Analysis Overview
SHA256
e8fc5cbf369bd32708c65d28b959d6240c3ae6f2ed264ea5fdc2e703fb2a1c5c
Threat Level: Likely benign
The file c02fd14fb9ddf559ddd0e3724ca8a59f_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 06:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 06:55
Reported
2024-08-25 06:57
Platform
win7-20240708-en
Max time kernel
142s
Max time network
144s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDCD6A41-62AE-11EF-B557-C20DC8CB8E9E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000a7841fdfcc93fc6907d290cbe76aaf8879a0413534e4653e242eef656adc8e14000000000e800000000200002000000045604a8e5a33bb2e1661063e4eee4101cb3ef53b849368d4e6c42d35a0834d17200000006e48eb95c182f9c8dd3ef1e6d72c77c5d9f32a093df6a3e9b1c89fcb921a500940000000170ba33b7ca9b7f28c7622c48254d991c6e14dc676f72499a42e1d48d093dca1bdad79845706e6bf3c8d97dd09bd77fb0be42a228148583981f8eee487b8e158 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430730787" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201b8bd2bbf6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000028713096f20ffe5f600e0e43a7a83bab190b5a1f116411322eaa1ebfa3be646d000000000e8000000002000020000000f79ac2b4910258e4e099837c4d1f149f2c36620338769da890a81d85a8867fd090000000c4de0bee02fb27329f0194031ab9c481a14d732748fedb346cd20c7e9b7719c6ad867782234d5f8c4560d14b64c83e5ec029617da4b52a504bcf186595bcac9ff05bf417e234ac734c065f9b9e00caaa389cdafde2bab7477e001e11772e58ccba2fbf8df8adcc044859210f64cbd2a2946fb1367ad8daff21d5fd7bf7bd5d0a6da98502810283c0682111d0454b101f40000000a2a482c224bd81f362712d5c046c35754238b539b5928b6050008b0b3b3cc9a71498bb3900f227bb5292f5a3c72ff903227f14f999e468d0bb9ac9fff3d7257a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3044 wrote to memory of 2792 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 2792 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 2792 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 2792 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c02fd14fb9ddf559ddd0e3724ca8a59f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| JP | 119.245.186.179:80 | 119.245.186.179 | tcp |
| JP | 119.245.186.179:80 | 119.245.186.179 | tcp |
| JP | 119.245.186.179:80 | 119.245.186.179 | tcp |
| US | 8.8.8.8:53 | ausrxvia1epmd.ce.ms | udp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4C8D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59aeec7fb33ca27979557a7628e4e537 |
| SHA1 | 506376b691cf7d67b099b1a1103133d13f95f6cf |
| SHA256 | ec3b43e4e9ce350c5306e439f576d5603a7539741ba74352a89a8a021c0712d2 |
| SHA512 | 88ab43988f59095d5f46f8c588d9f21f07ce830414eddb559953947c03c7d22f56c8b8348044caff0b5f0ef800cfc2f925baea8966e94a26d86455c6bbf40d26 |
C:\Users\Admin\AppData\Local\Temp\Tar4D4C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71c98958afec561c808cf2683bb095be |
| SHA1 | 7ee1bf049ae644232a4c4dc7cacad6ac4cf1807c |
| SHA256 | 40595d2dfdd1c1dd80b876ec0ffcdd2bd196f0591a091ea7060ee3ef671d8ece |
| SHA512 | 54dc578b1a7bdd9f32e4b45c350a17a8587c38fe6403ed0e8af82c7f377ec709f664cb289b2038a112b203db29886347da02ef4a8ac64aa5a7e417053e5e953d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7965c6f26fd96907a47ce129bdd97819 |
| SHA1 | 7a71b70b35e6bfc23019dce3336ca2ffdffece31 |
| SHA256 | a448f90468dc7ef30fb6bff8a2163cab05c07de24563c8f07f3d4a826151ec69 |
| SHA512 | ffd18fb5d927aa34ddc1504c031dbc9ebaefaabdf9f46605b94778fdfe712d37396c7b7f14b274f3dbf74ee396841576f69eb6566fd69f8c0d61ac8769317f9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36a3a8bfed1bcbf4ab9c8877549c4ef5 |
| SHA1 | e08d1a08a1999f030ba373525051c83f4448ed41 |
| SHA256 | 1018471b6c4a31591eb7ae624cb0d5a2c39f7e098bc6d1e88a2ac189af08f796 |
| SHA512 | 547957825038631fa551645ec1bb17199ad58b7a93afefef0aab586730f3b545b3271df3929cd7f491887f0b3ff70cdc93449cfa7b7496189a611778eaef914e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45f6c10c068eeedaba7a1ec56807bccb |
| SHA1 | c3244d632e248945126d1580e011e2ae0a929c4a |
| SHA256 | 2a5dfab44d8ee011ffe1c5e4dcf39381c40ce39e34a9532ec2fd84fb0e61bb6f |
| SHA512 | 6d3f127c44825782720b23d408fe0e782ceab2f9e0ba00c6a4c6210b81e9438217560b55873715a168933c5b2e6019460d7b429b6d378eae0b423b7b67fe9e08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23f3aba62cd5d5831aaff969f842a706 |
| SHA1 | 73a4af7a39dd19c9a36267a9526a70e285d2fe93 |
| SHA256 | 9802478f6a280173c365da61296d20bcc3795775e3dd312535f9ac7d54daffab |
| SHA512 | 7f24288c493b4ef3c64ab15302b4c8597c2e0c224eaf75fd357421d7288864ba7f5347e066765c06e5cf708a0ce4e5bf2840c2159c64cbf903ffd5581b7b7647 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3299b7b286f5f34097c9ef38ae1daad3 |
| SHA1 | 53f1684895c42e6861f04b4183db1521cc0ce871 |
| SHA256 | 51125d2aa975140196e4650534b2681018ad9ccad50379377c964d85aa99bdb8 |
| SHA512 | 5fdd98948b85002948f9ae87852cdc049677f79be2f8647b8b2ba48577d2fb209b900c737201b27965a919458e6daffa22450007ab9961603ebb146ff1a36ce7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbad89e4bae760573fee5e56386db7ad |
| SHA1 | 6fbd487d185b8c3cd9a5a909224be8c8b59d5061 |
| SHA256 | 6fcbeac9df81ba151b51728cffa43b9fe573fb59db4876378949e545cdba564d |
| SHA512 | 8a4af2c2ec26900e96d496b5138fa2a66a09d4b5a6564969a61eab672c738bd221556186013f2b24fd1cac5d718b3a7953c3bf6742465fe4a1d6234d4d3e26e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e254e708c6e263f71b9d555af6adcd3 |
| SHA1 | 281b3e64ed9c34cf596cdef277cced85baf925eb |
| SHA256 | 52a199fdb6f1094f782a55f60433fdda27d174e986a2a13389b4b2b4b002a265 |
| SHA512 | 039f5c78a8360c6c39fdf41ba9846f721368d88e2eebb4264bb14d683c879b357ee4fd12b323ca6fe69ce871d9237d340d7de5bf40fcc278a0fb261d819ff28a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a86cfc6b9ee08ca6d8b90126abc54e5 |
| SHA1 | f5e7a597126a0aac46fd499e72f4d95ff6ccefdb |
| SHA256 | bd1104c5d3d067574be2dc1ea4307a9c121d5c3fe332db8ac7ded111d91dfe82 |
| SHA512 | a24ac12cfe8e3734f962be0fa9391634ad9127977bb952badde4ad20bcd6abd1748288f1caddfee9a6673935c6456fb5b3fc33cb4408e5bdae45d0cc18f639bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43d03f9e1cb18a87915d2be84ef28a39 |
| SHA1 | c8d949aa67e38048b568750fd12e1c39f22854e2 |
| SHA256 | ae1d09a784c3ca142a504a2926c052a0cbc3f56a8578072cd726357cd7ba3ea8 |
| SHA512 | 39bcf0f9e28f9e8b5f83ae32af368d32ac4a9e2e48a4181515df690ab76f478b6019472639b52bc9cf3d9e50daedffaec8436e37d679c9eca73250f9f547ffe6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 602c30152ee4a1c57f347a78391067e8 |
| SHA1 | f8a7cf4fcd85358cb07ced1e9ff33419b6512276 |
| SHA256 | e44bdc389ed9981ecd85aca1205c6e9b65b2316427717a2424df8c216bc0a500 |
| SHA512 | a0e1a41679504836b0fb38709ad95f2adb8677a370fd495126b7390c330515447fb3f810d197d851af6be707d8ecd90dc728055263c2af7da869adb7bc614fb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b21cfdc2bd37e1ae1853d0efc75b013a |
| SHA1 | 2010e7f9192e84909877a8dd9404e1a03a31b0ac |
| SHA256 | cc8557f58220304c49fc722c00909b2e6c512a82a02b9cd20802d9ca3faf74cc |
| SHA512 | 7aea9349ac2ffcc3475ae0ec7e5bbc734adc1529eec92e104bca516cc973af6f7c950992123d6cfa26e3642982fd8d5d9191c3eb30265c5b39af79dafa98c56e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6800cd00f78dbe9fc895327d884a01b0 |
| SHA1 | 4bf010ea3c99aef20eb71966f257615e44040c0f |
| SHA256 | 63a7f12b6a293708efbf0f141b8a23ce9d0a66999168db776e992770ddb66416 |
| SHA512 | 32f92abd644297075f3fc3a6052ba4326c0bf4abbba9435ed8daf71174e340be6ef04e9c5e316804e69152231b0fc9ae8f5ec1ae3e10e9844a222a3b609f2610 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e8322bb760784e76693126a49704e5a |
| SHA1 | 38f0533808c0bfe4bd9b7df94fec61f1a007d3dd |
| SHA256 | 4186335595b33ef84cfda6d504d3b20fecd87be9c553a86cc9f1ea02d56e71b2 |
| SHA512 | b2c522c49e002f761f4c1f61bfb6357be696bab6c220c4317c2e12e36e94165c130f9bd5a6611a8642b0d1278d3ff03c077a56bb60766a13927bd08ed7fa135b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d99a3c7a8d6c95f30fbb39f05f977acf |
| SHA1 | 22d80631413ad0214b01b3427cd06a18ca6b14d5 |
| SHA256 | 896124ec980f2cadfc8186a9ee11ef3d68103e3d1674c3ac68fc16cf0e288bd3 |
| SHA512 | 6c41e18ac0ecc9a9baba1c4586ccca9d185507a5e9c613ddd2a9313cd49a0da9a4ec62a4ab5ca97ad50efb8c62d512e11544613fc1ed679407ae9bf3c26be602 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a85c71a6c3c048e5cd5879a6eb0de40a |
| SHA1 | 6704dbb66d53a30fdc159722c6d8d5808735d47d |
| SHA256 | 69ec3d0d3eaa425602c765f3b637c1ba8f70d3c2658d54a305dba87cd9f64db4 |
| SHA512 | fd709d0739caa18674e692850bb59cc94fcefd96f18ce7f987fbdad1c68bd8de6aeb795263c2cfade3ab3add88436818890ef4b006352683d33838cc84601738 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45cb72392e6d8c4bd6d8cc2d1e6006cf |
| SHA1 | ab6b569cc804e81e886fafd39eb3b6d3dd942ca8 |
| SHA256 | 343ad04ed25c169eb1331578337b1a9be508616e87028c813e2ae6e7d8ae4698 |
| SHA512 | e9e0eea721e8c8cf31425aaa7b1065233f17cf8c4b44eca472580ff140d6def0c60e286226c3815720423a54e0e42a728d125870a5c23f8267133d0498f2d802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ad1e3217a3a36bff3b9ee7abb4410d3 |
| SHA1 | 3157955d6db831ead85c5742fe958ec01c7fbc15 |
| SHA256 | 1cbe187ff4496885786166ce3c27bd56b0042e9b5521e3de9c58ccb16df4e919 |
| SHA512 | a6894a7feec0395cbe4530d3175174ee39d6883caad3b984b88017bb2866949f073c9cdd9ebc90a77679939f8478afb128682a7eb1f4084521d5e9fd38ef9f50 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 06:55
Reported
2024-08-25 06:57
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c02fd14fb9ddf559ddd0e3724ca8a59f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff354718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,58046228994346022,4675596434059509534,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| JP | 119.245.186.179:80 | 119.245.186.179 | tcp |
| JP | 119.245.186.179:80 | 119.245.186.179 | tcp |
| US | 8.8.8.8:53 | ausrxvia1epmd.ce.ms | udp |
| JP | 119.245.186.179:80 | 119.245.186.179 | tcp |
| US | 216.239.32.178:80 | www.google-analytics.com | tcp |
| JP | 119.245.186.179:80 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.186.245.119.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_4024_PXOKBCLSLTWYMBVY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45de1993585562ef8e0a95bee6c37772 |
| SHA1 | 3f8f642f7c81a8463daa07fed909e3d46654092f |
| SHA256 | a3d439273c8f1c7f2ffa8d08bfddd4aca622e3cea95efc9e65a89ccf91511557 |
| SHA512 | 385b2a630704667023fa52e7dc255829c55606e1b027a742d5823b2b3b6ee61337fd398a1e475bb08c539ae854b17bf269ae650f45654fff6c80ee0abc782274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0c7d7070d75a5accf1626246c277fc3 |
| SHA1 | d0f11253895b003634aaa2926b5c9ec5f229ee43 |
| SHA256 | d0fed95460a1aefcf00d4f9e629897dcaacefafe6a73983a0038d98dfc486413 |
| SHA512 | 6d2870b8f5d92a85d5cdc7f3fa1e42220bae97b88220ad6352816c191f6478344a0c3a7c8bad251d12e27411a0d85a09ed60ad92bd38a557b2f03e1e1d631691 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5f7f4f79fdebe36a0acdd6f7569ba31 |
| SHA1 | 71cad026988b49fbb89df981cda86a8644564508 |
| SHA256 | 4aea9a0fcad39484441feb39f21482eb5fc1c39ec8f376a1ee00755630e1063f |
| SHA512 | 8ecccedd31bd6dc42082df7b7b53894103a73bb5a2ad842fcb95ce6a49c5ba1723e37201d7d75166a0d4aa58eacebcafb5dfbc552e05a680d1db172ae7ffa1c5 |