Analysis Overview
SHA256
8ddc6e65673adaeba19c9713e32ff4014ee88869bbd3ad188728a6a36d584744
Threat Level: No (potentially) malicious behavior was detected
The file a50df522b9cacb0b3ba0fdbbebb7d8f6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:23
Platform
win7-20240611-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97E20481-296E-11EF-B477-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435912" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000056ff577f9a1493e674b9b34d8483cffbdd94dd47500d75dfdfc7fddc94cd6a5a000000000e80000000020000200000007d898d0bc511f3464c4053885308079935bc21c282279a54180802ae7d0464ee90000000341d43957dcd6bd27601354711d9648e313ed1701a06bb239ebbc746d201099c3db0905a8b81b607349be5c49dfeb2fc5da988029ca3de3ee4aee7afbd9b0a4edb879ca1e8d1d66e1a5aa564e048aa473b32ba71f27badc67568e4dcde07ee1b7b2cb14f9c322eb103e967c0613a3c7917cf38f76a6693e2d5913960c2a9d1dfb009611b4398a1713217e2a5402ead45400000004e80fe1eb0f5cb992a1cafbf732d607cbf17cef571699440df7a7feb1028dcf8d8f6dd8b893d2ac5d8801aca06177245ff31d67953b839197cc38314d0d2b804 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000319c1b9c8c4f1014b5febe7f1f7ad763bc91f32e835c283fcba16a14627b04c0000000000e80000000020000200000005110c20783a2aeff7b170bbcecf9175b42631eac1b50f7ca8e4342e7d085be8620000000d9a28fdc77c606f270cbf6b7e42c9cf7184ae513a7918f03ea9315d8936622c340000000f7b99426fbf5c1ffc7119a8fd3a9d3fbb71229b0e3583611292a5bfbd54b2efb3e8bc639695c7e864be936547f366f9f8f28274c2c565c67db59680988b3f9b7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a50f6d7bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1244 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50df522b9cacb0b3ba0fdbbebb7d8f6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pigcentre.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb11c4fc33385bcf1da00a8442d195f2 |
| SHA1 | 379cdd6aacf9d898726e43e74fba02e439855dcf |
| SHA256 | dbb719f1c83eca25b37f0fc81b80f3741d8a5d5012ddbfbe763d3ab9857c8ee2 |
| SHA512 | c14ad0901d7d9ee92b1d3983d834e9348ea95357be410224b81463a3e1827373bad49a533b5b5fd01816341935014ab58cbc63b5ceb6858a8a79e3b60fcd8ef8 |
C:\Users\Admin\AppData\Local\Temp\Cab2991.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90b4d8ce591eb99ecfadbf41132f685b |
| SHA1 | c4159cb81b4a255f951914e89bc067254aa9f3ce |
| SHA256 | 0d38b00cf028b6d9359ddb8a7d4f0653de386feffbbbfba1751b30c131230f21 |
| SHA512 | a01042ce29775b95530ac44bbe5990c615ea5c9646548fa81ecf5705e409f0120ba283c2a85b8d5a3a5c241eb96204705e35c7c4fdb1170927cec42f8a9a4fcf |
C:\Users\Admin\AppData\Local\Temp\Tar2A63.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6f2f8e2538a5092081747cfab535260 |
| SHA1 | c44374425e32dd48e572bddd71e25f3f50cfabb6 |
| SHA256 | 3bd8160a9ec3073a4236399092af0c72b02424aed4f35432f03e6652522333b5 |
| SHA512 | f6abbf41fdb4c99a7e5b72fd1c6cdfa68a84bc752560783ec8d2e7a2349b42382112c4816127a9c554febb3a20e04d70722a0f7213631424293180be56474ed4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c61cd984c049baef0ea7c122abdd1f67 |
| SHA1 | 0e53e2929d08491ab8d125d0f07060a0413fe572 |
| SHA256 | c0236b8b5fce0f8393fb3d36ab2feb0d0c127a596628a72c1b2cc6ac26cfa7ba |
| SHA512 | 25cab2add347c67d55c9265bb3a68dfe3102d68335c7228b9607b9076a26d2eebbd362a2035d183ba914abd88d94e8bd96b16f9d15e8c9aa0b00aa74351ae14b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9037a39eff1868ec9578a58128e2ca5 |
| SHA1 | bc4ddbd627dc3894ceba0c1864024fc931d841f6 |
| SHA256 | f5517cbb2db999a16132eb144254023d02bd2038f0b94b842a43513b7397cdee |
| SHA512 | d2835d7f0f5f6e84752e403c17bf7d16b2927d660a2a8fd936fa019b42f8c70c75bcaf1cb3f56a5588f2c3fdc4217cc78195b0cd03abdef1c160a0c8e6d280ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cfa30187feab3bd02b9ce756504ac8a |
| SHA1 | c8f291b21183afdae1aa267f1f8ed17e38d6e4a7 |
| SHA256 | 098c0f2eb3280f9fb74d80ee02ea23d77a7072c03eed4cb0da79bbfb0e00e7db |
| SHA512 | 9d6c085213f3f5821303c2df317f869b5ccd910ee454a95c2b7b5caf09b7b872d5580e6763fc3761222c2b018f491b4f01900776a94eed0f6e5d816722fa196b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 576c8332210a9bd2e5cbfcf3382884d3 |
| SHA1 | fe36210101647e1dd32f069bd38c191f7af106db |
| SHA256 | 79e50324849c2ff33af2484c7243392d83de4c6b856cca913013ef2898eb151c |
| SHA512 | d03e812c44d34e56e27437404fe483447a1c40930b7a78c94ee45bef8e606bad975cfa95ba9f659f4f52e5d3e1b1db0001d91b74e4bcee187cfdd5740caee9af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17e1f95fb324f00ab1a1cc894704ce3b |
| SHA1 | f3ceb7d7691e4cb6919660160ed161027f12d314 |
| SHA256 | 8fb299917154ef3f47b57dfdf9edf436399a8ded083a692a72629aa328e28eae |
| SHA512 | b621a0da083a05080c66021e749838fb303bf985adef1f5cb76cd06ab0453e5a480e3c58c57b7ed2f422cd660a56d8a5bac9a289a88b55e1a0e4d7d01ac25101 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 658c1ba59403a012075087aa5bfffa22 |
| SHA1 | 9b6a13359fed669a3e01fc1f77a7aac788051c5c |
| SHA256 | d15b25b0e38d16aeba9881a621bcd922dbf5f93f718c711e0622fcdcbb9356ee |
| SHA512 | 79534f88281c0d653b5fc907c8fee20a5a284b2acfc14ae4cc08b0b54b498dc4d2972fbe7a006654eb133965cd94c26a103f26fb81c50129719e6c9fd1af7cf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5528f235b7fdc571c07bae72f7099ee3 |
| SHA1 | f763772b0c0c63504725039d8edfc99b8f5d5c56 |
| SHA256 | 594c2adbab285e66419f350db155813aec061646f62ff2407f0b1af661265eeb |
| SHA512 | f4ec005dc7f565a84f68df6942ebe999b482b3e026a0b36dc20ee2b3c8e655eae1c685b4ebd12d5b7a505e6e755620d9393c804330ec96602a0696564c428f6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b388cd4d161b38489cc9497e5c6fe158 |
| SHA1 | 9970d4913ee310e38cfdb8daff6e9e4725c57927 |
| SHA256 | ff7de561d656751cece19757c29531fef8379a775323cadbfa1936149c7716a9 |
| SHA512 | 776888bcfa5859117db3a4f674f599d59fe173148027319cce99ba06625d01aee25f231244a5dde59c5d2f43e1f4bcd2c7ea09d937ed787fe3f94680fcde28df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ad231b8d8a902f82fa7198ca795202e |
| SHA1 | d41a5ad8c66c713b14e42a9fdb1ca32ef7e0fd9e |
| SHA256 | bc4c7b79c50c1073b898ec33ba6910f77a63d65f427bea1de4c6f68b004a4987 |
| SHA512 | 879c2e29b4c99a289952a163417899bd441c06967a43d6998f8006f93c919d937a5230454d3afb522a9a8daab3fb83ed0ba1b56a15aa292f4e34bf923a259ef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c63a68f7d73fdb0ef4a140a04522617 |
| SHA1 | cc03130c71a7d9797d7694fe0b848a65f0e2f628 |
| SHA256 | 21bf339e47a8a023d3c60f855d7b4db653e4d4c3c02f9658a17c1dc86f28b789 |
| SHA512 | ee3a2080d9f43f7d70e615ee44d98754b7d3fa1cfc9200cd8f9e42fc1295d0325163028669e14653124588d688194d4f167abd891f1b349813adbaf0d117f1dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8469ed31adfe8a890864e0b807445f1b |
| SHA1 | f5084577eef2074603574712654cc376be58ee5d |
| SHA256 | 287172838092e1bfc734ef677f6320ebab1347aaeee1487496d1a7b0eca2ec65 |
| SHA512 | a004c4109f82eceb8c140ccb43e38813d230c6660180a77f35f8d634ceb816f62bf1be3a6a2dd209cd3d0e5b29ea65ab9d2834512f149787221b938f262f862a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0f184b2be3c222bc0145f5dd23089d6 |
| SHA1 | b8a429eb5fc8c856b21bf7f824b5dc818c725f4d |
| SHA256 | 20713d31f07167f2ecd594e3309c83ddd0f093d6c33d93e50931cf92738f2fe1 |
| SHA512 | 560540bdaa714a91fcd137075d96a5a60e9b9b189d89139329601b71ae9ecd69f7690b9ae0700d4e9c020a1c0dbc9f4d9362de73243687631e733f05f082a996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63af5fd5881f769c4514cd74adbee925 |
| SHA1 | f0eeb07c27e6e8a755266a89079195a2e6b121ea |
| SHA256 | 5d64afa0991fd99336a34d683a0317e245d6614d6b8f91954988e3a9d4a2862c |
| SHA512 | eb8b039a5ea6d669a05b67f42d5f0bba7b8988fe6ccf339da4869820109a49b2f220af9ac1be0384d16a59d50d0247da4074195669e357ab866663a41c268188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bfc0b8e936b0fd3848b4195871c4c95 |
| SHA1 | 0751f11dda626fbb46c64062239403b59628f978 |
| SHA256 | a9190f68e27f718d6631da27b85de59d4dbc4735e5dd72cdf1e649ed97489f20 |
| SHA512 | eccb54980e6de89dd567612fa6babb7285c77cbcb26af83a3829dc2ae7c996b45fb98fc1e06417497a4705ef51fc2e156dce6ac11379e852a41a3b33b4510229 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1171020d630ee87da50c39dc3602bec |
| SHA1 | 7b957ddf737fc7a39721cd4307215361d389cef1 |
| SHA256 | 84a1e6e5eda946f7df667408532268fa0f7e837760d2497504f9fdc7a2913966 |
| SHA512 | 81dbefda164ab94137891a5e879a060c20b37d137da38ea86f3917cbeaf77d5e6582c414e943549405ffa2642c7e9b00e633724212f1acff39156188eaa17e13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50cb91f7fbc93607c887bf7b05be8124 |
| SHA1 | b9141c1965547bc14df53c0f7931b98a1bfdded4 |
| SHA256 | 63a99d049a234c9b689318aed39b6833f33b5908f64f964357c83d2045a8ce0c |
| SHA512 | 3d092b7f6a9fc753d77999c4705c158fa91cfc1712205e8d5ae15311c3ecb638f45cba15853a8c9e15e08c80c235598423b591243b4012b59904acd93da10669 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:23
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50df522b9cacb0b3ba0fdbbebb7d8f6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa02554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,17712389163343408343,2217564904592665680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pigcentre.com | udp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| UA | 185.68.16.20:80 | pigcentre.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.16.68.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4624_SEOBVLVSZWFYMPLG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e60fbb14d4832ee9ca1475df0cbe8f58 |
| SHA1 | ec3e90f905691ffee9a4d3aa1f29d6998a180df3 |
| SHA256 | a0de082432a9a735f5a300848891866ab104109262ff879b28ea4211ba0d253a |
| SHA512 | a4ec432a019842dadb8321ffd413f8b1d8ae234e1ff8ec3b53b4c8e2ead6142bdd624a33b3f6d2a4795370dc151c22b2c48de2e6d86d29763413927eaddeb32a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | acf785120b5cd8543248eb4f1a5f313e |
| SHA1 | 580cef220905d26693667f2f2fe4ed6429298b0a |
| SHA256 | 14c9b1da769a8bd14809a52d12998ece0eba20919636a98b294316fa2d910fd2 |
| SHA512 | ce21052c4a37e16303410f09f56c9b0499dfdab544b03fe3207acd9f033cbd2939895634f1c50cb2928d9e79286f8d2f75c9fdf9bb91b4f5502af6b139683bff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 119cca390b03428b2a2bfe3e318e1421 |
| SHA1 | 5ef8e619938b4ab76dd789f9e93eaacb409819f6 |
| SHA256 | 1a23dba0381d77315bbdcfc54e848f64e59ddda2ce4209d0dc22c799f4ab2abd |
| SHA512 | a961c6fa563bac32a101e371989b13e559fc61ff6dd903f1b2023fd51b4c35d2418226de72b6ca3c3a94e7dea195808b4dcdde072c0dda79df294108292e3a81 |