Analysis Overview
SHA256
5900bff01b9ab09b3e97549e04c7baba9b7b6c34a7a0118dc7d9c00789671cae
Threat Level: No (potentially) malicious behavior was detected
The file a4eaf57e53032e815406108f7c117a23_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:49
Platform
win7-20240220-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908636a776bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001dbaa1628111445953e6b30a0c54d51000000000200000000001066000000010000200000007b170e94c18eb1de493835e070affca964b503c9caaa2a24f50d36ea937b04d2000000000e8000000002000020000000aa7e0778dc43689e2260cce0bad166d011dd41ad03d1306796aa6f54a6a29e0f20000000b9b6f91c56a723ef336f4383dbf75f2cf6518d11b9cbcb97f2ecdeb38a61f31440000000286aaa5f6b7551c5b0f4e03a304265d2a0f2bf844887db9a56ab702ea2851998460b42ad48d370384f46e715a42c3b3ccf6bd200f2132a143f5aa9c5146a3a16 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001dbaa1628111445953e6b30a0c54d51000000000200000000001066000000010000200000005423a984fe5df58e8a21c6b6dc445aa243e8c354ca21e2884fab0ec8dad29912000000000e80000000020000200000008f3a0127be44eea190105f9bae8f25ed014b4873037c560a7cf4c1a923283a3390000000dab350006f834f32f011fcaeedf7ef1c4c7cc31b3bb3af7441851e74e2e748063c0ad9deaa53b90f3b625f3ad06af4dee5a9e52e7a0ff2d7bc0225746256d6d87b2958a1f9c8d5cc76b1588e053984ddb447b2d90137ffcb047c21480ce1e28c613631d21739e83d8ea8dc60136abfbe2c115f75dee585c33d862d8087ef3e46ac0e70b299e4ca3838bf03d0b9a63bac4000000099fb70e675f6df70937816c25c43f9a18b7c93fae5aab648435d4e67e4b18b8ce296f4d438c9f84e8bd4cd2f22aee2ab007636bab52e81e22085d2a718df6955 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433863" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D29DF1B1-2969-11EF-A1AD-46837A41B3D6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2792 wrote to memory of 1748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 1748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 1748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 1748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eaf57e53032e815406108f7c117a23_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 425-diet.workfatburnaccepting.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2243.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2353.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a5e7b72767c24282e026da51f1fd1e6 |
| SHA1 | 40cb545405f2684d68ec5931e916293d8a1d9696 |
| SHA256 | f9b22df1a688c1347df76d7ad117a47e7067782132e2aa3aaef7f1468fb29230 |
| SHA512 | a043d0a6872bf6e7e17bbe5d3c31ad006047cb8c4b4850755a050756bd5d105d28cfa006a5f99e71b9e831931ea50e491709e60007fbf745042f11cbe8717023 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3850512e64553249462805356657c8e1 |
| SHA1 | d863375048dc6768bd6df657b51be81a3c264d24 |
| SHA256 | c0f58ea58abc59d5a2a7539a35be4c22a93b0ae6a30fa702622673005d097d2b |
| SHA512 | e8fc00c622258bc06aea5148ed4b976b1135e8da2cb56db3881d64010017573808b726bbf03f81bf2b5c79630d88731e5a5916b86f7c3fd3fc392c7ead277428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caeb2dd7ac5f277accfa1e7b00974e8b |
| SHA1 | 8f2d51e534b2206e860480157e3379ed6a0ded03 |
| SHA256 | 22ba7d47891e20c84635ed412acf04b7b99d8effa2f0f9d9dde378952f0de809 |
| SHA512 | b261136c5df46cdae95ad9a1d4e3feff0685b7dcec08714f2c5dafb99ebc17db96675ca6d01869665bc0e1b2ae2f399e7ed7692c5b6d163153a1ab074d175f63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b23beb1abc5b2e35d9d023c6fbbae115 |
| SHA1 | 7c82524ed0db6368cad209ce663a1ef1a1cfd18e |
| SHA256 | 526e1128badd0fcd5ba54377c29c3230d13092c53d1ae49e1b661e1b91ccb324 |
| SHA512 | 180f275e545b78efac320ced7d2ee02867ff8fd8eb171aa4ba66a81f7c0e57fa3aea865ad5940712cfdccd3dd14162e8838a106ce849cbeb9a81d6b255b90b0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1344e632f1d50f72cd8dbfffbbf10ab |
| SHA1 | bc1de2f5b7c4f582a2314a667708d9c900408696 |
| SHA256 | 6c49e2f85fd97f6b9556eb53a9dfced85e94d1b8908e45591953a2f0b28a9d1a |
| SHA512 | 2cb26a6cc8f9c49dd59b3ba4f9f7dac5711c5e5f865ea52e6007d442ae618f23ed1021457918799f26028c2ed5c8c864c9643368de918225e8fdb678f66f5eb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b0143a2f5c11698d0553281c20b6ad0 |
| SHA1 | 5cc2a1067196514bdd64b743675a7d65f27b1d99 |
| SHA256 | f7e6cc49932d0a0b78df28a779779b723a270b8358539a1cd7eae068d2c7652f |
| SHA512 | c65498f0a9efa5ff36bad70025ebe5dadc8d1b1e4d071699ed2040a100646d2580d9e75f886e7294838b2920eb510087e5400396a25559813b135e1a9f27d656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4767545706017d9f6ca99fb3c3c0b69a |
| SHA1 | 6e164472b0865d03a51b3a3f8ed9b22fe21a3a98 |
| SHA256 | e5584e1cc7320517b558e5c17cd5fc115d706f94e7ca3b9980345417533a86c9 |
| SHA512 | 97450f50d6ce5c30ff04889ab1754299bfdec585764ecb0cbd20272df550446cd2bcdc03803ef748f7ef713eeaa304840a9b85ca7cfe4122bd3f18da17267819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f23b5caa79899a56a4023379ed1cf085 |
| SHA1 | 3ba948e0fa51c588d654bd4b794c59d89a99b0eb |
| SHA256 | df07358e0dcd77e55e04f4ef7513f6fa79e77ed07c3a35c44daf80bcc3a47b96 |
| SHA512 | 9d777eab44d59380a900c5488ba5ca6c8f41c5d08cd4bb21fc63d7309fd56a8b3c015e6f6a7516af2e9dc9a01ffbc72c8c708b24210ee813205ec1121bc6c4ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 000dc2c5b0bbec713e75052c675b631c |
| SHA1 | c8b158ff62c77f5b5bcb9c0ac4fcf99fb290fe16 |
| SHA256 | c2223bcb4a062762e0c64723b6c3b402684f608b1bf59ee5e479df449af3cf69 |
| SHA512 | 13ded3c9a797820007a3ec91fba1a5eff14540521093040410662b19316e32f55c21e8855e00acfd75acf743585f447759d9bdd70fe7d2b204bafd8e10c056f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34fcb76b0ef197dfc2dab6a67ef61895 |
| SHA1 | 219d5898055e7910015100366e7779581ed7a63b |
| SHA256 | 28dfe709c29a3f3ca56e4b8746120dbdcace383fc8b52503718ff4224387d20b |
| SHA512 | b82b0b93b9747075925650e8eaba917088c64b6fef8058cd4dee138fa1f2af8a7cc9ff257b59d145b74038aa1449787c461c1cd183ac8c3f46cb1bdc908af639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d5ec3670fdf7619183ef7c583004beb |
| SHA1 | de8c29dff81b9ca9267299e6b7b174a921dad103 |
| SHA256 | 597365b353415aac69119b04b3927aa4509e9ed040c6785ce6e97b38c3ce6608 |
| SHA512 | 82a5a3ea8b82244b61f28c4e0950a3e827ea78d0f21e3beb5a7dc3b73565e7b50141ed03be1dbbb07e58173b9fb94463920a4f69631efae4a46f3e8f68e3e8b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99524156f35647cdba01aefc4e824ca1 |
| SHA1 | 08d9edb85686fb983fc1636224d985f1bd4b4924 |
| SHA256 | 71c9df413e526048b203d7f7269b48c3fd01cd382b0bf7b4b48eb5a122764c97 |
| SHA512 | a8c1f989c817876e31dd86b22374494a74ea9f04b20f3397ce6d7afe1cca9e325fbaff8ce337275c8c0940507a350a127e8e70e02785059dd0074efd2280fdf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d88589fbbd6cfb6a4e95c3574171ce1c |
| SHA1 | 957855a52584f849d877924fd672b79e8fe3c1ae |
| SHA256 | 69d5ed807fe2468ef2b1bf9368702417ecf930e21fff8046e5580964caaa3d4d |
| SHA512 | 00aae88a5f465ab0d90ec064a4dbb93d04ad8280ab988d32fa07f69730980387ec6e22a2222d0e70a02e67ee87b9e794031cd022da5887336c679d9916a568e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecd4d9ab560439b786babaa5be2374cc |
| SHA1 | d780915823b06b4ae71125d50994fc68372ae4e6 |
| SHA256 | abd5bc8a623e98c8bd333fcd27f68aeb2f4288b98f658fdd857f7a4dd44207c0 |
| SHA512 | c09d82ab237545684c974fb0ce94baad0f091a714bfe381bc7a920a330a72c215e9f28ab0b046a4a2549bcb2bd4230bfd3ed010a350d31459c9393af680edfda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f65fa4d2788f3b8a40762b6db344d2f |
| SHA1 | 3cd45e94558585e7a3400fd884c58fa564d26682 |
| SHA256 | 6e97b7b05ea696e6ca81ee3e29a2d13ea31b2f789dce492a4f71fb7670b43ff8 |
| SHA512 | fcfd4e34f9bba46e30641ef02913289739d4ac4bc2b21ba43eb03adcaa6f20da1810f4b9f8fed49d118b892a1330d00929658cba827effd4d4366bdbb75722f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a9545c37d63116611df5a21762770bf |
| SHA1 | 1c9d7a63c1970fb214a40d469897c0ecb5b54da7 |
| SHA256 | f359e18e50f4e27b661e0cea1171f481f7037bac3e10598d6ef13c568ed21a25 |
| SHA512 | c1e580f0228d9064e325f87d3c73c713b2d00e5cf18b82a458ed135a9cd54ab0c910f6355cc1db136f5655db146eebda686ada47fa7058332e1047897331080d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc509380cf756b8befc6cee3d7c9b10 |
| SHA1 | 176f5a5732489f417f48bb4ea0e7df57a6a0d0dd |
| SHA256 | 81fa3a16f7de722541625a291bbdb229e02882ad9f7ffd5da9ac56a51a6b4389 |
| SHA512 | dd8e88469eb580c97e85f46d8143e4a3b157d29e47ea7db4b090de1e8480491f290b21eb93fe7d67c6a56e80bea75e385124de67c7d5f106f0fee8e5a189f735 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f36ad8f2b4186c65656f5e593c21e496 |
| SHA1 | 9645c1be392606d5f2860f635d0143a1fe590b21 |
| SHA256 | d4f396eb65a75b1caa5f2c4d773fd843edcd494bcc15c85733eff5e4d845b0be |
| SHA512 | b04c2aa9d0b711a330a44456ca82fa2bc3bbe2aa3d4a5be09285fc9cf0ca2f43f1e88d9c5ac6d4bd8226f4cac20b299decf80e04dcd2142c9c2a350ae4d574eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cf68f24e81c34992e6b67931cbd12ab |
| SHA1 | 9687d682752a2e3ce71159e14088e60a9d85daf8 |
| SHA256 | f93ff56daa469ac9bfbb796ae8e99a352b87ac2ae0f6060639d1f7d7815a4d60 |
| SHA512 | b79d948b0a781af11ca778a2e7345cab64b3d15d4f8c47c490513c6df8608a83cd11c54867a6b9e868e7d3da12a2670b4b8ec9ea6938844b8f7fba6e5c4527c5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:49
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eaf57e53032e815406108f7c117a23_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a8ac46f8,0x7ff9a8ac4708,0x7ff9a8ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,15780020713507206805,8368400690810787306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 425-diet.workfatburnaccepting.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 425-diet.workfatburnaccepting.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 425-diet.workfatburnaccepting.com | udp |
| US | 8.8.8.8:53 | 425-diet.workfatburnaccepting.com | udp |
| US | 8.8.8.8:53 | 425-diet.workfatburnaccepting.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2144_JGKGWSJIORGYEZJJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b946169217fd23add7d88842383450b |
| SHA1 | 1c048074a885c60be4f587de7f1d63be5d2d8694 |
| SHA256 | e04a71b6c6bad0d360a6edec55e2b5c9309a4b66045fed14e94c496a6f4bd48c |
| SHA512 | 5d31254966e398482534f885f684298217ea60c5738b07f89f42c5c213d91c589604401b5ccf1c0c30ab162235bd105a0b153b823ad29b32ea0c5c4085ab11b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4d4bd4b4a8660d3334f851f5c482b69 |
| SHA1 | af4fb6f1943a05a0e7cac68a4a2c911088570d58 |
| SHA256 | 1b010e89fe249f4e9928af7a51904672eb69f5523b382793d183250d225388a7 |
| SHA512 | b9b186440f3697996f60607bcfdbed6c5e53394440534ed2011ad5af3cf3fa753bebb49cba0e1bf632bae1b93ef8cce491cbf8951a186b2539974ed5b5500f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a06fbdd75fb7a10eca1010afdb24821 |
| SHA1 | b06f531abfa96403de1a8d808623d89ccd2d9198 |
| SHA256 | eb4426d2ec044a0a06beb70e9b11ab9926c64170ab5483f9335bb55cf301de9f |
| SHA512 | 956a34622a34b16eb03b53bd3d4353628bb5b794901f23ee6a037ed9bab0e949c95ce62aea79bdf6303452425a949028075509812d0ef1851aabcc0a6bb92dee |