Analysis Overview
SHA256
c68e09cb6022ee476c0cf166e5f04a2777f57523281072f144bcbbef0d705280
Threat Level: No (potentially) malicious behavior was detected
The file a5cff44d0b02ae4111b7e03314d55420_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:34
Reported
2024-06-13 13:37
Platform
win7-20240611-en
Max time kernel
120s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008f94593e431584b6fedf371c760ccf0dac4314a5feae2bcf8459c7531bc75a81000000000e80000000020000200000007b1bf4a5b899339b6fcc39b47dc1b882240690d9c751177c2dd7ee5d3a0ca229200000009ec18ecd68805d5b09ce56472cf5de91cdf07c98148a04e6997ea0fa9a5dc00140000000e4f803257c4dd4b926f552c3061556c0be5aa89d0f72ccb8fafdaf136f47d3b63a5120eab08cfabc44d1b8ef70b9dced2cf53c1ad1fa2befacfdef43721a74fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a4f552e054f4329fe050681ff9b3921a4b98ba3ab1651fae8dd8a1f9d11d5fac000000000e8000000002000020000000fe76929ad450ab2882f6f136f9076164212f51f696b81c996c36c33a356ea5bf9000000005800c0f99cff1fed649cc5339f0534bfc885eb4c89f6a815b25739f4cf2ee281e8657e00865248316c80a0447638eb81dd39a2457cd570609a07a3295f4580da5b4bcf5379fffdbd863f05cf0ddfa1e3bfdec507e52b6348d9d8e9043e1463569d9f8e16bae92dabdc77592af4d1fbdbf68ec8ad02cf7a25f25404e822e656f8eef95b4f7836abe15fb1510ea0d9c4d40000000da9c19b926797328510947de931464c8a12faa89cb524d01e05257745b0274ef5468d474b5cf72cb76b9555a2f4a96d0093cbbb0dd3b3ba03b997761212949b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447558" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4B1D391-2989-11EF-917B-C299D158824A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ac558c96bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2916 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cff44d0b02ae4111b7e03314d55420_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ww1.zonedg.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCB2C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCBCD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 470bff2717ddf4d5f3ebf00cd40ab2f0 |
| SHA1 | 7f3062134379be6ee10aa0ce7156d73cb128c98c |
| SHA256 | b27821d2a87223427a1880c1827e4a910143cc932db03d62ace0ec1983d9e52f |
| SHA512 | 7baceb1188c92cae71c7b3f02daed2716076fef3aa58f0cb5dffd2d17403d4994f12587fe1ccb36020cf1b0844106d2eccc1f6660f59058880b5025f5b2af576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f86e9ba5cc3ebadef00b0fc972ea75b1 |
| SHA1 | dbafc90c936daf04d0e6d49121489415779c802a |
| SHA256 | c16dde34dd0d7256e668b70bb373b0d0dff348f97f31f3069ec327dd6472fbb9 |
| SHA512 | 1832e8300c8c3652547bbcc5dcc31a3e9bf17eac6abd314fe8ed342579b6d6028c86e5e9d0f07c0d72bcd89df4c81b2d9252ac54a4ac3cb42bfea12fa6a51d98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f70ccefeb3cb5ce25ba224b64ef797c |
| SHA1 | d1d9fdb1e61d7ec80e5cdb4330a674b92494d8d5 |
| SHA256 | ca04a397c6a7e550a6892db21f0e39033b60158ab9096ee041bfdd5635ceaeb0 |
| SHA512 | 3a00936e663357dc23e2dc1a495b2e611f32914b533e96d9858fd53ddebaeb98fb2101fade30b10e60611595386028327ad9b984ee1dc4bba6834a4cf2599037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b449f0d683cf8485894b40fc4f485ba2 |
| SHA1 | 7c15ec83dc3f68151b9b47f337dd7ba26e3c2124 |
| SHA256 | 0034c1cbef61daef2531de3088e043e877abd75259939f9cbde19170b2adac30 |
| SHA512 | 70c87bd54710f1e174ffee05f421245e012e8a31b47cbee631fc8c6a3387af75050166941b0585168ce84c9e0831303d8013e2936279cfdf187ec3454990fdcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f1cc644a6909bab1bacd0cae5ed5eb1 |
| SHA1 | dee295105028375d375a6eec11a163db7e4f2e7d |
| SHA256 | 8491813f95e9b07abc65ae58afe308ec417a6d1abf1a076edc0a8aad9eff3b95 |
| SHA512 | 33e5007a3f5a21e4a37707d3bd3e90da1dae1827cc6e3058ab705fc741cee83530ce29115b0cf1b40a762d109d063da9fee6cfd50ad440c51ed0641383434f6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9ba4d393fa0706dda2e29f8efafebaf |
| SHA1 | f060b61cf65ad0b6de0d519301718d68ba5ee14d |
| SHA256 | fa50e6873c94f818a89a81a66292e66f55d6068fe0252b66b0c83beda5dff8e0 |
| SHA512 | 5090ee4daa740e10b5177cdd143a5493332a9c1bcf77dfebd81006a60c0d1125d46e7c7efaae200281ef417dbe6645b8b5b9f89228ff6ca4e7824c4571bf7e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b729df847af5d25a8f1dc8cffa5a37e |
| SHA1 | ae26edeacee2a2fb89525967bc6aa9d85ad894fb |
| SHA256 | e9708e07f8eb18585757703d8fd09eca67332c5d0dd1f58f1763b865142bbb03 |
| SHA512 | 38cc23e0104309b00bad91c839b3f97beaad9cccdabd1240d1d7cbacaf46d2777c6d9696741fc88025981bb3f5800f86dc89ebbde144a676fc66531aaa7bd651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3736e7b57a271631f380da5591db6d53 |
| SHA1 | 82def9b6a90c305b40ce7df457cca9228f154476 |
| SHA256 | 7bc1ea88dd84b3fb1bc8b7c585eeb1bc546fe19d72b7a0c4c5f12abd4a76d264 |
| SHA512 | fd9f19f95d50715b16200a983ed55db0b1aee5bb3e2e5be4fe9490f10a34f6a50d24d4c263e593c5c84976032ee875856bbb823d225cb5a34fc908807196c0be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc57d66ba2d3f74abca4e19020e73cd |
| SHA1 | 02e55f66765ae56956f888d4d2b0183b32743960 |
| SHA256 | 6ad97205a5d74adc82fef9e173ea2886252c69d8e622749a95648a68c5aaa722 |
| SHA512 | a25cec602ff6912d83496961f109e25c7a65498fb4aebeae51a38e40f5bc9a10b77e2c08b1ac6c5ca61e0700f02f66763a167b4caef84aa564ab05749bca3477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5125f0d98dec6f21ade5688427275894 |
| SHA1 | 134229839b2e0b54782c0aa2a720a3ad070df02f |
| SHA256 | 536beeb10d0f9dab7afc6f1a53716d59ea0748fd867f46d08e6ba426d0c61032 |
| SHA512 | 093ac9b97a6d1e4e67b533355494e2658614768da7d73fcf1c90491cb9b7aab1bdc003cf9e149e19737e8aa027b1979ea47382347d938ec3ed5cc4e69a944fe5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac26a32467ee185f331a10f7a78ad2f4 |
| SHA1 | 98c164597965dc44823934f89e6719996421651f |
| SHA256 | 461c2a799c4353e6786d9d74644bec32b29ae9f92c2f08310158d3235f699cae |
| SHA512 | e4101098f9bead93d67ef7e97d2e8ce443f9fec9236ac5857519be9c43df9fabb36d4aaf17b0b2bf4c32009937ef2377c85f7cec9e3f12189dc24fbe5b11b474 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491f486cff6dc5f6de0259e0759e4356 |
| SHA1 | eb584eb5b493f58ec669805bcc4041ad59b5067f |
| SHA256 | e84e6a36f35f8eb78d3314da41584ec7831149fec97c8c0ab4bf84782cf59038 |
| SHA512 | a9f3d1cbbbf78d6b0e534814239f738c3d7d1747899ec36fdbf366a6f2fb19278e19d88cc118373edb39413a1d3a2c8088e9c16e37d863d0f7198240f2f0e86b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba16bcf32f0e9f7b986c8c475d5e81c1 |
| SHA1 | 25fb87fa210ef11e29b7155440979d8439bceb88 |
| SHA256 | 287a50f586a07d6cbaba43e701e25f22c1a1dbcbb85bfbb5597efa31ec631073 |
| SHA512 | 7c8b03d1ee88267a4b76b527bb7250fdc02a80d2b97df1aeb393e54bb92a7ebcd9c27dc95813e0ec4d488b9cf6fc6548fa89b5d56bf50f0f710b43eb451ac785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67ae74a1dce6f5435faad0c9203bcbfd |
| SHA1 | 777ed26243d675aad1f993089e4f0ed3406dc735 |
| SHA256 | 4c0566adb0c657a77cc456a1866e5af403cceee3d697cf8df817182414738807 |
| SHA512 | 92dff21828da5d520b75ce451f48bf6f1d5d2d9040d6978951611b968e0af5285be7661925d88a744ccefe05155f1d4cd5241de10fcbd783d44636bc1972e5a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be40e6e2d60024197af58c9fe96d7b20 |
| SHA1 | fb528f51bd3ea95b77f5cf8db808f0a0e807ea71 |
| SHA256 | 38a1446e4a106906958bda98608b47db4d08e52673e9197d4edf089b25161fb7 |
| SHA512 | fb8761042ef356756d6c0628f339a3182f0738611726c947e4d793eb290dd2046b837ba6bc9e075259b766d884f0cd4b1f04d7b5628dce9935a82f3f3a10ad5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49fbe2a752a0f196003b8c8d11da7e95 |
| SHA1 | 860b49d9db6fba43f8171225970b596996f14434 |
| SHA256 | aec79d144bf8fd654a3e6c4678a97c1c9b86390b6dd284ba6e252b1863b7d4ec |
| SHA512 | feb15ccd60bffb976a40af331db00c86d80fa74cf4cab157844d746589b3e3741ace65117840ccc093ce3e53992200235766fefaf7606833bd61595febdc9a5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eb20d6bee7c29840332bd9ad5c5ff2a |
| SHA1 | 0b4dc41da2fea6baa356c491d7f9d705df652d49 |
| SHA256 | 0086d235295ad77b475dabc9d8c09da803582aca4609e174dcdfeeb63f151099 |
| SHA512 | 20f4db0abd22dad6be408f36e3bf5bc1b43aee257583ee0dae92bb931b28d399cb49ac5fe5d77582b9a478e4f79d28521c2b98a8f974b3e633c3f25fbad36cc8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:34
Reported
2024-06-13 13:37
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cff44d0b02ae4111b7e03314d55420_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdab2946f8,0x7ffdab294708,0x7ffdab294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14901356282767113558,958756202401627777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ww1.zonedg.com | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_836_NRHYFJAYKDSDBVPQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9347fc3c19bb1108a61160354d026e6d |
| SHA1 | 0ca947df73ea9f3c6a4c3cb6f47be7a7b4b321d4 |
| SHA256 | c2d20e961c82cf0370b3d0dc610b62a4635d8a08855a6dc8db54fcf5467ced8d |
| SHA512 | 0b07347afcf48b0b32780b22aa783b9b6e95d4e67ad5d302c58549c4f237bab8a6e0c5dd21d0345814b96960ee0fceeddbe7a3d85f6397a7495c5029e1d8b281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 00b253356ddb0d9987cd60bdad224bc7 |
| SHA1 | 2f88a40dc2164c482e8f5274acfe58c1c3e8b7b4 |
| SHA256 | 8bc8b5be016277b4d4f58110f7c74e223fe44a61955068314dda8e3ae0b0e87c |
| SHA512 | 28884c83ff5093f82ce10cee9a12a2cd447bc484893f1d8fa9b2713cf2d68df8e9bd828f90a35ffe999cefb3f733a6b0cc1fe906bef4095ed636b167a9943eaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 040218c2546f4f4045e32f5de11c5332 |
| SHA1 | 3e1f3ec4971ddf3088cb7416718d5d0ee4bfc90b |
| SHA256 | 8d64ad0e9207470c67b1a331b3f686b32813d025b832a8797b18b5bfeb5f94e0 |
| SHA512 | 13631f038a27051ea97f10c3a9746d0afd9b76d5ea2fa013658c174230a35fe5d898d3f5fac6b7fc867719212306d09bb15e201e9fba50ca9a534af05f0c81c7 |