Analysis Overview
SHA256
98c58c68965911e638590d81fc2c308587dc7632e05c542b6b7deee9e3af8245
Threat Level: No (potentially) malicious behavior was detected
The file a5f44099f229bf55c5557331cf4af49f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:10
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:10
Reported
2024-06-13 14:12
Platform
win10v2004-20240611-en
Max time kernel
100s
Max time network
101s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f44099f229bf55c5557331cf4af49f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe473b46f8,0x7ffe473b4708,0x7ffe473b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1882603759685235100,5392892316101546134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.stoneshomefurnishings.com | udp |
| US | 8.8.8.8:53 | pimg.tradeindia.com | udp |
| US | 8.8.8.8:53 | loftbed.net | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | img-0.fruugo.com | udp |
| US | 8.8.8.8:53 | www.furnituredepot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.agethahomedesign.com | udp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| NL | 77.247.183.154:80 | www.stoneshomefurnishings.com | tcp |
| BE | 104.90.24.7:80 | pimg.tradeindia.com | tcp |
| NL | 37.48.65.136:80 | loftbed.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 74.208.87.215:80 | www.furnituredepot.com | tcp |
| US | 8.8.8.8:53 | homeinteriordesignthemes.com | udp |
| BE | 104.90.24.145:80 | img-0.fruugo.com | tcp |
| US | 188.114.96.2:80 | homeinteriordesignthemes.com | tcp |
| US | 8.8.8.8:53 | image.shutterstock.com | udp |
| US | 8.8.8.8:53 | www.buyfurnitureyoulove.org | udp |
| US | 8.8.8.8:53 | www.homeofficeamerica.com | udp |
| GB | 18.165.160.32:80 | image.shutterstock.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 208.91.196.152:80 | www.homeofficeamerica.com | tcp |
| US | 51.81.217.78:80 | www.buyfurnitureyoulove.org | tcp |
| GB | 142.250.180.2:445 | pagead2.googlesyndication.com | tcp |
| US | 188.114.96.2:443 | homeinteriordesignthemes.com | tcp |
| GB | 18.165.160.32:443 | image.shutterstock.com | tcp |
| US | 74.208.87.215:443 | www.furnituredepot.com | tcp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |
| US | 51.81.217.78:80 | www.buyfurnitureyoulove.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.183.247.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.65.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.87.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.217.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | studiolamour.com | udp |
| US | 172.67.185.2:443 | studiolamour.com | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| US | 172.67.185.2:443 | studiolamour.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | ww8.homeofficeamerica.com | udp |
| US | 72.14.178.174:80 | ww8.homeofficeamerica.com | tcp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| US | 72.14.178.174:80 | ww8.homeofficeamerica.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 219.123.126.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.185.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.14.72.in-addr.arpa | udp |
| BE | 88.221.83.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.83.221.88.in-addr.arpa | udp |
| US | 51.81.217.78:443 | www.buyfurnitureyoulove.org | tcp |
| US | 8.8.8.8:53 | cc.cc | udp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | 225.63.222.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcp-img3.cc.cc | udp |
| GB | 54.230.10.39:443 | pcp-img3.cc.cc | tcp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | pcp-img1.cc.cc | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.10.230.54.in-addr.arpa | udp |
| GB | 3.162.20.18:443 | pcp-img1.cc.cc | tcp |
| US | 8.8.8.8:53 | 18.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcp-img2.cc.cc | udp |
| GB | 18.172.89.72:443 | pcp-img2.cc.cc | tcp |
| GB | 18.172.89.72:443 | pcp-img2.cc.cc | tcp |
| GB | 18.172.89.72:443 | pcp-img2.cc.cc | tcp |
| GB | 18.172.89.72:443 | pcp-img2.cc.cc | tcp |
| GB | 18.172.89.72:443 | pcp-img2.cc.cc | tcp |
| GB | 18.172.89.72:443 | pcp-img2.cc.cc | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 72.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bestwoodenofficechair.blogspot.com | udp |
| GB | 142.250.200.1:80 | bestwoodenofficechair.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
\??\pipe\LOCAL\crashpad_3272_QMDZGIVQFDEURVVQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eda2d30de9dfb2d884cd7f4dca23b808 |
| SHA1 | cdf37c71e3668ba4c227071080c4d1b38ac2eef7 |
| SHA256 | d9b348954a0cba07a39f206c6434bfcad7234f0d738cfda39322ab031f74ec17 |
| SHA512 | 8da45851616d2822b058e4e728eceed071e0729b5b7311d482a896da2323382b9063e99216bebcf3bdd1bfcfc2cf76539553e7e836916d4369252ef5dddbe7e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ac9c32cc9ceb2ac6ff2789f341b6c18 |
| SHA1 | 033fae86a1904e1df81001514ed2e531a654fba6 |
| SHA256 | de9da3066d8420c4eb42af48122d7f6e86fd60e608471c86b6e55822c940ea56 |
| SHA512 | b8036de58bb7829f0e6aca45116a2cc002fdb684c86d643cd845dfb2aaebf2daa4c1a671b0d27ed6872696d8d339ce20c199a20fe104e58219b4eda0760a0856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eeec32c8e84489454df5c2f3fb53e0f6 |
| SHA1 | 935e864b98fa063ed105f8fc8e84767fa0e07013 |
| SHA256 | 9c52f1f29b4797d5bb38d8319e7f7a45ddba167dcf020026dbf306a54ae8b912 |
| SHA512 | c932e90296340ef00be575a64b6220ec43eac007a1a22b73deb19e4e1d4aaff9f213af8897edcfe4ff88d383c041c8c89e492846f4148957fe96eb83a42b1383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 145026065fcdfba4021deece7aee749d |
| SHA1 | 3d6d14d87bad3fae31b0da9648b52eb6d27027d5 |
| SHA256 | d8504264bead45bcda3ded59dc9285574d75d70a7f5c3541be8c19dfc1fe462e |
| SHA512 | 0abecce5375e35fdfb8163c8b22823932e4e6ae2fdfc1e01cd0e732d1bf606b0ac357f809d427070d720b0f57cdf513c84613d59456723da0a3f2f5c4bea1aff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d0c0f0f5c9fc02f6854dad8bca6fc29 |
| SHA1 | 39239140a0256397dedddf4bf2f2c46d9e3be9ce |
| SHA256 | 7f78f9d97d6ae5ec04f7ca260747ac5afe6c0b85cc9fb236e92e75c60cc2cb9c |
| SHA512 | 93e895a1b1593b74d75094d0906f3cb9ed3f8e037c2a2c6cb74022899e228fd02910a7d57b8cf7f57792d418f28cecf22f82c53d15a688e70c6b9863e93900a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 35024ad955f5ad17c5b2b7e337d06d4d |
| SHA1 | bc3a3d601512c803f3adf51c23b25a72424f2520 |
| SHA256 | d9b888dd56a851744d3ddc7896b2090c5daf3b11e863c9732b8382d9cc407ec7 |
| SHA512 | 1cd7ab43e5a807ca89a0c7a74d4e9c70fe9446231ac1833c53c6256c16a51cf1d5b87087da7927a3ba476737da75bde95cb61b0b225fc87df97924f4ba5dcb64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 963885e50b0ce1cf34cac73b0480aacd |
| SHA1 | 0c0020028b84d2127f62cb1e7c14304a0a343da5 |
| SHA256 | 9e8af4f1f227c937dec871656bded1d962f17378957b15aadaf5b9c6868f1d74 |
| SHA512 | 54f0a5ccbb3aa377c0eacde8c4ff20204a34eb75c504869ddffc0ff97e39d430b71102a91e9c400e0d2c263fd66d2c539d43ea7f80afc6a6a63d394c486693e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c44b59b4-712d-48aa-9d25-27971b11fe47.tmp
| MD5 | b518e49db5463f3d029aa6e399ab390d |
| SHA1 | 1459b13867949a20e27b0505287d54ab94316148 |
| SHA256 | 5dc0553b23c1900b84433b87ec1fb12ce1cdd7749be8e9388369ad77b35a0f94 |
| SHA512 | 69c62e0f09ea99d1385c8ceef42456598ff96fe60a234af3000adb31272a0ff73c9abd6484052b2c3f973afa56e76baf677b084a5eafdd5cb7513e70cb8b0554 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:10
Reported
2024-06-13 14:12
Platform
win7-20240508-en
Max time kernel
147s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000541cac41be2a9e9156e148e96b7395fb8fcf85423df0cef1c47ca19078942f80000000000e8000000002000020000000f6d9664d4f52e555ba98856ccee96e0108ee52ca747bd3b0a0816a1cf3968f8690000000a5cf65f2dcde9309183dd6b7ddbee7052d2e86f101d66d136528d2b13840e41f0a5c5d727d78ffb059190c1327c8b59608076a3c5d7c3a82e26122d6a275efed913696a055b5d9cead4569c54a6be1d55e15f650bd018b59d96a23edd71635695d6cd7d20a52381dbc936c377001dae71c2b170d37089d7e3233252951e62a45d65acebf3c921fe977bf16afe169b88940000000e281501c6b974f4f63cb18bc109bf038fd685bea24e92cb20dc7c411b2bfd4d5264c9f22253b13cb53c42a802621909784cb9cd478ac76cbb0a814f690301019 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449709" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA6CC2A1-298E-11EF-B390-D62CE60191A1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701e64c39bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000008374a13cac6a2cd7633eafe9079ff7478d7e9395fa7f06f3a3036c5dac7248b4000000000e80000000020000200000004bc28d0462665c955272f97716c8ffa2ee694e2bbac615649ad28d1462ac0fc22000000014510104bb13e8ba2d9999c903fcbe76f789f140c12efe5eefd88bccbd5f2a4c400000004925964fccdedc5b2c7f487f5074a6f7c6b9a42978144cc567afdcda5b7b9924d1eb784fb5d9d8e83c6c5dcc5a0b9b46d54c006051bc802975fad293a4f81105 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3068 wrote to memory of 2068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3068 wrote to memory of 2068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3068 wrote to memory of 2068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3068 wrote to memory of 2068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f44099f229bf55c5557331cf4af49f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.furnituredepot.com | udp |
| US | 8.8.8.8:53 | img-0.fruugo.com | udp |
| US | 8.8.8.8:53 | img-0.fruugo.com | udp |
| US | 8.8.8.8:53 | www.furnituredepot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | pimg.tradeindia.com | udp |
| US | 8.8.8.8:53 | loftbed.net | udp |
| US | 8.8.8.8:53 | www.agethahomedesign.com | udp |
| US | 8.8.8.8:53 | www.stoneshomefurnishings.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | homeinteriordesignthemes.com | udp |
| US | 8.8.8.8:53 | www.buyfurnitureyoulove.org | udp |
| US | 8.8.8.8:53 | image.shutterstock.com | udp |
| US | 8.8.8.8:53 | www.homeofficeamerica.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | image.shutterstock.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | www.homeofficeamerica.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.buyfurnitureyoulove.org | udp |
| US | 8.8.8.8:53 | www.agethahomedesign.com | udp |
| US | 8.8.8.8:53 | pimg.tradeindia.com | udp |
| US | 8.8.8.8:53 | www.stoneshomefurnishings.com | udp |
| US | 8.8.8.8:53 | homeinteriordesignthemes.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | loftbed.net | udp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |