Analysis Overview
SHA256
018146af06ac65b9578e2d216808c2ddc4a040434fb6c5f915c402b144d1a39d
Threat Level: No (potentially) malicious behavior was detected
The file a5cd85fe8aad9766fb5990bb71feae64_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:32
Reported
2024-06-13 13:34
Platform
win7-20240611-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447414" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000011e51e58ec71f8057de10b6496cad2c0598e851d0c60b466c9a420b81400e271000000000e8000000002000020000000e2d41af3d55cc2e62ee8c701c09ff8a3176ae65699b3b598bd23d59f3ff3d24690000000ad0a56ffcde535d182d6a966378346a68f8b20e41f36fcc33f998e4d06689cb360883e7ccd71305796c6d65f773a8742b2d1d3a5f8af74170e72581eec20f3d64c2f66c4fee1cbb7fb9d851326bedf06d2b98eedbd668e63ab827462b8eb53ad59cb5ef7b01b9b22d450909376ac56a7e4ea994317908f1ca60f517b20a431f7cd63794e78cb7ac6681869d340baca4e400000000b8debd6ffa4dd5aa90c4124c45a2b09a569b48e3f25c1235d353e3401c1a5b7734ee6deddb7ab2fc7f7fe5d2c00e7c7967cd8ce43ed70356fc06e381befb206 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005b8f15dafe45a87b5f356e191558a70ae307a67de8df2d2be89b91c0afec887c000000000e80000000020000200000007e0a6f74ee47ace58573910907caf681b25ecdbe49c80279e247402cc4341a0620000000dcbf63610c1a95e225e1c7f63968341df36b3277d2e9e433632bbbe089e4a236400000005b282a0ba13322cf1f6f0b07bc306d58c7083de2ade1e4b857b1b6cd4a00709e7ba75ae51a7de0e867f2af08ff16923ee501d9f69216abae385c1930e5f1b6f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F8A53B1-2989-11EF-AAC6-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2051de3496bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3020 wrote to memory of 1460 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 1460 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 1460 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 1460 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cd85fe8aad9766fb5990bb71feae64_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | d258j801nsw1p7.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | malwareytes.org | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| DE | 185.53.177.52:80 | malwareytes.org | tcp |
| DE | 185.53.177.52:80 | malwareytes.org | tcp |
| US | 8.8.8.8:53 | d3sxcf6d4hxjd9.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3ujb2t8x8alxd.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2bfa0zlmvk3fe.cloudfront.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab766A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7748.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3437faf09751980e1f483121117be4b8 |
| SHA1 | 1b7a92108576f5a8322a4f3c5195df1f6a6d0399 |
| SHA256 | cc24b63e36929669211139d0dd16574edcd4fa23f51eb767b089b37c0c68d516 |
| SHA512 | fd358e21d4f9dbfa855197279577645ccb4ae10567f806fa8e503b583d8b46b6d05c66c42601691a61daab37548b0d5a931bbe268783b3898e672e62c4c132db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1095db85d9d8dd66a302a8919fae9722 |
| SHA1 | 3993386b2ba862e30968360284c6bc689d5d9231 |
| SHA256 | 6ecefc609eb257335c74e1d1200fc2d02fa15bdd61eee6dabe601b52e798de2b |
| SHA512 | 9d02e4283319d994084538a0658400ecaac89f64493d9c446ae96975b2123586ab1b4c08854cff4959c95c5a78c5158459cb8cd19c79370546bbcd7a1df68ec4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3073c5da5f2a469fa404322d0fa067ff |
| SHA1 | 3e0b9f5e8b4704fbb0aff6ebbcffff3e95f48797 |
| SHA256 | 30a3e7e92cde8b059b8e2a10e9b0c417119e76e875c182918c3900c7d45c30e3 |
| SHA512 | 843bdd833a72a21bce7dd457f4c0a87a45061691929752598c5917d87665cd078323ca449e218853f7178da8bb52a5e995d2d060fff833b320661425f34eaddd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb2060f142b008f124d51d9679a54dcf |
| SHA1 | 8e54c97c5f0f176bb19fbc89e8d814b2eb3c9b99 |
| SHA256 | 9a78b73aa632c0c4bb26b97a146f0fa03e492a1057f22427a8483c156cc9e03e |
| SHA512 | add59c4557800f26ad7dd0434798393a11423841c074287e41d0ac5e0893d8366a9eb99580dca7168e7e9e96fd40378a265de0edb4d65b4e78b9ca76154b04b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adf28174656e2d15584959791c7eeb07 |
| SHA1 | 485da2b2c4baee0bc777c26aabe3c0965949ff0b |
| SHA256 | 59eef48b496957519a8cd45faf3018d7c7f5658651dae437ed7efb4ed913db95 |
| SHA512 | b45ca0aaa8639716f7e70b5d2b247388f69dec2f66e322cd86d21047fd393a9d56bb86bfe90b7bed7d7c3e3ce54739d1340debc60e19fb05712c85b383ac521b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80302ef51163207bb54d58338bcdf0c8 |
| SHA1 | b2f0c7d1ec49899b99bf3bb3423227a02c1006c3 |
| SHA256 | 138d43989d061fa48aa46eda8f8515700db4c8757336b18e8791866b0035f327 |
| SHA512 | f869f6190f7956c57b57094176a9c1dd580e56f9f477522f618e8def6a93b815b7c20e730b1f0c1e21ecd4cdfaec513c2fadb131dd9488211e08161ec75fe9ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e7314697acc0eb275ee50b6208dac7b |
| SHA1 | a0fbb40f77079b8676f8de5a48930b40866c18b0 |
| SHA256 | 832c40d8451d7cfd67f3ac8601e0231542c055092be91fd1914621a8421c6370 |
| SHA512 | 59b934d5aa020ebb1e1b68fbf0a1daac9d6d12535da23c02066442fccf7deb94b77ad537e386a4495bbf7f7d79d248f0b7eeeb39c1a403434aa77c29c20933b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09e6bcac8c600723f9b7fd6bc860949e |
| SHA1 | c1eacac3073fe2bfb3c1a4edd59245f523dfb380 |
| SHA256 | b50616c72c94c13e433fd9a895fcdf236323ff3519cae0141f18c5c846779e11 |
| SHA512 | 1a62509aa724f0c438e7019e30650d9740d96c8bd5cf4f43768350bacdf5c868d25e50366fc0f39db7aa050cd19012db06ab826de3c8ccba1a680e625248a81b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 945feecdead2bb93b5bbcaefad9e88ce |
| SHA1 | 77f687c29ad41cb04628af297dc080096ca87538 |
| SHA256 | 63a9aba6f50e19f9f85f95deb28355267e86a0a95e0ea194fb48149577b3428f |
| SHA512 | 4d0c809623fc5e171f259266247531cd2eacded5c609561d154b86cb49b7bfc86cfa09ce91844ac241d7508a2d9e382f50cd141f055a00a73525a3b1998e8fe6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4ae36fc0b576b32b8807d15531e2d46 |
| SHA1 | 36d11b767f38aaedff46f9100a4ffb790d8559d5 |
| SHA256 | ee4c9eeb70a5eb85d93a678dc9cc673313b17b3fc98ad1d41e9b9c66aff5c00b |
| SHA512 | 82d96446f994c44382453b2f22f0f0d2d4848cd9aaeccb6b15cb71c51ab339656f74665ba6e7490161764aa1fcd8d997e52b9f1fe9836efe19e7d38259a3e565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a79d40022f31b0af5fae03deed6f6084 |
| SHA1 | 5ff9aa135893bbc1aa126ee444e6a59ab522a547 |
| SHA256 | eca2e881a3b9f155ba5ad7f91f426276c4cdad4c855ef975d29a6bd65ca0c1ea |
| SHA512 | ef04d3335323b2f29ed2fe20ea69396def30d875add1a84653058161edd93ecb0b84b4329496290d8103a6ac60645d8633d44d6c849f3d8bfc6320984f8afb33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf5ea9aa4b809e493bf0aa634799f4f6 |
| SHA1 | 7468d70dcb0c3a27a7237af35e6318cb8ac33fee |
| SHA256 | e487454760a5b0ad4393d255afed120f66118128ff0913d101cafe5264e56114 |
| SHA512 | b7a2c4c8ae47e1d37c8c0fae2cd58798c1ebfa39d5c33c19b721bd8cb151300d1e492a32dcd87afc74af40639ad92ad7328753de9ff74d39675c84a9c0baf11a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ecc220806b5d2dd5c254e5347df51f |
| SHA1 | ca6c0e6ad0034172102cb3edf4164900a7e6d35d |
| SHA256 | 880f8f0fb063f2137ad5084cac10fbf84b917981309dc2bf581976a0b2da87c6 |
| SHA512 | a117ebe2cef4fc168647d54b537720d5503200a4d8aa94080b2351e1a342f8375155067caefabe79cdaf1610373ce7b733e3e1d7a453971542f91821665487e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2b8a865cf7b01678b589e6fcba77f91 |
| SHA1 | 91beb90c1b940e68728c24e0fd74ed510c51deee |
| SHA256 | a2aadb9929911e537f415ae7e32ca04eeaa93a3b092b0d2e9f298a6413a17810 |
| SHA512 | 37dc1c343d52e65b3e77f7b011fb20c2fb5a18bb7fba470b9f3ebab70798123f532a2227f41179ed61f23f292f8b432a348591042b567be48a35ebcf3ca0bd3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3035c1f5f23591104b1f00baabf0101 |
| SHA1 | c3034a048dd879413d0c865f0f084debd92fbf05 |
| SHA256 | f2fddb69d527c945747bbe9363c4201e6235b08f16719e77d2e84f15f407c94b |
| SHA512 | ff0f095d58f14c9638395c077db976576ad8a7d4913cae7a784f4af1d954695478d9f62ee1a639599b878d9a30a9b03c4f7b927816acc87d7aa657de1e55c9ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c5a5fc4fc1e2067d91eabc4c9329f7 |
| SHA1 | 700b44a15805b876ded981232e9c46a7081925bc |
| SHA256 | b9f3c08538603607725991f7794f47994ba195107d6aa0eab882cb5430ab6a1b |
| SHA512 | d508072f3896c38db4f1a3dac30b617a77a7b398ff02c68e9053229628257266e10777f7d958562dcbfd0549a130c5a038c23100d0aee002e2882388ac4077d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d27adc87de382cd988db8759451015c9 |
| SHA1 | 09d19f422d3e2ff7ce1a2f766e1863712288cafd |
| SHA256 | 976b34ff61df263fdf30391a7e99f061cd08778c87955b116cd7aac1b70802dc |
| SHA512 | 2a2f4f437a9327807b4d4f200b00b433341b7481ad690af7f81c60005385b8b9ee0b6eee1ccf81aff3e101d4971f0ad52ca831dc17d680ed702abb4b75a268b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a353fe8b333a46bdc3bd21da05380302 |
| SHA1 | 892b3c1f963d0db83299ee99b398721baaec0e8f |
| SHA256 | c170e09de21a000accd6cfe7033549caed023de759a9fcc82569fdefd99e4d9d |
| SHA512 | 2b2a7e5c2e2b75b23369be31fc1aad0ab9de59a39f2b5f483e886a9e468389f481e3f2ea71c7a438ff0cc8da1868bd139141f3d2aa5239af1a916b7206d4f24f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64ee498a05732580ac8073f9dbc568dd |
| SHA1 | 61f763ced9bea88ee677f8bb126769a11a611685 |
| SHA256 | 8726d254feb1aac05cc633dd2ca766d364b0fbc1ed2edc604fa04af55b7569ce |
| SHA512 | 7a5e29adfb30b056e9a91ddb3551024885ed9ef27919ff3196f4982a35e8e40d36508dc67c54b2e479797959e920dea9d7bf7d455b71dfa4409fdc84fa1f6fdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4427abcf3a8298c69af474488f304d9 |
| SHA1 | 7428c9eafcba02b81fe69337be16693cc000dea0 |
| SHA256 | 23094a687eb05d6cab95ee67e29cf3d7f1bd616d6aac08b331de2f06b53837ad |
| SHA512 | 259b3968c05dbaa55dddd3e82a6fc72fd101185b75402dd855f87809725a5ea3efbc1783a5fc4f92635def28d26a8ea968b23f4c982c94b77d1e67e8e63c4072 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6931bee929282e7f8a7ef2a7340b6e1e |
| SHA1 | 0a21579fd976afc1d2a9ef561a944db399095321 |
| SHA256 | dcd0390d7b37cb88bcf2e7139c57c1d46be29b203779239da927c87b371e4365 |
| SHA512 | 023bdcfc29c5222b8f1e7e4ea67cc9fa7839f94dd5f5e9475b96a66bc680fb8fd9b54359810be897e6b5b1ae212894f96542ccaaa14d96c7dd29301b62c22072 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:32
Reported
2024-06-13 13:35
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cd85fe8aad9766fb5990bb71feae64_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,11784275876885932173,17909149317780220037,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | malwareytes.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | d258j801nsw1p7.cloudfront.net | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| DE | 185.53.177.52:80 | malwareytes.org | tcp |
| DE | 185.53.177.52:80 | malwareytes.org | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| DE | 185.53.177.52:80 | malwareytes.org | tcp |
| US | 8.8.8.8:53 | d3sxcf6d4hxjd9.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2bfa0zlmvk3fe.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3ujb2t8x8alxd.cloudfront.net | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.125.209.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_3700_TVDEQDQLZMSZFLDE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68dabf24f73f9bab4fb228333969cd74 |
| SHA1 | 738362366df4d9a46605fd0af0464b3c1b3f7774 |
| SHA256 | a7528e06ec36a4380dda3a02c15b6fb3ea6df277c6ffdae24edc4ea2c184eaa3 |
| SHA512 | 2aa7640b78de6f1050cca64e6067b581aa74d212f0d704868937e1e8875f25390999f1b2eabdcbdf80ad0363449cd4be15176cdb8f6aa9816a826ad9acb8e912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fbbefb7ebafef4345a63ea50a2252b42 |
| SHA1 | f2ec4f7f9de2e512e6e881a458959ecf453d3b1a |
| SHA256 | 653c804c62cc41c011a67b5a04e2a6f1066f27f36a4f170b40844350e00a2c66 |
| SHA512 | 7913b16cb7f9fe9e67569b21d2a310ef9716a82708dbc665434654b85987b6fa2f0b39847b56705e517d4b359bf61fd2284f942c670dd8ddec6971c912907c7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4688e410b05b6e4345ae27bd4e2f9641 |
| SHA1 | 9cc96bd6dbfb8bca8b5d6ba624a12bf60fab7246 |
| SHA256 | 3852b19e5aa3aac26e205b13652c09a69f9e8dff77cc373ea19c280efe9be1e8 |
| SHA512 | 7304b0082ab0517008fdef2319ba85601e95c9b5e5bf16c462833dd1c280ab88cb2669a57c0a1986fbb6447a6e155172a67aa81e892520ffd5cf9406a831d2ed |