Analysis Overview
SHA256
574b5416ee0867aa0b5c754384dde537bd69c05cbd8460aa52cf40d8ed5686aa
Threat Level: No (potentially) malicious behavior was detected
The file a5093dcaa57a9e01110a032858f8d2c6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:18
Platform
win7-20240220-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cdede9a3f20d994c944c9ce62f351f5d00000000020000000000106600000001000020000000ee720bf8c3b341ed9eca3aed31b87ed738ee9fbabda87254083369ab44b47fac000000000e800000000200002000000036935bdbd767f276e67874fa692f270c7ca4162f897cc7578247f296449e9abd20000000c4fefd023c30b86dbd3edc9a1de8aeccbd1d92ea65d2f75319643cdfeee60e9a40000000df2519df357559bcea3c56aabcec75926fa1a4196cbd1323dc77912912f8467893b329da74478e32a918a0afd4f9041c641c8d389125f1e98b5d6cbd7f68b4a0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435653" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD83B501-296D-11EF-AD30-660F20EB2E2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80aba9d47abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cdede9a3f20d994c944c9ce62f351f5d00000000020000000000106600000001000020000000a23978b395bdc57a7ca3de7bdda0bb6d1e87ae5164a8b364f8d3846de92478b4000000000e8000000002000020000000b30bcc9587ac38f30620ae2a87fb623a357cb7dae70ac9e57918779dd34ab39e90000000a482b44b736a6921ed8ecca31d79b9f65abbea423900cf4044509ce556c2d63034b743130794c538c63f7f61fd0beb126c4753e206f12a2f58d48dd9c9ab82148eb73fdb2166b91e889c105bb59e891f77a7d0c6146fb99d4f4b65c891b8f48a403e30a308c4b5c023c6cb47cac90ec9df8c48cc5bddf05ac6fc78ce346aa0b624040f6fc5d683cb544eb4b918fe469f40000000cbbc35cecc86d82cfaf645d4d93991bd61d655ac5909dab3a04a70a72860ff835c7eeccf4d07e0884ef654720831638550a63285b5acb4c165318a740840bc28 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1780 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1780 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1780 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1780 wrote to memory of 2968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5093dcaa57a9e01110a032858f8d2c6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 636365.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3EB6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3FD8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 552923837a28019466f7eef51e456c6a |
| SHA1 | d5206585eb87ab1e021c88258b466390e9c7eec0 |
| SHA256 | 629fbd34a72aaa3f298f971c660cb0a186b29602585a9edccddd5fa3373b4e44 |
| SHA512 | 93d1e0ae4af7d5ee72b1adaa6daa56566c12cfe01f45c94751ed96145153411175937d958c8c48db818b6149430c19472fe67b05b766a5c26a1c63ad11235cba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90883d51093a3052244df07eb70b018d |
| SHA1 | 95b42f3bee7366afcfb007a1eb61a15d70b28ff9 |
| SHA256 | dc1c8b6c82f034d3144784501aefaef49fbabc778114beb5d4d9668442c246ce |
| SHA512 | dae965d811093a746b2e5d041ff1d7ed4de62a70a1fe09cf26e79fec08a2aefc58ec5a2714c3daef54aaddea3f4e22b5e1d50f8b1fbf49a4a9ca3cfed3c657aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 643f57be0be149585bc8d690b79da4a1 |
| SHA1 | 10ac6c51c7124d8c07db78189d0ca48c40069e4c |
| SHA256 | 30b6c3c86076267fc57170b33b3bf64a4791db1f2e9dbcdbe7dde818b202f217 |
| SHA512 | 856dc13fce0f265bb55e6530cc03022b39b2d7a6c4b5b9546c3c93d152dcc9b2f75cce4b494faa6b1a280404f90f30ba6e4707dd9776f91c7b3e60a4e6a8a5cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0d94f04155d89ec0459e434d5de306b |
| SHA1 | a1e10da7d30f646ad1e68169726e8a0415678357 |
| SHA256 | 0a76d4d7073cb4594143ef3646f696e5b798ca3fbb828cdd7ddd165afb6a69b6 |
| SHA512 | b07cd657348a46c2d5e9f2868b9d3910d422fcfc131370387d7e09eb9bcde2a4433f5b62e7b7a0591fcbaaba152ef034a139b6ff3d5d04304b62f8cef10b11aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a499a2d2b13f21d07fe074d0dc53a8b5 |
| SHA1 | 8d7060b80cf155519631cc5a30e4f2151bcfa563 |
| SHA256 | 1640a2cc3ae4249b649658ab8b36225db17868f9e6c70821b900da8a5001b50b |
| SHA512 | 431f534bad2f3969187b94f11de518afed59424b7824189458f121753e4e9c748f6020379aab2f0f2bbff8d76f29921521692abc6ff7b2961034eac5a5acec37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c62c2ba4b27d79bb6a1709dd7072684c |
| SHA1 | bab1c49cd37c37e006ea3d691f5ac67a8ada6f07 |
| SHA256 | f6fd70b450d2818668b7bd33f696d2315f197cc63bad7596fdc452bf70bcd345 |
| SHA512 | 742889ffe65086008407437177dd8742ba57e687f49653d13508d4cc061a5538e85c6e2215cc5d670312221896edfad1566f83d6ea95285b88f9a045ef110ef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df02bc2195c9359ca9392468b66b93bb |
| SHA1 | 6be5c5343b78b3b2ac6a2ddf9d65fa6038218637 |
| SHA256 | 20a6398069ddf14560fdec01d5c5c2653f3c8d7dba955b166c25023ec075d03e |
| SHA512 | 64dc2a7ab4f977f057f3ce2aed1d02eddca0d9ebf16701d4a0ae232a3c5fe8e5559f52f32bd85e0dfaa1d54258a3c0892ec8340ab0a44afcd2ff5361760e28ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53b45312a149c2daf003afe9cff36f1d |
| SHA1 | 46c48dd81b7cdee8ffa10c5a1fa7c3d510597108 |
| SHA256 | 451edac8305415c0e255e1df667feef31033c30b902353461d2f9463bde8b34f |
| SHA512 | db3dc3fb1143fc4569286349600e4b0f94c81f6f2b996ec24a637e568efff22b6e90f9acfa95e2b9a19c41f50c00d3249eb8a6ed6a954fec36d8421f457a5f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4323836a7457ada269fb0f04f937e11d |
| SHA1 | c6a1ae1e834935cc90629dc1bf9333733baad7ef |
| SHA256 | 12153df5f88424eb8c226e589182dcb4fd1e9dc1e0978b541897925a064acaff |
| SHA512 | 3efc2568382b4fb02c4ec5b72ed0bc7266d39766949290e1e65d50e2b6f88db44eb31b0aad432d82f37aa9b4113c8863f610e6d38d0097be1cd278ee987eb3fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f81d5ceb748d74adc9522f73adc273da |
| SHA1 | 6ecd4869d30f3cee20fd2cb4052b914c5fd335fa |
| SHA256 | 89628cd40a44891a0656fdc1640d8b92f2b723ed5e63e442b3b033fba8c670ad |
| SHA512 | 21056a1d4125589961904f94ab0093f6a37ede2c3790e40cb9f426b17f03bac0cf97d5bf795bfb81df4799b61a60699b845148ea7d381280a2fd773ea26952bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0d6b164c1233825be8b11faab3b1788 |
| SHA1 | e6707f554e28821628a82498f503be94dce1baf5 |
| SHA256 | 98983f8946647a4c9d03549a02965f93c5a867f97b24bb6d87417d99fd2de8bb |
| SHA512 | 046c1bb84caf62fee88e9f5a312f6f5b8e6d638aa0c98b1c500a89a354295978b07844eccc85c3d96e62d9a75a7b1edbe7779193c528cb8029e47082b05111da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3a71d9e91336b69f4063dd5a6015999 |
| SHA1 | c6e8196a24d6b514b5fb3ace4783475bba96186d |
| SHA256 | 80257f5176c42117dede13fee0c90069cef4ff3dcd9b8cf43ac2873cf74e363f |
| SHA512 | e87348b0e65b45e6f2db689b185a4c2bde4cb03b8071aad42b72c61f4528e77bfc36c5d7eb51795559acbe42bb567f23fa4ed85421c330e4baf2ca6a5de0e668 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94641152860b0bd55c7d34e67bf476e3 |
| SHA1 | b0512e77356b2ce9b5d097ecc383761d24ed3e1d |
| SHA256 | 0c9dfaee7c4430de75e68872654a5cc770504d7128c22c6d66ab35ea92a7fac6 |
| SHA512 | cada2dffb6cf1d6b6d5be3730c50f781ec450362dc452de338cad9497073312b44ff979aea6f59dfae8c30643441901148cc78255bd41928fc704fa857fb8c11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47cc22c7012f22c7a317acd9ca02827e |
| SHA1 | cf4d8c4c60955fe2c2cb3b7a37ada2b1a00b71af |
| SHA256 | ceab8cc97ac7030e38e8c761a5b2fa88f652cb86c9ab098c8f91b798d9005a7d |
| SHA512 | 7d0478c936a54a88bdf290480d9ee48158ca6e2425da1ff15555d548dc8c1419c8c58d00dfcb353d4ed8f946f0972a31cfcd3a10cddf3bd204d62a949c3be586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 123a75335be5e3b77dcd92bf9da6e367 |
| SHA1 | 948ee1ffe171c0b3c17c2e704c6bcfe1a6304104 |
| SHA256 | eec33099c693401985e26b65c8d99ddede8550a87b4c8864e95a3ee954269d1e |
| SHA512 | 66757b2f0856d888bf2141193db980c976f4db29e3c5d3d8225a7c867b175ff6a946270e0d47aa03addf1759f6a96d03b93e6f86cc141579f336ea46e3337c5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 475193efbfe7a86376fddb547204be49 |
| SHA1 | b5aacd994d0cead1a5bc2c7ce0ddd13c51d362dd |
| SHA256 | 94cd937b5fcb62f6092309263119bb0dec79a6604bb96026b03576d93fcf69e7 |
| SHA512 | 0af6e646cac002607baabd77f9fe74a75dc3f0a0b0cf6d1f7e4d121479b1c45f2bc960119bae3b82fbeff2a023940e7c21a1fbe1f35d8b379408e769a66131c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fa2a7ce5bc45714764e127c4dd9b1d3 |
| SHA1 | bfea7b7c59d45b52cf7bc4a130108da31d0a90be |
| SHA256 | dc32ea8303d8a1192e42fcb932818ad3818775b57cc20184ad3ff58f3de58d71 |
| SHA512 | d1fc0a8c8d5c30ab7f05ef89ba89d4704201d5f0adf019a75920594c8d6f2c678685aa7cbea08ac3e461a51e405741cfb7a1de2afe42eeb73f0bf901cf3ef8ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3f10e8666a172e1fef34fa311a0532 |
| SHA1 | 10927d17cf0701057f0ff533b96f6466222c53a0 |
| SHA256 | 02f959931492aa12bc77f530deb5719fac1e1ee5c403f763f2b441a8011a9cbf |
| SHA512 | abf6c5d24d89198973392cecedec1356e12c0d89f6822f480e88b6e1e3bc9ee10abaa5d98781121fe87cb2d8ef831b8c96dc167bf0281aee42ffafa7b5c4e4b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24de74aa1e0eb8c441b0862e378a5f3f |
| SHA1 | 45c1e136e450b4356d3c6eefb68692bd4e3d5e4d |
| SHA256 | 4dce97edd34d44b30f41d46f78361a1ccc06d0cb9348a774734caf56e5c3d260 |
| SHA512 | 5ec7cb1200d16dfd9cb2aed475ba574681169e570e2f0ddae231e0eb571a306ab751382187ff0db2b69581d31cbd2fd82db4f3de5a3c24836c717cef41a835e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3141b78641d3912d5048974e2d97a3cb |
| SHA1 | e093551d6f05c716fb5f6b2863c6ed85c999944e |
| SHA256 | 2a709810b75e244c929def0fbb1b73498db8610a1a603dd6ecc9db1e0864c93e |
| SHA512 | 6f89de52d3ead957068d12f05ea20a589082b974c7841a5625860bf27f95f3e5b5860daa78a7695f91e4911ab3d81539617888ca4ba50a1f9b36a94ef32df28b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:18
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5093dcaa57a9e01110a032858f8d2c6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa805546f8,0x7ffa80554708,0x7ffa80554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17589587496512975046,10530101606673629934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 636365.net | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_840_FCMZVEGQUTNILKPF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7b853ae64eed30e1057292ad9502071 |
| SHA1 | 353434753fb30bd132d189c4f5173ed49ee383b5 |
| SHA256 | b2a470dc116ec8db66f2f456d48deb233c926c7ca990797e2ab6accc4b3e4ceb |
| SHA512 | 790bf04cb93508bd3e26ef0b027fac0cd2fe015c6a3eacc1f00ad8cd6ba4402bbca9f1371f47c4f2d2f4f19cc801df27ef83a943c412aa7b641f84b3c948cb41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bdc30a55a0aee19605f824d6c17864f7 |
| SHA1 | 51b127755a32415fe8d1c80b475c2d28c9855c1e |
| SHA256 | 34e88afbd1beee78576d8f4d316688df2966d9bb79272e1ccc3f23c1529a9508 |
| SHA512 | 0d1dbd80f4270b90ba5bdec1f8d087acac7f49a8fc9ae0b6485b520ba3cc7b8a192403b738c978de275273f3535e2a97608e95df16565f5b90d016a5e7209bb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4061a118bacf82ec722714bce5e76cef |
| SHA1 | 364bb9c1e6b1658e38a0a4db9f65f283daa58843 |
| SHA256 | e53b48de0582a792ca2d6e2b90fe41cad8c5bbc260fa4508ff040fa326b8e2f3 |
| SHA512 | a602822a06b40020a91adbc3f0df89ab949773b3f3c9fbb0cbe3de6aa0f3f867a700f77d470edec4451a9d399752f68a86c582f356285e61965d16011842ef51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |