Analysis Overview
SHA256
9386dfe20f50309532d7fa4e9135dd3977fd8fa239b2febf4d5fe42c0dd25018
Threat Level: No (potentially) malicious behavior was detected
The file a5f2e91b1a1d9635f3b6b67bfa080556_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:09
Reported
2024-06-13 14:11
Platform
win7-20240611-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{809C9901-298E-11EF-9BF5-F6C75F509EE4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000bdff89598919828f52393a0ea66f424518d22b38b483755d7b2d9c1bdb04c069000000000e800000000200002000000080f2e6f6bac111843faf1271b81ec413b1921e0d3a1c01234c6ff108198c7a7e20000000d993f523cdc07861dc81fe46a904c81fcbd857395468206e8d9ab4c609e76a7340000000a1b57b75b201452c6b07b529239de307f8e35270ec83edfa68e55668fbc6dec5068255562d54ad49fc3d19ae57778dffd6bcfe440bd4900605c88c6c6f585472 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e990f80d54d6abade07f356ec8e4e10f2a5890134571598c91c04a32c7e78702000000000e8000000002000020000000ae4aa72bece0152e4b86d0be7d94646c567b5cb4a5c6c78de96c5bf3e00c95b890000000b3d4da6615f2c8a6eba26eec4939f63722702af6b220888387e4a2ca58196b190118811d3f9ffc6629e4af51edd573f52f8024aee5727408a21ad8e29e38142a007549b097a865a49805eef1144df1616fcf37dec5e5fe0c953d1d43ed8265f6e47f2e6af81644a893b2026c923d0f89d1f23fccd0f2920b2374c649ea717e0bca6f9ee18d1979cbb4d0b4cea265811240000000237e4c998a31688238d888823db1b7fc2c4eacbf0ebac4e9f56c81159667c3a926b21a9c3eedf357018d9fc9723869c32b0cf97031e8c32592dafec76c41bcf8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449618" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 202589569bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1968 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1968 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1968 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1968 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f2e91b1a1d9635f3b6b67bfa080556_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab800C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar80AB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d559ebe127ec06bcaffd1cacaac3193e |
| SHA1 | 0b4c4b6dc7dc22fae1edd57755caa777eb3ba878 |
| SHA256 | 9dfd84a0d32c684e85d289c8743baa24b6dac7fee499b5622f076e97a2eba67c |
| SHA512 | f15a3797e8156fd743e8223da186d78186a87f53181829d54096346d41289eab96d5adac13d5ea9b4127d0cf1a832ee221c4881698338d366b121a111c4f99da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ebe2add30311b6dbe8423d8e1230225 |
| SHA1 | 2e7e2add75f297a3274df51840b4331c2afe854a |
| SHA256 | e873d7c31be3e2849126b089b6cca522f35a4b13e5909db36240f559d10f3a30 |
| SHA512 | be68b41b766e85144b1f117246b8c2b675baad362065ecc05e9bd4bc93867948b1e947a82509bc6a8e9ea4621b82e34333c6e8c14a966e3f9e3e61caaae00466 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62b4b81cb4dbf81eb229efc96ce42505 |
| SHA1 | bfed7829ecdeceac19a2ac2702405906f38986c0 |
| SHA256 | fb6c20db7cb4736d08d0b449742b558b5e2c339af9fd997cf4ac54b330f318e8 |
| SHA512 | 6fd11dc46c7b74e2bccd71e6d28b5068bc4f2819e8760703ebc480c95458ce2a3dbbb58e5efb4266977425b87275b79b45952fa3052f189858b955b80be36154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52a6128d980d6af2702c10bc778b0db4 |
| SHA1 | a15d3bbf1a330119fb8ce49c22e1eaf6f2f6cb71 |
| SHA256 | 0d8eb5e513cefe55bc9ae8cc5b28a4d8f8c839b5081364086ccbee4454f84ae8 |
| SHA512 | dd1ac8bee66beefffe499ed0905b2fcfd0fec68e8a3dcdc438e6d07888823c8d1acdc9349c76098339d70ee7555f0ba2bfe5a29a2aef359043e90cd65dad40f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42d6fd1c3c99afced3fd73e751400566 |
| SHA1 | 8f60e2d3dcc79faf0821b2a25d00a3138d66fd22 |
| SHA256 | 020ad86dcd33bb53e16af91b47cb247f182f6bd60f3be545f57a135c95fe32d6 |
| SHA512 | d9a6034cd76eedfaeed049b0145691a503c8f3cc5d1ce4df90433566b1b505ce8d65d5cb985b70da01e1c39add2766a4aead4668635e64eee1bfd8b8561ae39a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a93f2aecdad41bc6bc04daea46ef8dcf |
| SHA1 | 3b6b96e8766c4e41daa267442c87bf958169e73a |
| SHA256 | 12ecd3f9c2ca42b3e1218a1530ccbe68e0969640a01bee54ecedebf77bd3f34d |
| SHA512 | b88eaf93152324fcb5873954dbd118835f6138d6cf2a000f108d5d8f7d4f8f3652f56d2e1e5b129d801b9cecc63a8dc3edc6b87aa55d6e5fbe334e2d95d9bfe4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5588210b1cf61e0f6a5f0ae0c8d73f87 |
| SHA1 | a85e35a585fe07dc47a9ba6f9d4efd8ccf8f525a |
| SHA256 | 5d0e9b855c92e3c395baf50928c6e3098b0e293cc1468877611aff0380615cd8 |
| SHA512 | be2bd62e9b18e4c6e050121cf598d377565cb8cabdd99d2f09f4137a73fc0a4bbc5edbfdc6d86cd637cffa8f5c7475660b39ce889a2e07c66c378dc28afe364d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29fea10bc290a4255f098d85bd103b3f |
| SHA1 | a0d6ef4dc25a4868e159f4a56afe55f09a93acd9 |
| SHA256 | 83c1705374a93b36fc7bbd360e96d44868c65728ab4779388680022a019ab459 |
| SHA512 | 8bfe88c45fa3601a19ae55787a94a3ec97c9ac40eff5629d65f5492e7639598b6fa06367bfe2660443ab32dc366e18d88ec75a61fd56a2683d27cf8233ae2778 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b5f7c342fc13fde491c96db0fbcbd0d |
| SHA1 | 485627b7e1bef2a4acec7a38fba971b817cd8e51 |
| SHA256 | 45cb8b1ecc0901f39df1d5653e1e032a9dc29fdab7bbd5a4cbce7a721270a4aa |
| SHA512 | 2480d4eef0ac1db97a9da3a0f6e2797c6f468c4cd60abde92d1e6c5910ceac0fffb6c91fc1bb8d58fc710a142761bd61416cb0d727deda807ec9177b976572f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59f329f1e8159bd28fcbafa4bfd19818 |
| SHA1 | e54f911b76561c754152775d60fd9244ab230ba9 |
| SHA256 | cc932757aaa11ecfe1069e06ea56e6df8062f30a8fff16a3ffb6683e0a3abc3e |
| SHA512 | 20220308baed8f2d7940fda114484507f7f8ada43115e27a80b2b510ddec84c3e5da920b009ce6bbb18e8fd35453f20612bb54d1d8ab8991f74e606f24ff9569 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ba193ccdd86eb30394012e6a8fa5a77 |
| SHA1 | 2bac9c0afce87358f1069743afa6f13a366243da |
| SHA256 | 8a1812b4c0db45ee1ffc8fe60f5e111e0c096dee89a8914efa6a2e039b0d2198 |
| SHA512 | 156a192b15abc65582de3d2853637c9c37110b790460326531bc8bfbc5ad98fb059e095cbdf2391fba20d669a173108371bf2e6230259e49fd39a6a96f95f021 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfc5e1d6ab1e64c60702bf9defd52b45 |
| SHA1 | 72b8b5a8986950227ea08c3ec6cf05efe7f90d2b |
| SHA256 | e40a3c9e2edfde22ede5609927814805b82b43d421f43b7a41188ab5af6fc548 |
| SHA512 | deb9386a023adce7327702c9fd5a2041d94f4e5ff9ae3a5034c67aac37f36de6e466ac634f3f710d395d6b9bcb2bd0f9018f31bf510e346c573d92f5e3f0f748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c33f78aeee4f6365b51f323fe769d55 |
| SHA1 | 1389347234213f127a089492df53b94b8028556f |
| SHA256 | f09f5a3bef6f01bba20ee3ed78675ca5c0f63f2041f30e02a634a1d1ef81048e |
| SHA512 | 2cbb9b38de263325447fefdafad3f136496ecae8edd440421bdfa9f6c424e380ed6106164e372964c75c41ffa6b6809aa47b01b66cb3a2a1747a049fb84cbfe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa86236b1cf97b2e642c9a3a56ca53cb |
| SHA1 | 66b0c03d63d824c6d3d47c5e5349ee391b626371 |
| SHA256 | 1467babcbb6d0497c086292846b596d33ef35d592a52d19acbd9222f5004a287 |
| SHA512 | 6b29607cd14c0046d366076aee436bda5d3f826f43a4dd04fc043e2c5f520a707d0baf5ac682a662bb3dcc081abaccda7b6fea9107a2cb09fe0fc402a3223554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8986ee063eafbe88c2417141c78adbfd |
| SHA1 | d5a471000f924880f59362db12ac35dece62a621 |
| SHA256 | b51471d438ecd0f83349877108c8d1360fff5780c95783b93bf5cae8f540b7fe |
| SHA512 | c647b013d2479d0269b86decf3c19f3988efc198318ee3f31d146a710fd6a812e5900771f2a8694d456b352e6964e7ffb87335fdb17cf965da1e9c6d1a4cc30e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be11381ad80ad2f8ef000edbbbfb5536 |
| SHA1 | 856c21becec3bca6e0a9008a48543903c007a7bf |
| SHA256 | 74936281ccd3317f81d680bdcfbce9f13e4cdddb72eb8e0d721d70f550cb47f8 |
| SHA512 | 72beb15993531d677d6b2d259f4187a74e9043d236186ca4f213f87cfdb9c8b720781db4e158793c787ebaf4080a07cdeeb7badf55f9d81f4ecd8c6ec4c37d74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 013cf776ed4db08bcc7de99b01a8f2fb |
| SHA1 | 8622be1c123b7df037b4c1ff5527c8915ae20847 |
| SHA256 | 480614598fd8f9f6c5d81fa7ad1a9f46345eec5b1f306398294715804ff028ae |
| SHA512 | d67acf811e8fbd4bcc5dc57a77ecf4836dc9347ba01751f7d47f58c87547e7942c21daad54f6b735bd82d202981da75778eeee6d679e1b6f9a74682a94f808f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb016bed2385ffe6f57322af06c29d80 |
| SHA1 | bfbae514bb94cf3395b2a9f10b68aa40e6946ea5 |
| SHA256 | 9ef06844a03279af88ae3dbda94bd3bf6dc63b9827dd3e39d4d2d024fe517522 |
| SHA512 | c9d3fb08c5b7b462e3155fb5c81f30b60dde87348e900da6c53c70bbdfd82c0b4d8a41192ef3091bf74e3518b4e08cd65b81cc10ac6d357b902c6c7a4fc607dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1477ed89ba14d74627e5685c9e66e30d |
| SHA1 | ab3826447cc8b7dcf1deb1ffb10492a1a6bba4e1 |
| SHA256 | a289c5f276893cf2a708ce60a6688717c58f47d948979af7f10b8df9408a89d8 |
| SHA512 | c6b180a2d81d77b97ac00013331fbc04a3170322849cf4298cdb6499b83fac0d24e74296a0c691e82682b6cef8b3b0fb9332b55824c6322547d00972b43d08c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67f3afff098be92eefd4d0ec15d32ac3 |
| SHA1 | 252fbaa5e498a79faabd0e084648f7a8601548b7 |
| SHA256 | a6d8c4f5efff873a732b3f7c0fbbf7752395e70003a1f731a842882c550fdfc8 |
| SHA512 | c7eccd7871170935a89cd9d01d477f3ca631718e35be2f937159eafe3bbecf46f54e8698fe84f177696cb39da5f6a889fedcdc5fb3e770a91b9f7bb88e4a1611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9800b807ca0e53d7f10ca27c612f9c9a |
| SHA1 | e15b8d2998782747b944f32bb55e7dbc0da57e74 |
| SHA256 | a1d6a02a25264093440baabe4bbdec5c0e1f35baff41fde9859b66377d54ac56 |
| SHA512 | c762106f587b30910ed118de73e6b4f8a00466345d53978b27110fdba5de5cec30b0a35c86507019e9823ec651db84ac9eb2680dc2b2727698d6bbf5372b9d7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6b9dd7c35c3e3a2758c30419f1ac526 |
| SHA1 | 0924192fe91c8f26b157ec0ac59541250a29ef16 |
| SHA256 | 42d120d5d59b043ad0024152b55d1042831c73c722d524aeff203e879a947e51 |
| SHA512 | 15819437e9f4637746bfab1c7886f525886fedbb1765e4a2b8d0902c604a03e199c3d6d0d455d8a0241359b0a2c2d898746da7d9390cb6eb22212561add5173c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:09
Reported
2024-06-13 14:11
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f2e91b1a1d9635f3b6b67bfa080556_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5385030226291005475,9393891605674983614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4308 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_920_DMFKXGZRSPVSLCWR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7db0b3f40f56af9f851c81261edaa8a2 |
| SHA1 | 13584cd8383fcd19c7b0a629426e3325f6888219 |
| SHA256 | d8f2ef41f0700e74d782a69e3c52f264956e8f5f6232d990e1fb6a14c8e4d04d |
| SHA512 | be8508d677a0a56ca991033a11ab8934cd8cef597293e9a9adccbef38ec992d1a57ba7b80b3057fa209d9770935ab907ec78fb4a4af79955ec666eaf406ab6b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dbf1a6152a11ab60c30179cc33ac309b |
| SHA1 | 311246bac3f41318855862d3c448cf71c77400ab |
| SHA256 | a230889a233cb5cc31721cd1e270e38ceaebd701b1d55aeb4d98e8783b0811c2 |
| SHA512 | ef77149f084621f78cfc49eae44dd2f8b5a57398602e2ba88ae70d104031d2751be3d180ffb6c3d244890b6d25b9802617591f021169e1abb8daf77f9d4d3d20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c14f9e159e38b0af1ea8b6a6ca892e54 |
| SHA1 | b469481c52325e3bbbf3e799a7027e2f579d93d0 |
| SHA256 | 6c028eaf677b2661800b634c6c879cc0a81082da0d8315b3a3ae6336379a673f |
| SHA512 | 38b96a94e1c14b5d9def10b256417e35b14d9fba492335fe1aacd3ce8ebfdb38d42712e8ea70a39014ce38c579843e75c096aa9d1ced4dc63c8c4c14532f84a2 |