Analysis Overview
SHA256
9f25f305a2074c845b452de050d48b7d83aa637dc6639e5990fc4e34252be565
Threat Level: No (potentially) malicious behavior was detected
The file a5eda4d1e6d526b2b20a1c9a13026138_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:04
Reported
2024-06-13 14:06
Platform
win7-20240611-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a1dcbc9abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449314" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000051542638d64bc41de1b16bd0f1b2e1be96dc463c0777985cc700fd8eaa0d5777000000000e80000000020000200000003bd5848eb08e15cf1e35fc745f2bc62dd5a1763ace8307f3d07f6bd6ba64d4d6900000001a21c8e8201279c0146cd7abfec82255cc3d63cd2c2c436b92464960ae33a182954a70f6bdc21187d4c673c2c8e6733386dfe7c0e8c7c387bed6a62a2d214f551e20a025d6c3d26855c73d6b348dc3111cdc45b5d31a6a9de760adb0bc9aff76aa0aaede0f5a789d314ba27af906ef3d18175214626e2b5dbfae798d38fd545da5fbd4a2651a064abf7d0d7407f1ad6b40000000d52eebae2187b114113b50278ea8de0e3f0261531f6dcfa1f4bf6a7e79c82d84e342e45f4afc56a417830ba3fc41a1940feded7351cc986d7c3d11351de67c88 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB616CF1-298D-11EF-8156-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001de6165991db3cdcdd5d1024a9887179ec75d43998711ee15d1d6ebb31690276000000000e8000000002000020000000fcaac79103a776a31a3145b44c23e55340c25e5b0085acc31f421f23041fc9bf20000000c947566e63cac05616dce64526ef854f0e3f7afe676cbd98f3e161520ece373940000000179ec4c214103a986f557574b5b1fc1995b40cf5fd7a1da654b19161521ce89ef5604080aa4646861f555a431a2556f010efe3194a0f157fe11304d50015e20c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2188 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | italosearch.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 172.217.16.238:80 | apis.google.com | tcp |
| GB | 172.217.16.238:80 | apis.google.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 172.217.169.46:443 | cse.google.com | tcp |
| GB | 172.217.169.46:443 | cse.google.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | charlottehoej.dk | udp |
| DK | 195.242.130.60:80 | charlottehoej.dk | tcp |
| DK | 195.242.130.60:80 | charlottehoej.dk | tcp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| IE | 2.18.24.10:80 | www.adobe.com | tcp |
| IE | 2.18.24.10:80 | www.adobe.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 2.18.24.10:443 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5cd05b153cf3faa9950b4791ab0940a4 |
| SHA1 | b7be7cbd1c184cc60f471d5b7f953aad7f555c4c |
| SHA256 | 45c1c19b28c83d1faec9139312d488a4eaf4ad86564d7d83f503bcd8fcc40cae |
| SHA512 | f59466dd546cab561e42172dcc3643cee8c9ea407950baa551f4f2bf4d2b50c6ec824e45883b33511d3284d310c4e14668437204abde8736e8704c9af5f7951e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 33fa593946d9ad686c2f7655cc0534df |
| SHA1 | 6566e2d1cd2bcbdedb7bb2357616809117a96243 |
| SHA256 | 79b5d55e09fa8dfb5c74d3a7569a9ee19435ecb89b8699a90893c6dd7fec0628 |
| SHA512 | 333508bd7fff12c8a4c1629f5da4e3095d6b38c97f2466a2ea8a7e833f46912756e76cc327ada18e221613a31ca0e9e59276d383b9d59ced322ce62966e37204 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\f[1].txt
| MD5 | 20b7fd4bb9600c15b5f2a6bd51bb02c4 |
| SHA1 | 2fc400ff2217545db1f20898c58892b288164a69 |
| SHA256 | c87c63774f2fac1b8e79c1e54f81cb240fe335f982576d55414b6081bb5f7e03 |
| SHA512 | f0dce0b04a0c366fca6ed8945b26622afc32bd0a951877cad4723d2893cdec98c06699234677f99d463af718dfb764235af26a82f6a5956dfaf692d25e5802eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a9ced6c3c64aa0e293c13a9083fb6ea |
| SHA1 | b336a6d33daa4cf32cdf041542bca67530404025 |
| SHA256 | def0898227de58b2e4f246a4a22ba904eac2497540cb1051808866d4c4072699 |
| SHA512 | 5b011360fcf3072e28ea4fdc379e193dc7f260c6811aaf12bdfa39eb2d8e19d71c32ad58151c491f5e809eaa946fcc1fcdbe614bbdc95aef28bfdf77e822f113 |
C:\Users\Admin\AppData\Local\Temp\Tar6C5C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab6C5D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7379211d4c6b3651a8e774d34a065438 |
| SHA1 | aa017091d5d6b516476b75d93b9ace8385274e8f |
| SHA256 | 195bb052d97d44ff79a9ccda14eeea19f94eedc6f35cdca94d6f5d2f75de3eed |
| SHA512 | 38083a92b7e817b04a9e05ac01233216d99f36f4bc3c59b00f2fdaef0d2511fff1cbd5b10c825a69e0f049e43319c190a4dfc50ee4c0806e7a61a7297419d1d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a04c36e6acb99c49d97973142ed5fc5 |
| SHA1 | 704566946e1280688c9c58ee1c6735eb9665c570 |
| SHA256 | 5aae3e86b51246794e6d34ef61c8ca5dc817bf7da9d2235237178320e0173b7a |
| SHA512 | 81165af7c6124115add24691a2c9f979f94603e8ec9c270659bdd6970cb157bdd6c616b024bc61ff9ea00522cf01e19d1844bf14662b865feba7bdedf0c4dea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bef43674713baae156af3860382ad1f3 |
| SHA1 | 19863af58102d07b0fb1772cd22665b4126effa9 |
| SHA256 | 4915a83da4f7fe35b721a4356ee6e8371889ce465445a97eed4dc15feeb492ad |
| SHA512 | 654ac9cc09708e69c873c89a7e24aa418b88f0b409e0ba6ab7d91248b3bac09e6aba3b5a8c2f49389ffd7a6cf36993c5dbda25948284c8dd2c6458cd06182be8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79cc0bd255289bec59c6726f10c0b545 |
| SHA1 | 4c9dab2809656d27d0e13be69e79502080ec9a3a |
| SHA256 | 29c62938b50c687104421888736d929c4bcf531a1a2587c413ac5d749d23b8c2 |
| SHA512 | bbbe7bd6d3b52b798e4df146c0b7e91522af2e1d91f0e5b06c12b68f87b58d9396f4178f14b3a8ee2f5a320aad3e5575b9fed941278cc1a4cd27295aa472c112 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047cbcc1a55c36d88bce74546abacb1a |
| SHA1 | 4b47cf1c6d6d1babd3ae105d151e42489e1d5208 |
| SHA256 | 68a8e7bb386dc9ae55b63337607cf7b076f9c8a149e0586a48e0309e2d906343 |
| SHA512 | 0e41b05b7772af38cfb5e8ecc94b8b87d6c2f4b8ec25e081a469df7a26a059976b01fdc63444608f7ba8c1c43418d40f78843a4b628352630c1dc1d5755f5279 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d5cf3c1125204273dd00a6334a9e6c |
| SHA1 | b334bbbb53c460c2fe865b479d6a264d402b1d18 |
| SHA256 | 607b41dd744495b0ab483845194e16cbcd830a19e1166ae935796b13c9ea221a |
| SHA512 | d46ae782202eb04982318f50bd0109ff345482ba5920897e2a9be6a9415b0558e562ec2f3f93ab2ab4e018d5228a355efe9d0eab7511b44f627ee3292a90533e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35f29e2048081f0d343352006da7d7c4 |
| SHA1 | 538709f18e077901e4bdbd320288ee7c538d0517 |
| SHA256 | 82f71c09be576374854df09eee3277a6b007663c7ee174d5cc564b98cde20719 |
| SHA512 | 8dfbd15d82f84cc80e0e07f8c38650d55cedf48862fdddda247f9096102844a620d0a0f875283f380dbdb5db5a26f9f24162def603271c41df231134947d8dc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50f6e0054e5e11cd21de2716f49116bc |
| SHA1 | 9f15b7af12718152b957486ff87646eb56606f4d |
| SHA256 | 73a9cf8e67408fd60984adfd58e4224df512f4581acc431173b7e9730810005c |
| SHA512 | 8e145ce2c6ea68d545a84ec94f31111daf092cdbde8c00008620c880a20abe6a8c30d64ea3e1afe6cc89182e76e8f9ddb71806fff977b83edd3084640ccd3dbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50f2d361d4f76db61b3cc4b1117215da |
| SHA1 | 973ae3ac4624feb7bbe8b3aaed94e33ae3439407 |
| SHA256 | da6a1b5f8fdc137b0f2242552d2bfe827354f449c4ae7f04c9f25537cb0d3bc8 |
| SHA512 | 0d132ca7815cf46046842a028a3ffa536a63b26e860a144fdc6a9d27281b2b9611d4ccbc637c762bcd2b0d6e8dd0f0ffa34b6b2a15ab447d706a2d27baef5522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ae95a3f197c9c40e2629c21c24b903d |
| SHA1 | 3e5ef1a1d0cd8eba225967341822a3bf0463ed33 |
| SHA256 | 52d82fad0b0b1a124e05ffa52eec3e30c7d3727d20b988032f51a65173407d12 |
| SHA512 | 5ec621b28f1498c5ae48072dd0323f7cb6563e3f3cd9929a286652f75290de3239cded781e843e2bb47f352f0567b2d17421e805e14b8f46c776678b6477c345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e98163a47c312fc34b1b4f34b455892f |
| SHA1 | 06cd390700b946755fd977f8e8a2dde975346953 |
| SHA256 | 68af7022bbaca1243e89fbe4b8decf816072ff1bd688794cf60134d8a0b33472 |
| SHA512 | f0d3b05f1196356bb8e42a49cfdbc777e2c7db0cb5657c4179043cd843c835888481f23c673112bf5e9fa621d038b4924d91e0f69739899946e3f5b2ff5ab73e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02a2440bdf733049585610a994ea2ad7 |
| SHA1 | 4328dc2d0fb8d7689cd879e5c70a39f0599de338 |
| SHA256 | ee2062c7ab639fb2c487db78e3b43adacade936a3dbc37fdce425273f8b5573c |
| SHA512 | b11483043ab5e4ebee6d1ff3f119649bda531c57448b66ac2a5bba7df2913e2c115a900e70b033d67bbbf6f3b171b65146eddca186eb8026d7b70364985b29a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37d43b2a306e3d06d4cbbca6105e4145 |
| SHA1 | d15fe70f80a141b05e8190e5a4e0d7dd44dccc88 |
| SHA256 | fbd788a447323040bb3a85f6803a21f938056068eb2d646f78629b6d0cec1bf3 |
| SHA512 | 02b55aba40ac4527793dc4618fd53746dac26f85f3d3589ee4f974f9de73f1c5ca1735eee1732e4645cd463e1664a9693dc64dcd566b46c7c50c133de0282894 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa22d8e243fc4ad6bc5c4eba193f3da1 |
| SHA1 | ac15a4cd842aa316548ff5f0dc597fd2a4616e5c |
| SHA256 | 66aaea09eaa23359d4ba867b6fa87e8f3636d9a1b58a5ae65be549475ee5eae8 |
| SHA512 | c621749a7ea3e590cfba5c2a3856922d62f8cb7d37b7b1a81e2365495569184543d8738c7baf3f7b077d9e3504bd2181b82bde2f95ae93dc9a92e0f3d0ba15f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 823edbb38e51e912ba8e6e0a81e0a729 |
| SHA1 | 9a3c5256a928ccee91285f24290b11b802483360 |
| SHA256 | 31aca518b06f944b2c938c4765a1a612ea58075d2d148cc56160ee0dcb355e03 |
| SHA512 | 8da3c40bac4a16608d3bcfe10fc26b07a3b81fa943d7906c56b4f9a96f12790c6dba0f2c4cc9bd5c5a0308594dbdfbca10f0de13c06a1afe005f7bb6000e504e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4d4a25002c7e1e63623c57278f76fa4 |
| SHA1 | 666bfb3ddf06ba9f68b14e89099d1d1e95779e6d |
| SHA256 | 1b9fd8d6ac1470d98501aa5cb8816ef09fc92c82a642c436f8bbb9bf4b4f5d76 |
| SHA512 | 76f5a43ec98d67dfdc896cac0650865652a10be9b0765e543e4235d4109ec4c351a471370265d36a8ab7bc5fe7c2dd087a722f3491f6a3811570fa809c53b729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 426cce9b11d10e08270d7cdd7305eb32 |
| SHA1 | db22c3817d04f81c3dc007be9b10ae14f0692642 |
| SHA256 | cebd3f7b972c30ee706ae108ef4e05267f6b57cb2828e6f3b07e8efa31201462 |
| SHA512 | 806e9b8e5974c010e56e1d2e726a4924b18c3fc40d12aa24deed7609863ab3c4288627600e78d35ec5d6515a0256e614a17bb506b122025675b71c660b11efa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 753166043736e3748d108e91100f5049 |
| SHA1 | df2ea62e37972668e6fae7edc935668942a182b4 |
| SHA256 | dfafb418af281b923220f32e65b3d86410796335a3e7db65a5149d079c58d3fd |
| SHA512 | c90dd1995f9351b0122576c8d53e53f5e5511d6d0ab890f880a87861d72b476c1ae68a6bccd029f762df482666ccc6947ae947fe09d9f3416c5a57d0e1bbb45a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91e8c05edca555bf7397d4cdfb38f614 |
| SHA1 | 3fcd7f6ea9046aeaab83ab952e08cfde91635e99 |
| SHA256 | 76fa11376db66113948fbd00ce22a4e125377e736f27d068141dca102ac33fa5 |
| SHA512 | 8b9820c05444c6d8cd8385415236658bdba543ce67642662ff400852adf874187b6e93be599a8aa9de048ba82615797f27b65f730ba4c5b2d9d6ce8424e08a87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d588e28280f6b30e135b27a1b121cd9 |
| SHA1 | 4e2cdbda5b0aa5e48e6c886af67cf30e9337d9d3 |
| SHA256 | 77903e02024ae27dcac081a3a0950543819fec8b184e80bd7793d6ceb1618b05 |
| SHA512 | af6b3725bcb96be0ff62c3a21c0637fb6b12f474f07edfc70b34be2ede3cd63ef64e4e91f6d8cb9f5c8d7dbaf3fe9852aff2459a1dd4dea387624a9e622dfb94 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:04
Reported
2024-06-13 14:06
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb884446f8,0x7ffb88444708,0x7ffb88444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11891569854383281424,16787882014701194878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | italosearch.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | italosearch.com | udp |
| US | 8.8.8.8:53 | italosearch.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2028_TAEDMQBJABXJRYPW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1883cb3f9c41e40c6c9537e3ede07ea2 |
| SHA1 | 91376b371a7f78a837c711a350b7ec156d01aeea |
| SHA256 | 3e6a33e7910be39fb15d01e2739844602b84ff02e79cf8c0062192ae4f342a06 |
| SHA512 | 3fd0ce8878c736679446a68d73fddf772aa1db126f4f3b4ec0d0fb55798d7b0e10b0074b3eaa78781280c9162f6ffb02bffa0d04d785468a4dfe95d2aef2168a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e69f5be9a627b1e2f36ebb22fea8e2b8 |
| SHA1 | b00280d15a3ee426708e243cb8e8562cfead1c0f |
| SHA256 | aae4c7203b548c1d5a15b7ae8edf39ac67097aede3641540d9316c8dbe926b66 |
| SHA512 | a1d7075c1158f24dfda1a68b43c65687913a7881c068c9024ef9750518791013c38dfcac8b16217a46ba471732f7b87881cc7f8ac4f60cdf3fd1f36633d2e8f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8705269042733aa708783bcdd1501532 |
| SHA1 | e00e3c8018abb53c4319e43e5841d7d11006a68c |
| SHA256 | 47b92780202d75be0e578572d4fbc0ce12cf5610866637fce6d7e3ca27e825a3 |
| SHA512 | 9f021cc8eb51d36f8bcbe9dc659f860ad132a3f742aab06aebf90ddb2d492b82c2ebedd9c3313aba7e4a18525528f1d1082f9da5bb5a7804293ef3856a3a8067 |