81a963c7a132affea71238353e5 |
| SHA512 | f06208582943dd8c5e170eacaae73965ab4bc084f1ba97d27d1755205cacca43220e81e06aa881333692875b5e6ee74ae10f710a5cfc6ad009c07cec0a48b760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45f0edeb1ab219e87839e3d4190d721c |
| SHA1 | bd8c565bad9aefb59a3d25a69bd7f2ff422822a4 |
| SHA256 | f618abfdc5d926252ad09e6a3b302abe82196b8b59a266579cc59f9bf319110d |
| SHA512 | dd3d2429cb626b2047f0c8415353d1b1193c79e753503417637d0771b857788f48e54f111634112951568cc2e0cfcdc64ab5a239c27478315f1d4319f0b2578e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |