Analysis Overview
SHA256
c60490b21aa7f0d66f6ca4bcc8310d303cabe2f7b45443238ceadd8c9aef6e14
Threat Level: No (potentially) malicious behavior was detected
The file a4ef2b71196b35593f64a74012fe5103_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:50
Reported
2024-06-13 09:52
Platform
win7-20240611-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434082" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{551A4D51-296A-11EF-B9E1-7E2A7D203091} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ba472b77bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fc2ea2f6f11a2f39ef8471ab2a5ce953c3a6f391c5184e50e7ab15e230d5a052000000000e8000000002000020000000f12a82633eb8d6cba0948cd17bc6681661b70ad5ac2f87c5cf238d85180e30162000000022cbe0a2b7c5e9d45e120c4b47827e948834777ffd4b320aa5f25d628d385b51400000003d76e7d960f38ee211d56612caef724b5bba5c88ae6b1282bda5296dcac5fadc6f91798011d9e72f67dfe04349f91f3d3b71a7f8f3b3e639a851124bb1b6005f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000056c56010a7d726943972e9796228882b951f75b4dd3e35795c4a5bcc51b0103a000000000e800000000200002000000028393a5b4f80959e10aed4866116c3205d9dbb38195c7403adf55751612adac390000000c568c16a157333124d7dc498408bfbe519c0875014fbf7447e2386f456f16346d756f9c79928a269919b5b55cdbd9a5d186dc0e1c4a3b6ef96f21e93ac0d6cb8f67a95c7bb6eebd1ef28f595d262f6f081e1fa90280f0b92e176296ebb299b04ff5d4ae86f70f538fe82b6ff47db15bc6e561a77815a4c63358c602932bfa63dc37042c71bea2549547546c8d23c3de14000000095e5f053d2b170f31e2f2c7e96ecb4cecb06f1ca2a5e199cbfb607d3be88e6b67d02e64178690ac9c10f8e39765cb1acf1c23299f3993fb2335d62a25b226803 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2488 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2488 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2488 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2488 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ef2b71196b35593f64a74012fe5103_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| FR | 18.164.52.115:80 | w.sharethis.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| FR | 18.164.52.115:80 | w.sharethis.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab284B.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar291D.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1c71b04020bc03c6ea48ffc00dc0bd0 |
| SHA1 | 2ccf42c9f15dcfec7939df7963f8a388cf21061a |
| SHA256 | 0933b6483ea0f049c46d763bb9b02cec0bbfdda06cfa2d8672c4739512507078 |
| SHA512 | d316e575e4aa4ddd940ecd594f09ccaf5adea211ea422a0c6ae9819f827a20aff124199364de8c232b3734e9fa48b9f1d5a93d5efbf6d7730bf8da92665c5a51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1f87f2f0cbe59e6ba924ce6d27e06af |
| SHA1 | 227032eaa8def8e01dd25e092ade45f2c2f4ad27 |
| SHA256 | 91b1c22566906d59af6b019c770f445411f76cf2d3bb17ade2a6799eb68a90fa |
| SHA512 | 74478b6458205c383309cdec1cdafd21c8cf5984e9880298d9cc212b951feb4195e1179747b66ba2d5b870e01db8cea85cf1f8120ba2659adf51196541a58c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10622c2581cdb0cbd7c2d6301c225fa5 |
| SHA1 | b9cc034ce28227ad6256f33b205374adcf4ccceb |
| SHA256 | 37c004472662c113b4c1a3a8925657ea0c76f283c777195ee78bc4f521be908a |
| SHA512 | 0798051863d3ff14bb36433ed5682040762da53a56a385ba90b8cd79d618da82b0671bbed3037fbd2518e059316f31fe0981b408b4fdded6144f743b524df779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fea251b3d6c3359426283e91bb955041 |
| SHA1 | 360134d2ff299e1b6cc0ddba540cb6e6be5d8900 |
| SHA256 | 0d917d543c33b192641088ffdc52d8222cbce2c4d305d6d956fec4d894b18cb3 |
| SHA512 | 9cc5792ce29fb42ae9f0b54a659b13e74d194482151e7b5793b36730b755d5d16fe8911ecc8147bd140a255db16b24189a802cea59b2af6587aaf2f43239ba71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6a9028bf5379c4a09a18fdf399a9750 |
| SHA1 | a7168b060cc9e611a9ca64cb2ec313a6daa4844c |
| SHA256 | 5487729a27bce857167c93ce00f75bd688bc3808391adc594c858312cf26ebfc |
| SHA512 | e5327c690b931b08f596f58202fdbe7c2b8b36915961d213bf71ffc3fbd0531398d596fec98f49e93dfc18e5354fade202e1ade498fa9c889b4370e94c1a073f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01cbb9bceccbd616a1cc7fbaef5e2067 |
| SHA1 | 08ecf8257c0c4a2c98deb084850982ac31532be5 |
| SHA256 | bf0dd0b9600f8162e55d8e040ca6d5f1f7f0d001bce06c6b6fb173af5636971e |
| SHA512 | 15a3441f954467bc6aded35a58f982fcf10cffe9f762a9762d174933623eaf8e094eed9bcd895bdd1faee59768c650b44acece64cbb7cc5928b9d0ad52185320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f10227e7e33992360158288540ece69b |
| SHA1 | 899303c7e42eca28df515fe08883fa5db6e20e92 |
| SHA256 | c72ba79c9f5e8a6e7a0618d51296a5c3cbe8f96d9ba1cedcef8fc253836a64df |
| SHA512 | 707f55fe52b7802d73f1978dc85d37016aafed82b8157cf69156164362eab29cc77c0cfd9830d8e58d4962e994b09a0a7b30b8883519694b67f87f3696e9cffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1acb1174e42e501e4261f18f5ed1c96 |
| SHA1 | c6521ad5196fa02315725b1e7cc3a15ddb650f92 |
| SHA256 | dc22373097c1f0fbcc65241c812d433432991be5498eddc2f0c27c14b78dd713 |
| SHA512 | 83d475512789b3dfb75e5a2173a1f71daf177929b421f80e0db9b1d6276710ececd443676a7a36a3af994c6e7c9928357f9a738fc2b2d6e6ac5c4a039ddb1511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b44cff5e9d90b77bd2fbf5a2983b6ad7 |
| SHA1 | 9b01191455b6ac994470f31b9f4f5646a46d3d98 |
| SHA256 | c764f2b348496484ec11919442495b66bd2dfb0a151dacc0453c97b74fcd22d3 |
| SHA512 | c787422f84452427264584e51f96dc2385859f16ec4a0ab73f52dbc1a4aa2c1322932b47bc9a3e3e72dee701dc0fedf5b182c3aa07fe58dfdb6339f6816c41cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59bda148d345c398d719c0737002fdbe |
| SHA1 | b4cf5cd711894e2570693c4a0bcbff9a8946b396 |
| SHA256 | 41cc0c5bfe978944777f82275d97e23c3247223b69385e16688e3e027438d9d5 |
| SHA512 | fabec1c7cb68e2cd37ec92ae925457efe29d3a08cc0dc469dcb89709abc6542915626d9d2941deffcf8280c1a1d5ffb86fe3d87d2b4e9cf46510f18e55fe6f09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5170930868f5d1914c7882541f70f235 |
| SHA1 | a923e48a603c79c175185f255ea02f30587bf9c7 |
| SHA256 | ddae22a4210c8015b26887bbf5015ee56d2ae239a6476f9a94f1bb7989153083 |
| SHA512 | d430dac0028cb19e092d39584441f60a2c2bc0459f5921a1e9d8203cb20928187abe02b8d6fab365513168c23d09d3839fcbdf972bfdc5c539d496bf1aedce25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e9533955c423a680a35973a8c530e5b |
| SHA1 | 2b3bbdd9e2f1e8d9934f910d5cee7023133759cb |
| SHA256 | 8f43530279907fe8c0ecbc9ed453f6f1672e2800b6a06cab33277dae4545c027 |
| SHA512 | 358d6d894a919c351b97e9f47207d69270776bf7e22ce7b3e54c7834b35216d1c4c21ed081aa016be4811633596e7e69770b3777cb771474ffc256c2f6518cea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4044f19e8d7ab4d53e68541e35d7afb4 |
| SHA1 | cdb5b3981bd64b301966a3951ab889dc08d08ec5 |
| SHA256 | 0cf9d5da07154e6ecbe271415dc667d76f70535a7e534eedce8de4cda29d53e1 |
| SHA512 | c3a00888189b845a03226734151ea89c066ed90e34e9194e8ec2e39638c6a788b2ecda340269bd649d291d0b768ee9fdc58c633f0c700813e34b398ed9662447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f67fe3e649e64c47a409e9d579609e9a |
| SHA1 | b66aaf0f66ee0007633e0368e1c5872f0ae2d9aa |
| SHA256 | e7290a4adb5b2feff9af53989db85bf0dace3e4b7e6c4a1abd448903a7af2925 |
| SHA512 | 8ae0b7e152910d409d5a5f948d84cd4684ffb4d47a4e4962ec1315c2cc5d691a2be6c2e5122126dab270ac860affe1abe7c3a492e3935a780f81745f160b325a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fcea73a468bcb681c74e49dde71d29c |
| SHA1 | 8cf9fc6d5b80a67c4b4716494afa79c6a61f381a |
| SHA256 | 330056268e543505a5d452cf4f19ced54c6a97db359366aef3394b5f7db0530f |
| SHA512 | e05b7d1ff73fe26f3fdf269cff9added057e1fc85aa81168f56c68aa15d2ab34952bc1d68500fec0201880f6126946ce19357fd118b858bc91dbbb27d312d2bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f4e277638a13dcd0fa6696102387b14 |
| SHA1 | a466e7044204b7378586d8a4fa493f6b724afbea |
| SHA256 | 4f626aaf6d146032fab563da7dd58eff7485a5f708beb042f8a418a602da8053 |
| SHA512 | d5a174cbc87140bdccca52eb545d70d5f61328fd128d4cb7f8d134841aa4679770eddea3899b024cdf0dc065e4f5711ce3ed26b83997da6c15c89da22178f30b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef1381f61d215d53aaaa47ec24e004d8 |
| SHA1 | d38821ff63937694eb5e42f1bc2f7be47af7ead0 |
| SHA256 | 7baf2c9cc61d92b236b6c1e2fa0b137594ba3af7de2b0ddc8f43e36ccb316dfc |
| SHA512 | 172c63ee8582933382a48952ea2c71383540f38209a5d6041c30591d06bd979d473dbc63bd0eab4b1dddd73774f9472ddbcf0ba6f0e2c0e306a3038b26151dcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6e36164db54ae7715f43311f6a51a9c |
| SHA1 | 7b39adce49de73621409bb9edf8e41c5d50ac13f |
| SHA256 | c69cd32f4a2880967f5caf6e00869e16eb35596dae6bd7b934efaa60dfb8b501 |
| SHA512 | efc4bfc84f77c5daae5385f4f9488c40354ea937f94f3e95e31bedc1fada28bc03c0342850c843cc788970774592ac14ec971b02a1122280bc7f4feefa6931af |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:50
Reported
2024-06-13 09:52
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ef2b71196b35593f64a74012fe5103_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdb7d346f8,0x7ffdb7d34708,0x7ffdb7d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,9084044088901790872,13362237766103926181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| NL | 52.142.223.178:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1904_SRWREDMWXYIVDOZC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a029b34cd0d26b3807df96e33a6d05e1 |
| SHA1 | 4dfef60dd2648f971ca02e9ab7006c3265f1577b |
| SHA256 | 40d56606fdbc141a0a3708a8c73fec6ee8bee2651fd047e51d65fdfc9b638c77 |
| SHA512 | 8b105f3892b2c6818806249e2641c83af0419290e2f2aa214119801140bf9eefeade706d831e56e545ca41595046ffd173bc24977df9c6b824180b06fbad4e1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7de740341c067be945a2fdd34a5ea981 |
| SHA1 | b5202244569831b7aeffb739fb240d685569d722 |
| SHA256 | 1ec7e929f8323b9c2db043f1a4aefabe5d891844d151fa8c3c4cc0c00f18c04a |
| SHA512 | ccd5ff7ad18998fb20eae6e745fa4fe0dfbd2457dadab0266456fbd98ad45fd18cadb85ac5704e630dbc33aa0deb8506874a601b20ed1fdbb6fecf0e0333e0ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a0df969e5ffb9d00ead42683821cf38 |
| SHA1 | b7e8bda9a97a39014be4c20727d493a52e3f94e9 |
| SHA256 | 2e9782034b5d6aeb7e980eff9f4da849904040a1666966a1272b35143f07224e |
| SHA512 | fb66e95d0353c194a68f4f5a03eeb101cae6c645447c0de0267c47b685d18dd8d7ae6fdecc45cbdae3f61b92ae17a1beae8e263b7a5f83af07e2906823c9bd05 |