Analysis Overview
SHA256
9d5baa5eb97e3b5c17eff0cd796ae1d95e4ab1d1e31ff54d536f91a1b6146c0f
Threat Level: No (potentially) malicious behavior was detected
The file a4f6e7da4f7dfd6251fcf1595bf2e768_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:59
Reported
2024-06-13 10:01
Platform
win7-20240611-en
Max time kernel
141s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434630" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b5b77578bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000085aa5232716158cc7ba59891df2c3deef8cfa7744ab7918ad5b03abd59d2008d000000000e800000000200002000000001023064db196b680914643e3c315f254934a8acb71c39ec345a412f97ea85b290000000a0f2eefc20b46e01ee274c95d5b73bac5ae43688855d4bfa155448f52b1409c33b0a23c40aa6cd9fa1bb491d35cd592e0b21c7d8396c06536e0096ea0ca1be9e08d6f2cc2a8d920a3e4f4920d72939a5e848a2e51ba689fc626445531c8b2a50d085e0b1d53de31757bec223c509012d4f1243b65f2f9c486f1b9b74827a3dce9c7ceeff3bd2d66c9eddc0c81700f46f40000000a1bc13b1fb8d785f3d023e632a450dcdbc5ea1230de36edd82293ef9876c77c3eeb195e8977ce6a418e097f839db7be87b110e6bb9d9f563611347b29857bdcb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000055e51bd49db0d22e607c775de78c5dceccdd7a6b9adbf1bc73c142e1ed9e76c4000000000e80000000020000200000007d6eb5acc3fc995394cf0125bafae9e0821e6c0d67d29ff690235abc8d9f29d920000000be3e5e10d6cc7e466b0121d48fe3a387e1d8ec0c225544e9f9efc71a1820eeb94000000056d3df1f0502a8b4ff90b4d0b4db338eb87de1ac6ab58b3711a58fcd796138ca04453d700eecb37aa1c5d5c9d5cb0494d6219b18b21c5e729138d7d73868e733 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9BC48DA1-296B-11EF-A43E-62EADBC3072C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4f6e7da4f7dfd6251fcf1595bf2e768_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | karyaprinting.com | udp |
| ID | 103.185.53.51:80 | karyaprinting.com | tcp |
| ID | 103.185.53.51:80 | karyaprinting.com | tcp |
| US | 8.8.8.8:53 | www.karyaprinting.com | udp |
| ID | 103.185.53.51:80 | www.karyaprinting.com | tcp |
| ID | 103.185.53.51:80 | www.karyaprinting.com | tcp |
| ID | 103.185.53.51:80 | www.karyaprinting.com | tcp |
| ID | 103.185.53.51:80 | www.karyaprinting.com | tcp |
| ID | 103.185.53.51:80 | www.karyaprinting.com | tcp |
| ID | 103.185.53.51:80 | www.karyaprinting.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 825b0a890b909d6f905afbd40748a3e9 |
| SHA1 | 72fa58e62196b76c4a79663805516b1869e5cd56 |
| SHA256 | 9a8a5301ab6052977a54946fd30513488a139099b14d80ed9cfe5e65996c3853 |
| SHA512 | a95d3813c1756042da1bd292711c587508029ee172ffe75d5f8e2d50928018249d888ee4cfa5204c831c3cdfba6b19322f23d5c47f1b2855b5ba585847b04ee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 6bb872c9bcacdacf3ce87b60137b0e3e |
| SHA1 | c4357850c253cf1ad29f165537fc6e8405c1d141 |
| SHA256 | 9c234c97723cdc2312dae8c4d5ea5b25a06748ae26cc1b4bf0927c90e4c19ec2 |
| SHA512 | 8b358d93d95ce630d8cdc97c7e181e5e6ebaa88136595d1dade79d30af0947edef5d4df83ff7164a1ea047bf125463a00d212ded1991ae447969941c9a9dbbbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d2dac4d952dd986728c7e7d9d38a634 |
| SHA1 | f4143c43cc85a82c932cf2db8fa83c7a80a2dc79 |
| SHA256 | a687b3e0e2b038c5b6a43c4ad183282f62470d3fa12ea5e89acbe24ffbdf0037 |
| SHA512 | c4ade29bc9ef63f4ba0063dceeef16f14f236c3b60dba1b315d959a2842b5ab9e5bb6417229f7973c8685bba29cada31e54da9b3fc9a33bf5aff7c196ca224f8 |
C:\Users\Admin\AppData\Local\Temp\Cab472F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4732.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4812fbe00f3b57c530d1389af070283a |
| SHA1 | a2f3589e1f5df9b7c6399a0e7477b9f5cef4eafd |
| SHA256 | dc8417acf8502f44395fd280d31888e7b2540826058b1eabeab09b38cf4879e9 |
| SHA512 | 803aa617cd265c93d5cb81bf639101b306791c6d60ae2246dc14e043cdd4f7b7b50efaa7a0b266aa7d3e312c65311e59710975f3f5bea030b9039d5a89ec2143 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6432b1749a93ccc18ebef187d67e54f2 |
| SHA1 | 2d4477e6dbf5949de237ac2fc695487cfe38b723 |
| SHA256 | e05551c505bd9ab217d9237a1f93f41ffeed8599621297d34dcef054cf86aa5e |
| SHA512 | af6b53f36c078f196c13bfb89a25614573fa7b400effea2888ec62a57cc151654e04ff92c63ec7a4adfc7feaebaf655417bfaacfbf7c0e0a24697e13cb329e56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bb001a208d079622e342bec47336b66 |
| SHA1 | efef51121137ba9e18e82451ac59fe54c4b5c512 |
| SHA256 | 83241437549e9623ae0145cc5798e16af5faa10db216817cdc3cca1442595ac7 |
| SHA512 | 74ab4f4f4f3ac1d54f1e4a985e99c731f64bf9df5eb46d3e68aba0074f0bb1116bd54918a288d477d90e1b183a0014094b97db153e16a735b6c819f48e214ae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbccd93538b4f5dc7922e7c88f2f8e22 |
| SHA1 | fe4f5f2f245884b38561cac23c0f6d6b5fb7f6bd |
| SHA256 | 121723dedf13c66543b9395677503f1ee02e7bca6c1643d942ec2c92717f5e0f |
| SHA512 | 9db6f730ef01367b5485c43ed25c056de8a1b3b3d48090793de120b80c594d17bd121b37ed93aa526526c18f8b50565a1016db9839906d51ed7c00e181aa8883 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d708287aeddbdabcd321dc7d3b80755 |
| SHA1 | 994f846e7e9b5cee61c89e92f0eeddb031c05c0c |
| SHA256 | e2391aca994d333cc0104041263c9b694d3c9761c8577cf5c1697c7a24545d84 |
| SHA512 | 38651561803fa17218618397472f8eb3aefcef92d3bcbb6f7f078e0429425b5c8b6b4c8360984c83aeea33518b413ac8c060e88f207e0297ccd8324ac5ba31bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d702f0bf468989b20e69f6a234840df9 |
| SHA1 | ce193b7137437350dc024dced818f6bb3dbbd863 |
| SHA256 | 63ac935fa972408115e15fff5fcbcfae83b9932e8b524558a8e50452830bbe54 |
| SHA512 | ecf76ceb91782ab62cd56942ac3318286ded5d57fa248ea4112b22522b86da9cb2a56e01ade5294f8e09caee240a8ba929c9c02a67bbe97e5fd71b54a219e428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 838c251a8cda26782a3a04119791fac9 |
| SHA1 | a6d93c3d50f4eee80390dbd3a22b73c7f6124909 |
| SHA256 | 6e8f001d57fb41a0c7f572d220e186963f2da35a02b5ee87426f10ba4280c628 |
| SHA512 | 31f5d5af82108262bee9b72132580bf1ad0e5d573636a5275ea6f37468dc1c301c6fc1c547f906f7f8a54b47201bfd2f3db979ce0d2b03f770f91c05ba724da1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4a142c173b2f4c5ca5b85f1de5d2c37 |
| SHA1 | 21eac41a5d0c320acae219f7c155acbbad12c51c |
| SHA256 | fc15977b4adde0f613ef49104803ee7dd86bff9e41d6cef838e4064bafcef134 |
| SHA512 | 7f48e2385205245fc0c34e35b3493367d536fb7e51406e03f9aa822af9e332245bd03e24f6953b035480fd62a5758a65b3909e03171b615bf1ebd888febf81e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1936261e26d6db2c10f790899c0f5ae8 |
| SHA1 | 8d48711b30cdebfd42b082ae532f6ee9ccea244a |
| SHA256 | 288d628b468aa82636207afbd04e0e520a6ebe3c11dbab9fbe4f4433dda6d195 |
| SHA512 | 27da879398e83678382bc667607cbe3b9464a4e26dba99aabb38488277a55a4b5c9b9224a3785f033ff21e091535e78872d169d727e9bcb6ee428a04aa1eb806 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 171ebf2916671b44c1b6fafce7cd3926 |
| SHA1 | 60df5b707670e56d344291aab1b6e9e6bb3b4538 |
| SHA256 | 40c5c9337f1236abb95cede10a6af190cb5f7a337aff64bd53dc63deb3e64b91 |
| SHA512 | 47a8b25ca56e72dfa55b6a08b6cda6afba6a601db412655db090113ed7b05bc9ebb7858684cb992c16a84a6fea0e9611d48ae402746937f4a1484cc89c371f87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e0a34dda2ddd2e9dd47f21d3d3de921 |
| SHA1 | 7c19de880c0e38673914d5ae7978211f170750fd |
| SHA256 | af91fc027d231927770e5b98cd6bf07c2d3c6578fdfd7661c04b42f36020dace |
| SHA512 | 4be925e1fafd67200d06d274995c871ee771fef39c50f791d2618181ef5ccefaa2eff5f522b595751375957381a832786b6b60117b7d333dff9a6a8cb5be5519 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edd6dbccea4ea76b0dcd4c93077e7165 |
| SHA1 | 4a20f2a19eba8106e29d0046548fe69a88d95010 |
| SHA256 | bd8d4acd3aaee38ecd722f366845c3e5028adc508adcab065f81f41fbf6b45f5 |
| SHA512 | d886e17c2d9c4005921e0f784af0fca44ddba5081a7124f01a782a272ab0222b2bc2fb7e12d2e6dca27a208cc0327d4c669bc6248ebfe59f3c0fb38a8bd8d621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4332bbd6191d57df5d40041152bf555 |
| SHA1 | a670da0735ec5db9f93c85d30d7ba207fb0198bf |
| SHA256 | c9a31e403ba09d9303fbb1cd1cdf3c20ca5c9e9cc92373696966d92460106caf |
| SHA512 | b54b25ec34702056d2892dade30e853f630c3df8d5633bbf400fcd9edcb070d7452bb583067ca4a49fd74a1767677754026100a76a99717306ce59ab6c00652a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a981ddfde3a734abe173a9328aa6a075 |
| SHA1 | 9507dfc2d06b36c5710dc22d1bb678c3cf09966d |
| SHA256 | 13368b6622a659422d684d5fa187ba59bc11de37cd2916cb8437d5db3e4a2dad |
| SHA512 | a6eb11f1ecc447e4551bee2b7e4a7d571d608136f8062d240a017d125a9b49270b1a059b8004b701f423be87a42414789215e8c92cfcce94cbc5d2bf513b26c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0726a74855007cd2e0fce5b7618b1f1 |
| SHA1 | 04d9457c69ec5c6dca6e35b8397bc29ce75616b1 |
| SHA256 | d958a9714e96ab93f1f989f5d1ea40a8a62972e40cd5ed1b928ea946bf87a02c |
| SHA512 | 510e3cb73513f467859afbd13c2988c254a45561cad22f264bf5115a2b51bd0d5315e929a4f11bf77a568027b19897420446540565725b9e81e0d56d4a26077a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ea613a405100466c1dbb1bcfc145a71 |
| SHA1 | aac588e828cf743c8095ff05be2238f4b51eb6a0 |
| SHA256 | 80b7b7d85ef88bbc70d48fb822b5002319c576e67996b7fd13a6d49fa30156b3 |
| SHA512 | 78296b2a0d9061d2649545ee2433a0679689beb315fa967620fb6d398fe4233503dc54c6d0d5375201e53ce5ce9c5c882b67e9a557fc4b154618978a1b3c5c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07aaebb8e031bbcfb5956132404851dd |
| SHA1 | 9346ec7458d264c63d2b39ecf491742590930ca0 |
| SHA256 | fad3bf2e0269491d6420648299336639f8a93aedbd80bf37d6273bbe58ffdd38 |
| SHA512 | e34a3508b96e064a12bc56fa3e37e8f0e92a9299bb1454d41aaafbd8425f02501d432ae0909de5531fea95fb0dc935e6ba51a2a4a06db19f0c32e2b78bb06ad1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:59
Reported
2024-06-13 10:01
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4f6e7da4f7dfd6251fcf1595bf2e768_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08d146f8,0x7ffd08d14708,0x7ffd08d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17185249639767520205,4372889777828874275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | karyaprinting.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2560_JTNHAVHXJCRTDMFJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 030b85e925f6a8a467f0d12a840140ae |
| SHA1 | dd358a0fb72c3a4a005cc5383db5d405604e01e5 |
| SHA256 | 84d1cfb314f2e9f779e8552aed8713111ee68f55052493fa61cc76f79c615492 |
| SHA512 | 16c4a3948351b45689bd3bf98c4a372cedadaec50651f80cf42c50a7a180fb0e2f5e2728b435a3ae273b9258ce05426b16cac81af4da18b1538c97278b254dd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cf4e1855e902ed2129b3dba611f82b64 |
| SHA1 | f777f371153e8d7739c5ac89bd9db491f0f3ac0a |
| SHA256 | b16217abcea209d11ae6bdc73c6c7f80ee5b1ca268c05c66ab4e5e4cdbf97a64 |
| SHA512 | f873e68cf6ef71cb54afae85586ee1a3b41bcd508b5f1867562c2df95af389928688555d980ffd43d21728632cd638ac461ba466664dae0651e32e14086bd684 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cfab7361b089304d9495706c91e8558 |
| SHA1 | b1d0436306a8d2621b91ad743b6d91c0c991d73a |
| SHA256 | d760238ce03607086c3d4a9a793e56ed91ff27627ac405df6986ea0063bb03e3 |
| SHA512 | e8956079882f06dd21a540afc8ff59b849ddf0c64e2ff8674681bfe051edb929b1bb6844dfc3f4828ae9958dd541485d8626fe4e2b30eb248cabab8ea1be5b97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |