Analysis Overview
SHA256
a0a6d6fbd373e86e37586711d38283ec9a52b482633658612b8791a0a6d8dd66
Threat Level: No (potentially) malicious behavior was detected
The file a5bc63c636a0074984e816564bf93cc5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:16
Reported
2024-06-13 13:19
Platform
win7-20240221-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10087b0c94bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e6a4439f6b5b447beab7fa69c33011700000000020000000000106600000001000020000000c0a3260450a9677f8fa7d9f78533e2457ae517702c34b86ff3160d702b0945ab000000000e800000000200002000000074cbc95ff522a737ba1d5b05c01b04895fd8b60ea16e876d4e92fc89f8e3f0a62000000057c1fc17629700acebc5e5f0a78b45281bb259589766c39f31c14f285088367c40000000c7fb7e32c330a189e7f40ae3722342a48d9da07826f4dc64a8ba953872cf234989ee02381fb807b961ff23a5120ceabf054d5ea810fe781ef735da91591df813 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e6a4439f6b5b447beab7fa69c33011700000000020000000000106600000001000020000000ddd53fd4f998f5e68f1304cc71a6dcee86ff5ef95aebd66ad9cdb8ce483fff5a000000000e8000000002000020000000eca44e6f9895316a4e653c00b5bf2697f108bb179794ab814ac576828a3210ae90000000a047ce2900407c88aab9134fea5fee215cf6d95f3f58165810b7cc8806967565a604a72c6f28f739953af85508bfc75b07d4da0b77237d7d817eb093b2b042060d80499505d31ff25913463b292bafa83ba8c421fd5e3abad2cc02063975717f3fa04b761a879016d3c2941caf1f0638ae2505267597fa743eee25cbe93b38d967f8afbde041d95ec46664f4cc7bda30400000007ccc480fa5bcdc4adf015a00ce0e48f0bbde2e3cd201e491d7ed6078afa949ab45f29493e116eff0d6722f05ff739969a5883af18afdea6d308869251ec269ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37B38B61-2987-11EF-93CC-729E5AF85804} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446488" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5bc63c636a0074984e816564bf93cc5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | greenearthterrarium.com | udp |
| US | 8.8.8.8:53 | savvyweb.s3.amazonaws.com | udp |
| US | 3.5.17.167:80 | savvyweb.s3.amazonaws.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 3.5.17.167:80 | savvyweb.s3.amazonaws.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.savvy-data.us | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab31CC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar32AE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7eb3e8b87b328abcf34bc24669531bb |
| SHA1 | 69af48033e91ada144089d9b3561685e7ab1dc69 |
| SHA256 | aaa12683d0fdeb2ff4af014e7e074cc93d2de85c44fea1e54454108fd59c4e94 |
| SHA512 | b83bea4148dc538f4ba3dafedbe1f0fdaa7eb02a8cdb69ab23231e2adf749c00154c3426671b0e6a596938304c5f8c0f38812cf8e83c1d2c2075fa5d11e08b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac3a7e08427aa5a99b1fc1eb824016ee |
| SHA1 | ebb1d09612cb4b88aefbdf902a2eb89d1b5b425a |
| SHA256 | 405957dc6583507c4e23d748525b69799a19eebb93466f8dc41dc9c0c5ccc686 |
| SHA512 | 28cc8d96f8da7b2f4906c8ca47be213ee81f5f210230d464c4609b5006f0540f41b5f43e634271751950745d84cdc4d095e36421a80275971941c4f80712107f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0c9f9f33d9a5c59d49fe1e1ab090f1e |
| SHA1 | 9577dbb70f7da93d6bc0f290bb7de430a9994bcf |
| SHA256 | 8f5933fa8243af6065cf66f0fba24b80dec2a12b710ef07b028c58cc7e1f3c9e |
| SHA512 | 47a4b0cb103889141b9b780df15877814cdf0a20fd65b8ca67904670e20380a4b7d888eb6a8e5e3e7c589a92856c927aa213220eb4fb3c92e25aac76e2ce1a81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3325bda32d40134eda18204bcebbcb26 |
| SHA1 | 21800a7d899e1f30e9da1704857e0f51127f8541 |
| SHA256 | 4895689268b57d1c5bdd6e2178d89ae1e64eeabb81ee1456585504a165b80fa3 |
| SHA512 | be965f7e2ced48d155d9685cc916085872aa39e950afc7e22756d9cf23595750d947b1e806556b5632c005b1facdb223703a4abe82eb1f6c09e2e2ad42ad5a6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88a8decf59fe77ee5d64401fca100edf |
| SHA1 | 8228eb292fd46dd5182b49d853fe3fbcf8ac7155 |
| SHA256 | c8ea25a1690a33b9461e1d94ca5c333264be19fcef512890ecc832839c8135be |
| SHA512 | 6e8d6b6db6c0463eefb8b7b5df9d402128bb019ab305b02cf089adfdd1608804d4770640b745062942adadd00ade65a295ad73d26e5d9f9846787207b1b7a778 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbaa4660e930d23567e22a3fc838db1a |
| SHA1 | 6b266f81f1e50b9293267e950b485efa904a6a52 |
| SHA256 | d488469a0ce998ecf6baa13a54c0e5392052d468088d33b82bc66502651d5f6e |
| SHA512 | 450f51fc7777bb8583cf146c5e80d1d683ad4a66836fabb5001ea8b90e7e867bba0f237bdab065d19fd2b04a25869fad6dfa810ea996fb6aa886b6b41c2eaa81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c10145d5d81d8fe5e7b000c4b58a203 |
| SHA1 | 8cf99e18791f5a012ec87ddcc2785a525472290d |
| SHA256 | a7811c1160050da586fa96c6eb239d0d0e00f0b6068c2e2e4642ddf6338d1145 |
| SHA512 | 83810b43ae9d11b94b6fbca4fcc97420a280c2f0b0e5fb41a8a6d43e2f689df1906778c28e184b188c48d8a95478f2d6e343826321c7ba2b070a31b4bd7fc7e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28359a1454fc33745afc6efebc3a7ae9 |
| SHA1 | 87199310f99e878b8ba2ef88ed663ec74f4698bc |
| SHA256 | 56870d7f0c21fe7c4ec15c1cb89baff310aa0cb1b05a1b622dc3b092c36f539f |
| SHA512 | 40987ec0a587042db5d9b77b669aa8f8e4467028f7c317d36235b386b7b1ad64162740939f86a4cb0a77c98ad6bccc71c193b751c4c214918c0d38c62b477b2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab6fa0b311a0a652752d1d48af40903d |
| SHA1 | 5d56005dfffccde46f68ac77cda9d4c8ba8c9794 |
| SHA256 | f5baaca1495ce029ecfd0a9566546aa8fad376d385434e8d970f41c0d220f26d |
| SHA512 | 1081987e6fa9253b5812125e3cb9b68b710d964c24f11ca658df2d1a7f59be924fb9df69656d429ed25ce9cc5ac7b2e25eb90720d1a6ad10d454fb056c21c031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69caf76049f51638d4842acc1423d5c9 |
| SHA1 | fabfdf731ea09d63f618e743406da2a248abad90 |
| SHA256 | 3433b7609e3f060e246f8ea8301160ad5c756f352c230c9c5b3b8b87aaac2e90 |
| SHA512 | f89d62ebe87026e69f0474093f2c3f01f2cd74e05496512378aedf1545408853ccb58e7024b6c3af5048ab4a59e76da2dc1b62d6acc4f857ca456a7c5c83f804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf2276df839f2259d2992ad7ca4c3376 |
| SHA1 | 44f65f888c458a40f8e35838944fd54d12078896 |
| SHA256 | 8a21b5bb7b1bb24e73deae33f8a784aeeb1624ad1cc4179f4257b27f5a40aca7 |
| SHA512 | 7603fa8cf6e96ccda2f1b310f44e03abfdd88af70b8f52862695aecd0c3790b9e5f533385a6f1bf32748d0d4e259e77bce2c30e8ceb50ce29b44afbff7d30def |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31600f3d822f9779d447936c4d644d5a |
| SHA1 | 7b3eae7e413a5842557c5872b32207affe07e4e6 |
| SHA256 | fd8fcbbb52d8c926ee054614a0d23d028e826e7e3ed4d131a0be5291f181d7db |
| SHA512 | 5711e3d0212dc972337a6471d86163def759355f7a5256afe9e86476c31f3cfe5bbe226596c09aa59f4c27fcbf76567651fc84b879531474421c15075a029ca3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9229610ef215b71f2bc17e9a8ee5f7b0 |
| SHA1 | c349df3e6214821a5a5584c35ff5ba6987bd1e49 |
| SHA256 | 764e5d396a98865713f062a7e0b61daf2a3481e9f4da97d9149c1b1118c4b7b1 |
| SHA512 | fc1f85cb36f49780c90ae3c188b4d5576e6ced53f932a4d0769a5fe87269369fed00e48628f50e24d20fcc77af211d1f1b77d44e2e69e7d22d3450fc88918db9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35d52509b9181806f13ca3747a19cee8 |
| SHA1 | 13d25fb4bd12d268c492e71b78a7a3d1f03e5c20 |
| SHA256 | 5596467614cf8b27b807f58d6676028b31ef0c302a28ac42a4d5ddbb366d251e |
| SHA512 | ce0a692ccc0bb8b890db7aa9303e98fccec1496e342efa3c4a6f0e50c3d8e93d7195cfa54e01ca615f172a6a51826e738d8908157fe9eee1cf089a7e541d9c3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25fd0dce6ca4d16c5cd567daddc3b3bc |
| SHA1 | 271a9e6044d855f2bacdea7bc903304cf91b4892 |
| SHA256 | e1393717a8b5fae6968bfd7a82725bb335c87b8d7003455ea6e400ac837cdebe |
| SHA512 | e97afbd13eeb78d40113044cb8892fd6b4c446f088437045d68e786d4c611beb36ee42cdb9a1fd346c42da0ca355aa599918ab1426b220acd4f6f286f701c61f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee777721c2f39c2125a890aa260830d5 |
| SHA1 | 2a43f1fa87d14d785b327bf9b53329688f980a7b |
| SHA256 | 9c5c1235162e46798d2819a37e6940b996f49cca8d5f1530ade56638fdedcb52 |
| SHA512 | c0baa4a5c62bdfd01dceb8b128e77d6bafcc2945c4e0d3c6b12bc738c294e820e36f611d8bd87f3cbcbffbecaaa254900cdbda98a9d6a48fdd59ee2294711a91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5af01f75ba30e6ba0c9410b5735c5df |
| SHA1 | 85ca1334894e79aeb0c2b5302ab7ba35b9e954a6 |
| SHA256 | b8933f8500bfa5239dd27804518e8acdf52c29b5afd380515b917fcf8ab5b433 |
| SHA512 | 7b00bcca9462850296ba11417083f750570955ab0c3bf3a4e39bf00a6c8150dab5be0977a60b94baabae8774c6a7d0d19da1ab57c2f0dc699b53f56931f2882e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed3854c51401ea392e0d52799ef0ece9 |
| SHA1 | 5d42ca3606fa94477fcb2ede1a2ee1370d624856 |
| SHA256 | 3c6c554464836eb183baeb22f10b677441967fef1e48546bf62f0d3e4bc1425b |
| SHA512 | d0aa77a7ccab9aff9d0f339208a31db5ca836fdf90c14720901c8fdeb1d39e3c523f4c3d7a1d45f040a28f7ee3c17884405d7143a3848397953e4028f767a335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a393d79b892383de51024fe2880357bd |
| SHA1 | e138bf7aedebcfc94895eacecd333e387c636bc1 |
| SHA256 | 6e07ba2005a35c05ea557897e8504923cc7b72ccf1818cd20042ec43dcddbe9d |
| SHA512 | fcad52e69e0247d66c7b181b8a6fb652f8206bd680444bd1623db92a5266d872ffb6646ce18844327a54033a9862f028a0d7302837f46d54828ece32ab898915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aec5e337995622e4754dfcc7671e59ff |
| SHA1 | dad4f33dc262bf320009b78018486291cfbda6cc |
| SHA256 | 8be20b322c1a4311d5ba5cef872b1b1fefd3fe583dd86673e6bb17325a595840 |
| SHA512 | e675aa76a54a2bf4b7fb1afc666a1ba7e60246e10fb51c49759c5e8f0cc3a869f41183bd0ced5590fc624955bcfee01a192ca53d07ee1371ab0be55876b20776 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd745e43d56ffc9a03d373f11dabf385 |
| SHA1 | 9a788ae5eaaeb978b428304e290bc923e877eed5 |
| SHA256 | 7e4d77bd6a4ee95f8eeaf67ba24e4a23ec9c5eb18f7d9d7df22381c7a3041e91 |
| SHA512 | 9d95dc60ea0fd836c20eb038800272a8ade8ac3a2106d73c2b07d43fccee8e41571f34fa1190634de1cc991c094ce2a6464faa86c9f890dcf49f57e30127f38f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:16
Reported
2024-06-13 13:19
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5bc63c636a0074984e816564bf93cc5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa00d46f8,0x7ffaa00d4708,0x7ffaa00d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13991746818121014857,5524363837581788458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | greenearthterrarium.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | greenearthterrarium.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | savvyweb.s3.amazonaws.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 52.216.43.209:80 | savvyweb.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | www.savvy-data.us | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.43.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 185.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_636_RJDXWEEFSPZEQPQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 047b61d30e862ef8c9083f4784deaa26 |
| SHA1 | 21a26f147c521be4ffa0d4bfdc38c1c18820e61a |
| SHA256 | d823fe414fccac874958e1cb4362154805204501b72f3eb9ea9fa381989575a3 |
| SHA512 | dff3746aee0b8189283b02c67ccf1e9979e1bfbddea87e19e1d68eb82e028fda8396fea2fc1920554a5e8a5d93d58e16b9eb7999d34c41cd7681bc82cd8831cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb3405af3d787b33eeda509777c38682 |
| SHA1 | 86a8e6e65b55a0003dcb09bc860df33d975bbdd7 |
| SHA256 | 05b64f3c42397fd93a8c2267ac5b14de94cb599c14d3aeb5a8f31151187c5259 |
| SHA512 | 10d042fe9210bd4ce46c8d5df4b4f02ceb643b8b4b2a27baef883a187ab576736d12800bf1d9eac66cb820e668eacaee65764b0dc3c632dcc5632ca482c016ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 814384ede7c7b4070f46ff3b2342f8fb |
| SHA1 | 6f3adea6740956aac50fd1f8622b49fde3c4b0b0 |
| SHA256 | 20cf16bf9b4f713d58638ac5492810afcc4def06ae9545e6ae1bb4c632b5e860 |
| SHA512 | 4278367a8fa882d3a14f25aad2391984380c0bcb249567c85064c5fab272fe882319349c483c2e4f741517b412aff6000671b0ba02706a575cab824645d1519c |