Analysis Overview
SHA256
670c749e5b3d469548f0b76b8dd6c0334a9caac3135d79063ab95f611252f08f
Threat Level: No (potentially) malicious behavior was detected
The file a5096557b1538e1f82ada4c0eb7b8a1c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win7-20240611-en
Max time kernel
138s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000007a71e4bbcdb6e41394b12ee58022fc261228149d7bf9d7a94bd89ec671d8577b000000000e800000000200002000000064e942b839777cb32ede48f06abef40d82010197be721372d0a284e2afff726d200000003e843068d6fb01b3140bc7951680574e54bec7bb9474303265c21433d0b9fe77400000000daed35cbeda82ab82651c4763d08948f2a45172a8b028a9effe7bdb947144f32ed1064ca07289b15b9bdafe003c2d25b55392b35414dfabf42e831988d9eac7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000050adee17901e3f3ae4026eb3cde7d7630d80dd77d7744d4fa47169823d815260000000000e8000000002000020000000caecf5029657ad081240a6d95a2dee74fe9f79f552e3b78216987fa47e809b6d900000006c5d4216ee05631736653a67fd646d6828d3922180914ca94a5f4dfa4938fdd1e545748d7bfa19dafc33244c4789d4e9d24608f02178e94a2564acac67da2f1e76f59a73ce15793f5f7f783b5f75eb542f32a175aa4adfd09f8cc4d5e3453b4b32536bb23f12923d4751c9b3e9d549b65ba5ea5a79fc332bf09e6c623da991274296d55551093a01c1ca52638bfd05e140000000435b3cfdb8bd733e1e03c126e375a35a2fd685d9a1646e0b518560b43a3bbba82e3ab65f15498375b0409e798825c33074439560d3661dbd60dd069444ab867d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435660" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01AB5611-296E-11EF-A85D-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0951bd77abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2460 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5096557b1538e1f82ada4c0eb7b8a1c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.usacars.com | udp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| US | 8.8.8.8:53 | i-c.net | udp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3545.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar3608.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5177f75939c137c5cb61225971938c6 |
| SHA1 | ede0476624a82ddae745d470e2333c344e396ee3 |
| SHA256 | f982c5b921de21d8525bce473638e7025826d9637ab9f4907532cd7de6789155 |
| SHA512 | a98a1a64ba6333326a86c15fedb895e2230077621774943f802f96f0dd0489ffac4890e3fb14e72e7dda5463b95ad022205eccfec1bf623a4ea172926a9b5577 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dab5594f6c6c80d3bb39962d836591cf |
| SHA1 | dfa073a1f0cff2b9cb5f0b89f26f42e6f1dd7f42 |
| SHA256 | 4e46d687945f94dbb4b01044ff5cbbbc1a06253b52cdb903ab839015bcd77227 |
| SHA512 | 0ce66802befb460b621a911b7ed3ce8d1f1083b05993817ea2843d76bcbeaf563cd5816009f71f9fa9dbfebc006760579db76473667756731f940ff3444d98e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 574ef7fe92e142bcea40d305d0182b54 |
| SHA1 | d3acfae070482bff1e8329657e10d809042a3c85 |
| SHA256 | 1a4c18b3e215d20837297093c7058d5cd9f040c68db5f1bc8554f6cbe7f57c88 |
| SHA512 | e2e10d6a4f4cec5620ed4b1ec55244b94e4850c597729c1ea7231e1d5dd91117c36ccdbd8afd5b4a2796a43422ad58a17357ca5faadabddc6c0adf0edc2785cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fb93c3f23e96f1e720d8937630ef580 |
| SHA1 | 83e8aa6997d9e1f9ddbdc481aa29974905835486 |
| SHA256 | 0ce58cda95c5d45b1cc1826c68014f6d6ae9a1672e86ae7f6a575263e83ea33e |
| SHA512 | e8de55064f3987872512e50b11f84164da262544dcc691a36e497c849410cefcbf5524b75788e3bbc7cedcee05f094bf2b032aee033d6fcc31a5a579ddb92370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 229cb91e4030dbb860aa44dc1be3f166 |
| SHA1 | e20a43de998e8340606bcaccd2bbee5586655cae |
| SHA256 | ab28add51b02e8ebe11c13de23b8fd08eaed93bc23918c305d70f1d2531fbee8 |
| SHA512 | 84145e6fa9cc5fe5bf7a057e95cd20c1e03aa5af3837a3e15a1eff2a31c1b12ca30bbe6f9993fb0199dc541ba5dafd023478efce0b4f88c6e0a627a65b89673d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f85fadafd12a92ed9f492acb3786d353 |
| SHA1 | 1696668cfea3a6d54a1baf7e5ce1bad56314872f |
| SHA256 | 6bf56060021754539af87e5343d78adf79d20d1d78a407e08e50e5c02cd9d03c |
| SHA512 | 40eeca37695ea04b95c966974414a3239d573c0c18969ba46ffc04f6ebdd0dd182100d3d7d7d3a2dca8a7659d84b18dbd5f9e185a1080a61e857fb64c3a9c5b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc69a6fb69fa9ee0ad86eca127f12f79 |
| SHA1 | 0396968547a45ad3b53d64379f324929024215ac |
| SHA256 | d9e2407c616441f1bdbce7781f9e31f632730b662ec381a5dd9de5ca8db534f0 |
| SHA512 | ce3f15a8905a2570eb69c347ebc9e08c591df841d0f6aa9f4b3cc0a762dfec9cde29ef477b75b8a935490c410ce49ea856091a2f625636a32207638adc6008e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e400fc5b609f87178ba011e97d9f9d8a |
| SHA1 | 8aa39a8c678cac05750f4d999f399033fd251e75 |
| SHA256 | 85293d77542eec0a21cd8dee86ff95e15e68c07009a7cda0d43030898bd09ec7 |
| SHA512 | e4df1c36db06451760fdab6d75840d4021ecd02d471e9a6cc6d6c85fa3dd9a757027565c61e84351cbe38071636e510e11e2362c4f43a48bb740ecd8fbedc5cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c3b198464b9f03c93e27c87ee624c0f |
| SHA1 | 1c66cf8be503f61413c7d8b901d2b28b141e5e2c |
| SHA256 | 5b9bb893298c653a600b42f9c2ab037f9bdb258430c45d15bbba3e226fe6225a |
| SHA512 | 2143b9752f2f0685624c3a890cbd4dadad1abb61faf791fbe89edcd5ed9fb0eb3b5a78635c40f69fc24a80a3659bbcc272c367913849e392fe0c3573823d8dc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b697b2e73630ed1a4c9bce2db7a2f784 |
| SHA1 | 47b6a30249775febb7d98b1f7c74e170e9584add |
| SHA256 | 12a3e753e0fa5ff6069f5de7399a1bfac6190951442ad755a3b8322885033bb0 |
| SHA512 | d7ca96c8153d005106096eb5d85f8e95a242ed3631dda5339bd50a53775d81550618974ed4bd2f4590027288cfe6a87524e0d80814b92b256f2c0e2e3ecb1c89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 412fe3d134d26b49b6ad6af31bd9947b |
| SHA1 | 356a454ca5b870579ac8a28bd1bf79b1b38b89cf |
| SHA256 | 5a1ab964bd5f30c21d7696eca4cf3efeab886e8162a01bb5c3ed2ae87a4c1044 |
| SHA512 | cdf0362748cc005822fb6945e3b1c01e5afb5fe705b3be02ad56f5cf3f031b841a83609d2af83e3760d78bd215dfa5274fe1e7ef11011d3f10f8f0bda8c1f57b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2605d34414ada4cff1f151320a7c8dc5 |
| SHA1 | 686965f8199193078acb1116b9b6d6f922a42df1 |
| SHA256 | 23098ba949a408f52137938f226c7f78ca2441746e2a7ab305f5b7eb192f1b53 |
| SHA512 | 1df730eec3488f0d694e190a434edfc0056d6ac1a2253dd9aacfb9bba0cd464a1feadaeb6ae4f9163a86a93408fd7599f0ebc0f5a3c9a13b72ccde8b401de2a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eae44ca3fd865b94491a82d1b7ac8b7 |
| SHA1 | ad32dad2499411201407f23ccf4598d4d6704e76 |
| SHA256 | 6ef5dece9df92b5311ba661d31f583bf355fe556235fea3318361b8deec45d6e |
| SHA512 | 267f3f641e3d2e7a3caef6a4289f7cf7d18063f73fe0777c1f9eebb5b4fe19877e76aa44ea2ce7d4d47b935e2cf658ac0e10ff0b591548e13bc1340bf7046c75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07288f0c20771e4df9d73cee44c9a69b |
| SHA1 | d4dcef49190263bce021cb47e244e31bd6099de8 |
| SHA256 | 72cd6c3ce8465ba6f67e4d89d33fdbdca7f9d4c71dd50f489b9e9941c3c80828 |
| SHA512 | 7558caec8a2d42cddd9f7477f77d14a85854acee2471dc272d7315b8698ae769fc07de6c15c4b77b1317dbf89f96192c72102a21ce016171ce77319bc8435440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 448029813e8db1a962b7cbf339c4d8ec |
| SHA1 | b73bbc01c3e8aa471d15a74dd64633ad12dd98d7 |
| SHA256 | dfb9cc9ea29cfa19c3e50e1dfaa02a6cfe3375d3297a54b6aff940d7be9dc983 |
| SHA512 | 61b1e876329a56defe8c32586f6b6837a6fe0f0465ca5ad9a185fd9eb5438c0fb4043e569efecc74a3b319c85513e67c5ab848941b62f5d84418069d9ee9ee3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa35ce9a1ed7f05721ff546a65c6514f |
| SHA1 | b639d75a3f440a711df795e9acf1e065e744bc82 |
| SHA256 | b60520168b4b51adcb48b6563d5eb25986dae50ffaf6bbc0204fc1fad0a54714 |
| SHA512 | b8f5af1c517d4c038bd531317de24abab94e246f2508d28c3c4014df9294db473586e3607e8ec066dff51ef9c56598d6da649e90d2691e261e15e51d4de67a91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb962b1d73bd18f9bc099c79eb5d31f9 |
| SHA1 | 95f98df124894eb4e65307b5401f53e669fc9a36 |
| SHA256 | b9f287e94c7f54df2b5491740a60638421304b6824156d8d9a22e5da981cc735 |
| SHA512 | 6f702fce88ccb33e777882103052e670b57e89edf5f4f4981cd963aa5c3dd7763928561b5c178da5d553c0d3ece0add45578de241176f8e714b34595363fdd2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a39f9efe2c812c7017549b2bbc97eab |
| SHA1 | 59eb9edb92e5e67a671ecf6244bbdffdbc8c856d |
| SHA256 | 9f22eb826dde456f45acb18953bb016420511b8804ffd3d252c679b992131455 |
| SHA512 | 348ec0ceb370918a952c3f35da0757825d2091cb85c8d2f25084ebf76658465e68e8427457e4c333d3fe1a599638e52449a26eb79e0eccf361f2365d7afdf441 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49375b79f9f94f2ba9e828d227b1520d |
| SHA1 | 172083b0524691e5acb3f23b562db215785aa6d6 |
| SHA256 | 0f9e957f25919cd33cddf961f69e29e2a7dc091ca30eb6f73fbb2973c528ec5a |
| SHA512 | 7383b31ce27a8b808516e5c09ea131933ca77f4dc4306af5d8f1e41eecb885c4ee381d8faae4f509ae63f931f1a9238b8a7647553b0c9bd8bc318c922b6c736d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5096557b1538e1f82ada4c0eb7b8a1c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe697546f8,0x7ffe69754708,0x7ffe69754718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11790724273179653913,3082616562592915978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.usacars.com | udp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| CA | 216.40.34.41:80 | www.usacars.com | tcp |
| US | 8.8.8.8:53 | i-c.net | udp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 8.8.8.8:53 | 41.34.40.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.199.86.54.in-addr.arpa | udp |
| US | 54.86.199.205:443 | i-c.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.42.73.26:443 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.238.35.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4819fbc4513c82d92618f50a379ee232 |
| SHA1 | ab618827ff269655283bf771fc957c8798ab51ee |
| SHA256 | 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c |
| SHA512 | bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b |
\??\pipe\LOCAL\crashpad_656_CYHRYOERQSQODYYH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 257c0005d0c4d0bb282cb470925e4376 |
| SHA1 | f9b8efb511ed64292568977c9f2ec255509e8f7d |
| SHA256 | 8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22 |
| SHA512 | 2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d95ea17894ca28e1dbb00255b187b1d3 |
| SHA1 | c3ce1f94011b72d904d38c5d4e33a64a715da0f5 |
| SHA256 | 40a4736badb1220ea9cad222acc0ba32cac3cd0e07ece35f1803ca606d6a4022 |
| SHA512 | c65333adbb494a6f0b86c537aff7af334a6a7bc2dbb29e8b952ad64c21670d3d79372c75a6d14851ab49921f6d65f8e60989f03455fc445a7577cb6869f0484b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e402f4e89d0692ec5f5b8d328a48340 |
| SHA1 | 3732b99e719d41370e56dd36c04ef5c218f90fb5 |
| SHA256 | 0704cd92f47c18adeba5af1ee5045b97972b1c28af2d7fab9a3ee495cde900d6 |
| SHA512 | c46d51e399c6d4cf9d48add458699a127fd35636c43afe07720c9ee3c86fb557b481db034214d55ff8cf6b7b54b541a52de758816fd1af2ace319ba235f58dc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a9ca5177929d88d47865b59f4f0d236 |
| SHA1 | ecac7b6a178c6255cc8eeb1fabb3977ef6943a5b |
| SHA256 | 351c7e4225d15b85e860cd65d4fc4c307bc7b9545b86021aca587326ddb8ae5d |
| SHA512 | 51933b42b1e05c69a1b5f67ec0ea9c9e415b5518621d51d01fa69d35326bc7312eaf373c9ad04d2d0d36cfaeae011d3c1429c2bf7384208f95437f1b066346e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 95cd1581c30a5c26f698a8210bcab430 |
| SHA1 | 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86 |
| SHA256 | d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9 |
| SHA512 | e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |