Analysis Overview
SHA256
268ee78fc524328c617ae0cffda1b0691d36e2112730fb8a3af98ad1bbee54bb
Threat Level: No (potentially) malicious behavior was detected
The file a5ed90d36b6f5bff81aa4aab4c8bbbcb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:06
Platform
win7-20240221-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C759CF31-298D-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002db7666c57fc2344b32de5d094152ef6000000000200000000001066000000010000200000009a969dfc9f2d76b7c2ce7bc9d7dfff59e2adc9aa660f7e4b751f1ff100374f76000000000e8000000002000020000000196fe3b72152acfcf435f3c0c4d89f2fa0cb01785ebfb6c812a5e157659d003690000000a9853c101dfe12abb908571fcf34d4f91e5ff7067c8c7181618eae33eed773a9b9cf54dfebe6b19ec4aca48bdb24eeb22e42ebe54ab4dd46f8b45e20b3e9d7021f829b92b823883edd07d7f6655220851a8a775d51bc0e2faac9ebdc13011a65920283c7220dc0a0b1abd81e6971cabebc64e85231616e2560571454c8ca5038b7ce17dd5e2e3acd7e8e3659c1bc438f40000000a497040cf87e11582e1d5dc975d055f19263ce0eb8aed00c399099d708172012c30b0c7b5a99d44f7fed0f029e8d1e0134211426559b0f0e7981b72a9443e8d3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0050da9b9abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449306" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002db7666c57fc2344b32de5d094152ef600000000020000000000106600000001000020000000a8fbd60e02b00986855852ce1d26a6330eb7bf25cbb24cc26dcb4e501d7ebd81000000000e80000000020000200000004e9865fd2929bdd0d7a408dbb02d4b64daaa60b82480159dc03856eae25353bd20000000cf54430c2f31e0ab868e9c30389c389d8e8da1e2fd49928ac8f85e7e9f97c483400000006913810adf7ad06c1eef405fa8689334af94c7977cc7a152588ce98677b5ae52bc6cb0c9eabfd2a361da6e3cb6ef5ba4f185f740f8710dfce2a9d51f973c54d3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ed90d36b6f5bff81aa4aab4c8bbbcb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab39C7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab3AB5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b2db5a1b11537c01c68a7c8d81222f5 |
| SHA1 | 796c98a56478bf5c0daad44faae53b3c53e6999b |
| SHA256 | a7da4a945b679b9c5fa24423a34d004137300136dac9cfda8c42c194e1670f85 |
| SHA512 | f3990f6d96ed284b270cc52baac82fd6f240c585e8ae65fd143fc082c42ed207650309503235bad6e773da42591f727e52db1e2bbe4598fad67491aa013c5806 |
C:\Users\Admin\AppData\Local\Temp\Tar3AEA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dd142845eeb7ef46f6b7184def24d1e |
| SHA1 | 1ed5a23f0c8228f40df1984ac98af482c58cf6fa |
| SHA256 | 1e0997a69205cf549150bad8d0ba93defde39dc5ff466027ae914c3a3a7ce09e |
| SHA512 | f2b7dced25fd47f1c60da497084280f4af70a27716ba278f755b2c92bb69824d35318e0071986c43dcf95ffe6fe0ef43bade5643d95f501721df2988f903de0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bfaf5cc0c63c3b8c1d94277dcb0971e |
| SHA1 | 3a68b22f6cd25aeb2a00bd516ac0bb040b398611 |
| SHA256 | fe175f10a6e606dd10b5bf8f38c0c10620d27bce75c5c86ebd1f18cf406bde9f |
| SHA512 | de7e683f2def42ebc5a6fa2586456461d888679ab163fbdb4436161cc6479aa4ed397a1e4541f05c95a0ca67ca9d342af9f2207851b1643a83b97a25a3edf1be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ce72eeae33dd0da967c60a7de1870ad |
| SHA1 | 2f1b42fc9418f44dd5d91d8030b48f3c31d0e689 |
| SHA256 | a39dea3f4003a905a4030e93d51d98b817c8e26769cb2cf47ab9ec2f6310a657 |
| SHA512 | b4ae1ed4ae3f56e8041ebed3bff936b759ae5b0e1280edd6ba1fe764877a709097f20ac0639041c8b79507be41f7a25566265e81311dd7b20d1f5fc0a331f214 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ddc9bff1df4101bdeae9f02d4d963e9 |
| SHA1 | 2f23df7cbe6779d9b73aa74f8d3960375291eea8 |
| SHA256 | 1b1f5639e9c1dec3ad9e623643873bb9c5bb09858aa052195b46f8e876fe4b5a |
| SHA512 | e91907a2e31a3c8afa385f7665218dc6a5893a1ad15f4fcb06992614ff3365756c23e5c3f5b3f49a865af107597945614c219725881dc92fa83d549ec82c57b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21ec1672b1e19aff0f170aae81715040 |
| SHA1 | 8a108b9a47df0e156c37782fa84d383d58c1e492 |
| SHA256 | 7ef507d92fdebbaa29f04a31dac3afcdb860951ea4b20b86c0fbff27c5b0f000 |
| SHA512 | e15e461289f2f120171bd6f2d2544e8f0174d378899589f8da620d18e8a94838f0532af077d54551311dbdbe0b416e312145ece5075e692002d7b5a58cd7510f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce8215cb240135e50ed8e0519e962834 |
| SHA1 | c40f523d788535771c3f635ae81a0e614757d41f |
| SHA256 | 4772da0ff61d92abae83d69fc3165f248bcda8b2d1b88385a49b4627caae21e1 |
| SHA512 | eba3c8fc0b3101feb35d76680a0e3358dbcf99eda371777f1919707e3ed35bc1e55078b84f5922b45f747708b2ae0cf450fe12e381737a58edeb6a7af3afe3c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f23a349fdb496496b4565bd257d7e544 |
| SHA1 | fd6580afacf23eaa88a6725a279d179edce6e2db |
| SHA256 | 6bd2a562b04246dd107b51bcb93b76fcbcb89476192b1217d0cb8c5ef09e034c |
| SHA512 | 9a8366c1abf1f70c32898f24f8f18276e80b9c02a4ba58aaeeba947568286ff9fbe30195bf4c84c9097fd13f403fd8e9a5dc596b0d792bb398fa0d86881c72e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbeb4fedc7fd7e7ee436caa8441cc535 |
| SHA1 | 4f61f258eec5899c448603deb9f28a68f93b8d4c |
| SHA256 | fb1511baae1e6cfc7026d83ce821acdd56ac10f69b3fcc21607ee19e3ba03732 |
| SHA512 | 08393ab7fee98b3ba786b050e1da05ea63ee3819b33fa3e6bde04282de098c3f26c79b351d1d048a94ced6de7a2f94bd113d30e2122e86c09aa54b50e63a8f53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b25ba22b5855a459c1b565f813220cf6 |
| SHA1 | 7fa9da2a3127f983b8f0986025ffda2f5ce341f7 |
| SHA256 | 650a4abe51c6dced1af546271696310722e99fdea33f6319a1f17cac8d3957c8 |
| SHA512 | bfe05c2ea61d47c32441602df24346c1ac6365d423e4493b41b66b1f46406a40754883ef34e3b26bf859474f2f4e5576d8528276243c83ca31feb21a593f9ef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f0ea277540b1c49446514a073fc59a9 |
| SHA1 | c4aba934d6049b4b9d714d2ecf9b837c0f887e19 |
| SHA256 | 99ec64f8df2afe15aa59c8e25a222fa7e190072607f39696ff31951e1643b11f |
| SHA512 | 4aacf360bf0f4a2b91b51d5c5c225aba60a0497b1801d7c93c37f8ac39e42ae0e43d4f00e8bcb66875dc1958717f114bbe13b31a814d06dfc8e945013323747e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 254c56b91a9e7d87be9017e0cb9bce9f |
| SHA1 | a720d274675d29f1baff12ba309d60aaeda56b6f |
| SHA256 | cd2685d10549a8ce62b4cf9d7c1e733849dd15df64654b65ea15d585815927b6 |
| SHA512 | f71e8aa49986c5662c77777b5410a95cce14600bf125ea2053348bd593ca159bafdfd8f8b2c625d6d431ce5ec1d1256a9d2b9ae25cad75b1f822998642a62ab2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5380d0177896a0601d5cc8d62e0cf61 |
| SHA1 | 167f827260b618f4f2f6253c50c77dae9b960a94 |
| SHA256 | 763ea86eb1cc6344ed88af126a226565e2c4e47849f578ce872ce9829d9f0a1a |
| SHA512 | 8d23f72896be9b76e490a5e95dd135dcf87609c6e5dca6a14907a412041da67569705da71508891d9fa4d8f1c847b1118fee505186f08946103ce63d00d0caad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2aad41b4ba2f3b986edd47a9c62512b |
| SHA1 | 01e1cd6119ece82a6c610948b2aa0cafeb2aae39 |
| SHA256 | 41f9fbb754f35e949fb1c309ef7d0fd9a5fd570dd04eee1153575e32cae83a11 |
| SHA512 | fee9c5149d29ad2c7c48ae03b258c6bed2a05669e11011a0fa7391a3b1c2756bd6540cb10e35b7885ce5f179ce5b83c8f2bbdc1de06214322b9b5f78cf00c586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b70e4868d6fa2341bade15dcf2d84d5d |
| SHA1 | a65549ffc4b0cbb734e9bd6469206e7eda5fed20 |
| SHA256 | 913033a3a53983e70043af428aa9f9e0ec1bb00385f766c6a2b00980116ab2e1 |
| SHA512 | 1e361a8284779a7e8560fb1549cf0c0db2562310362a6e1ddf8358abdafa0433658399bf6499aef7b2fae0636e7fea7c8731482575e45294ab130ac522193a95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 913db06732099284a59a37603a0fe07d |
| SHA1 | e9c4ecde7289c9cc1a92e0bbbf8ec73aa260c459 |
| SHA256 | 4bcf2cf53030fceb2af4b349bdf6a3b0a3e0885e84e4172e88ccac9d6258e68b |
| SHA512 | 8daf78d3c9ca24db9443f7fe4d09e2f956676934b6644a2734eae7c59ef235d95919b96bff69bdbad1fef5746a4f45882b3367d5cee53da9818f064ce460c904 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03d4dfcba2441858b71c0370f0946d62 |
| SHA1 | 7860892863a459ae8ce52f17ca9ff22b2adbe9d3 |
| SHA256 | bbabb7a788fbab71a2e6cf2662cead1e0e824a2fa7f1b4fe2cc25dfba7e161ef |
| SHA512 | 56e260cb8c53a6a8c97c1130385d388232d51f47eb7444d8a07da88d6babfb7de4457df85ff6170230ab7c55b20873eaac45a61b11236c96b07b548d0d4c4610 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8a1e7ec6d1adab1eed371e41b33f8ae |
| SHA1 | 1ec7ace61390299c7f6ed77e675446df6382d27a |
| SHA256 | 24cc2744c6a74d481bacf130e9f7ec177e828b40cba187da2b8d14d93d63f0e8 |
| SHA512 | dc821a5d46a8d40c88468391b8de642ecb8011ff188bd78880b46a9fa4b2bf24ddb57535c88139b2313de47c55e608c59eb456ffc73663ce6400c948bde1f0e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06e75d498cef67fc02c1e1200b016fd |
| SHA1 | 5903cb8183d179b3f0685a16e54dd400d203ace5 |
| SHA256 | 4f36d13a445aa0d8a4e44b03024795cabbdaf854696e9b9a796bd7454a165155 |
| SHA512 | 68a7dc75dd6896c6b9b582591f772d9deb1f945aab465d8b53cc90aa118f2f6e527909edeb633c0613902af8000309ea806db3b02a0581b825cd295364c73a52 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:06
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ed90d36b6f5bff81aa4aab4c8bbbcb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd092d46f8,0x7ffd092d4708,0x7ffd092d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,10005378310577292155,696406436269062729,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2968_BXVKGDVLHPZDDMZO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc934cf263b13082f48674a5090b8d96 |
| SHA1 | a05c4b97f56f8f4b1aa2cebbd4ba66411a6a1938 |
| SHA256 | 43c17db3ef74f3d110b500b9d1ee2e368fb2582001bdfb39c4fb4df587dced2f |
| SHA512 | 074b0964de7e1f0f4da44c17eb3f06b9bbe11aa8d86b4c1d5fc7b5d2c74a73c7087c0e475eb4187bce91bf7a193b4cef5ac43b8a616bdae27cd7f0cc512c386c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cb543703329fed500060ee3585482b29 |
| SHA1 | 23592f9d093696e05301b1d577cc1c4870edc466 |
| SHA256 | 459566733ab4a3b2b5e9a8a8c226e79930bb128ea69d981b2d9de7d99443132a |
| SHA512 | 3b9f6834a763589d1f7023bb52358e56281b9c7c1fb218ed1d649edefeb86fccd569022319ffb82aa13711d8f08a7a7bd9ce7019478216fc5ad5c362c5eca018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5a642a817c3cec0cfcb740675e8fb5d |
| SHA1 | 87f182f59ed3688126f76dfca56184878b2923ab |
| SHA256 | fa080919b0090014a91723ec204bf74adeee378a6f5a80b48b27ebf43f34f200 |
| SHA512 | f8698738c18a6feeb0dacd3bcb299271a8b89b0fd2a6b352f0e0713b362471d896b586078e65fecf38f1ecb29f829925f81be802a79642e9a6d411252e31dca0 |