Analysis Overview
SHA256
956bc65ca5fa5c7320c38214803ba5ba16e606a69e07366a1d7af8de2316c83f
Threat Level: Likely benign
The file c07376b197725e19443111e42e8bc266_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:34
Reported
2024-08-25 09:37
Platform
win7-20240705-en
Max time kernel
67s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000ba370eb9325779a07ed19ef79eacc08bf42bda448a395f13145c7955843efc90000000000e80000000020000200000002c6d91553a65e5c472d4da688a8be7c61c825635a8656261d61b7be29101190120000000141141843b89b2cc5b8619ed773dc0e2c7bf800347b3e02a9ad70f355005cda140000000ed4cddc981288c68758667e9ad186dc20d327366147228d65b0f147add87c2396123d9fd3abbef5d715eb434224d3f8c98a2888a0aff00aafbe28227fee15beb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000cf1ed01093a6139c07c35cc796935ed887917fe97cdb295cf4c239f6936af3fe000000000e80000000020000200000009a184229bc53da01e79fdd32399890cf9a8b53f9189de35b79d219d22b58445e90000000bb8dec02b4e3c0ed74a47acdfd85e28bf1cfc0cfe86d9eecdc5adf9d7e7c2475bf1f48e79d4b669ee80014251da1df60ad47ad86763f92e8045b48e53f5c79b1cb360d67dc992d2f6a87a8c6752b5f1b7f9da233055398ba8c31d559302f11f5974e2c48169f671d26e6a14d2203b1a2b79b7828a209c8abafc72f3fc7eac585dc765502d204805607b2e97cf8cc918140000000c2cf5590d89e1a0b5da1e4eb0c790558c916de7bec5ef27f10314ef1c4632c11ac691919ff716f592aa604d88ba61b56290aee449e8e4fa92b8eaa0730917dec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740360" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7071c01cd2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47BB7691-62C5-11EF-9874-7AEB201C29E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2228 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07376b197725e19443111e42e8bc266_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | counters.gigya.com | udp |
| US | 8.8.8.8:53 | analytics.hosting24.com | udp |
| US | 8.8.8.8:53 | fc01.deviantart.net | udp |
| US | 44.240.29.30:80 | fc01.deviantart.net | tcp |
| US | 44.240.29.30:80 | fc01.deviantart.net | tcp |
| US | 8.8.8.8:53 | orig01.deviantart.net | udp |
| US | 35.164.23.224:80 | orig01.deviantart.net | tcp |
| US | 35.164.23.224:80 | orig01.deviantart.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab16DC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar179C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8aba7ca15a0df81deb6c9ad0536dc40 |
| SHA1 | 0352cc88e28f3eea22b3d805b5589869693c95e9 |
| SHA256 | d723a257758bb643f9f6e0de029431d8940d310cf3362554de93d848a6665fb9 |
| SHA512 | 1ada6b22b5795c0341fa3f77412f4b5ac3d1eaab2917581a19e71375ca06c7a01a95730a58de2de4752c68675df6109f84e6d14d50635b4d64259f7524b5fd4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef0078b4a11d7b1b3096e05f3ed9c21 |
| SHA1 | 8c211dea2be3d8b945ec4ca04b810c14cc990080 |
| SHA256 | 72df18a93f1ef33199240ac006690924e39ec51b7a6375ee228c970cdc26af21 |
| SHA512 | e5aedd3d6e6e7628b7c6bb333073298f53942d085f857e5516f9061d2733417a6145ba35b8b8906f894a3edb8f2f32b64508e3ba3e41ccb60a39c09daf3dc8cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 588e86a80efc3d1d046afa656f94c502 |
| SHA1 | f18cdbc39cc961863e22381fa46d16bbed4891c2 |
| SHA256 | 2efaaaf1ef5a120950c87ad182ffb2c35de1af5423747a5767ac8fa013301954 |
| SHA512 | ef8721c64db981c30f2f7508b0c153c65bd132337a403aa19413308d339df3cec2b52053bd5535710c12e4309d0d990f20075ebb4781301f9003d7a61240d1b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad58f3c2c6741925d6f0d7b61ac4fd28 |
| SHA1 | 5bf5228a3804c452527cd23f161e210ede22c27f |
| SHA256 | 95e3e3addd3c7ff50fa17f1da6555c28c5813dc2762c777e471f93e75899f8f5 |
| SHA512 | 894e56c0d2827bf982439c0a134292eb315ab43816b7dba9623508dae02f0cd389df383db1a98be99fd3732aaaf723e92553dffd3a6384b19d9fd5627a428ffc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14b16bf38ec541ce67e6f4f76b3f1d77 |
| SHA1 | 840a1d3b13b369ed4870f6ebb8b7b9b58d58e285 |
| SHA256 | 842708d9db98a32a31ff88558eed70c8394f0f89ade50fffef2aa3dd5b269e23 |
| SHA512 | f60a392678ad61328dab85c62c625fbebdf65bbe044702328df56c9497d83edd5878e52be4b74bb091a39e7dc63959d141f25130ac42d3ffc5cabff8b5874c5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef082251f916149e835319326b634d71 |
| SHA1 | affcfe698db136584449f3d7263c2a24c871b423 |
| SHA256 | 9cad303cc25f80aaed5501b32ae6d39eb1aa5a7581d8a17484c4b5e0939bbc17 |
| SHA512 | eae643305af3c30aa679433b96e77e53a6d4cb1e480fbd2b7f8b4cc1c526afa7b587367d6d0d56c90fc433af1cf0165ae37bed9f3b43dad0863dcfb0c4f48a52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b6bd185dba0c6afbddb263b3f84c9dd |
| SHA1 | d74ac7f5889c7efa054276844d1e73f1387ae482 |
| SHA256 | 8979a3fffc947213f5ed43757925a4e98b6a0207819d1cac5c5bd8a3930612d7 |
| SHA512 | 76d538f53a655bad7c8fc3dfd391c06ac4f1b4915ce767d23e62842480f1283c50bfbe27fea12f72cb54d125e1cdd5ee616c81b875436beea37bf1e7afd44bf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 855cb20ebef50b051daacca50c20de82 |
| SHA1 | e433d9513e2f61642f03e6c9fb712716fb6c4300 |
| SHA256 | 65f7186cd3f65fbaa3b38a81314d0efd6fedb3e2adaab3a14a2b7ab3fcd3dc7c |
| SHA512 | 2e5ce8256a567c4da8e0c052be125d8f08107ac6ab5d955453ffa7dea4ce07cc25a893597949c9026b1bf825162b621b0a9f4e2248975edaad228d42896f97f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66698b3b7c8d05db3d261a16fcd78b7f |
| SHA1 | a9740a5888262a0b31b8da4aeacf86cec89141a1 |
| SHA256 | 1087c79d83c4d5e49582fb2472a93ece2bb5abcc76a52b00ecbe0fcc4398bbf5 |
| SHA512 | 8300e7befafa354669022eb3b317e061c67c9ead67561ab629eaa49aa7d8217826f7b60c95f7428df18951c826c6cacdd0c886770cf0ec0d94ef63a73b10be60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96080df18371d8032f5a680a909af341 |
| SHA1 | 8a5759f0d8cbd96e291cc25e63bf5940e130da7f |
| SHA256 | 6d18440c154c60f6af833a83b214542a6c2e87aac729c31268982dfec5dd20ce |
| SHA512 | 7c79fdd37e71c4e2f2b976539e9d029d17d59d92443419f10d803f2dc1e489f922677b264da2a0635112386fd412f6c318eae30ce5c6a4f5e51638b286030429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb8bc4204a5bd9b5e7107c417e944b6c |
| SHA1 | ebf86e51a922d2d6c04a30eb8be4f1d80a994381 |
| SHA256 | 25966de3d39dc790a6986cef106e310a1205405e9ae20f37da6abc0adb7a6397 |
| SHA512 | b895a16e7f0a601319cbefbec9d2b1cbedee3d27b79ea1d1aa36acae434098a6a619d9533cd11fa0df199975253099431abf1c1b3eb29b227bd9569985d8140b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4aaa3a1e23b950c5d0230ad789c4f8a |
| SHA1 | d3c8e23a98fcff69b74e487b7038195411e5799a |
| SHA256 | 61326a861827ee98c686b1f04d48332ff8741eed328907ec5c525220ff6a2a5d |
| SHA512 | f31dbc8a65439e70277f98caeb09923991d56bdebbafad162486318d387824052ecad771641b95b37273257921679cfb525b22d0622cb5082868c7c764a58983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b86a874f3d34ccc2dfe6367f69e5670c |
| SHA1 | de7e5e454a62069609315afd6ae65ef8952755e9 |
| SHA256 | 0c223f5f05d80748002d1814677706a9d94e89fc88f772d5a0d5ec8f02820c35 |
| SHA512 | 29d60e2ea3c2c836e67d6c966f8a55b71cec442563e217528cbd1f368930bb45a6eb80034abfcb7a9a06b84294c237c8d54e512e21414c96729ad84879d524c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 671213a4b51f55b0d359352789b0498a |
| SHA1 | 7b4ccaddd70e24200a37a05507cf8ebaf5ffecc5 |
| SHA256 | a8f256582571b4f404dfe72cb0909d8e39388b2a9b2f994b1f51a4ebdd616740 |
| SHA512 | 67a48416d1d2735163eea65c27735ac4652a21819fc257e8521b9264d1fadbf19de85ff57637a459f7490f13a10e1ee01d305937a758deeb33a17138bcb393bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51b671286cb9f13220ff55e0d5976d9e |
| SHA1 | e7f3aef1976cd107f741d31284d264d5ba56adc2 |
| SHA256 | 7152498a737c3783156d0a0aeaf91f490225f6227a522f2ddbdeaf02918c34d9 |
| SHA512 | c3e656991da6255cb7e5c992661e143a6222ac9578227a86f7269dac352bddb97022009ceb89b788a350b5f569c34e4109439a4cc451c5d88e3a0fecc6f33ce2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d14ad6ed883f3c9b18389e72943f8016 |
| SHA1 | 9e4679634dfb6faebfbe9910922db48a18e38f22 |
| SHA256 | 8a308e8505175ae8ca66c4d249126275095ee62c816baa3839a1cd6c9863a0ab |
| SHA512 | cb341bf227252b47d05bf0a522767de430b445d5d524f47fd9a36d42f9fde21fecd23af0959de70035742ea6e2f02d2fcf9810c291baefd2d4542dc9f19ba984 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57a9135b611be3fa0ac4d3afa17dd055 |
| SHA1 | cc894c0d9f10392738e8a895e600d4181ba563ac |
| SHA256 | e473904d8011d8465e85676d7dd9ba241cff0ca22616583f3ffeccb55e2588f1 |
| SHA512 | 6723d1f2f132d019d64eec3152c7a03cc75e885a4f6c21ae6c209a01a3633c5edc035a403865283ec40a4a05c0a7d555c8f4e427bf7d560ed7e37e7f998ab119 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 547e0e587d45d510f8dd36dadcfa61be |
| SHA1 | b25e31d6aaa785f3c121fcdb3ee63c8d7931299a |
| SHA256 | bbf5dda21662e362fcc33cc906bacd2781f989cd78c08064d11952c520309e85 |
| SHA512 | 0447cb392afcc2f393322422b493880d745bb6e0733e05c44c44dbb0a811291c1fd4eb149913be1df2b8904087260c148a05e0bdef18f40127ed8cde214f80df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2d27e094103595058c65c90421a2911 |
| SHA1 | 42e6058e0c20f418602b835a5aafd2a116a0d8e1 |
| SHA256 | 076c560f97b2ccce57e5e9eadbfc2fef2f63f2a23cfbaf562b73709ba0627f7d |
| SHA512 | d95ec20daa31d3af9550638630f3dfe7eaf8b9deae921a8ca30c265dc2dc08572cbc5eae9746290e198294ec7ff0607462c6b2a5cf9040307a6354e60546c183 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:34
Reported
2024-08-25 09:37
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07376b197725e19443111e42e8bc266_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,10752895033847837049,7130556641559959850,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counters.gigya.com | udp |
| US | 8.8.8.8:53 | analytics.hosting24.com | udp |
| US | 8.8.8.8:53 | fc01.deviantart.net | udp |
| US | 54.191.56.108:80 | fc01.deviantart.net | tcp |
| US | 8.8.8.8:53 | orig01.deviantart.net | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.56.191.54.in-addr.arpa | udp |
| US | 35.80.167.12:80 | orig01.deviantart.net | tcp |
| US | 8.8.8.8:53 | 12.167.80.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_4544_ASXWIWJOGJBQQJLU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 946b4a58071eeba0bfd425e2138c7a4c |
| SHA1 | 610c358ffd803f2af760d82d3e1e3f36c8526244 |
| SHA256 | cd4c84f6739ba4065878f3f9a2b0de1795f7e52c72cb63cdd600650cdb0b38d2 |
| SHA512 | 8b6363a73936242163ed9823ed8bcb3ed01ed7ddd1890f8a669215b5c1c7c836c5c40bcf8899c97b62ddb1664dfd43b4ffc259074ae9304ab1b65acae90e26ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ca96b8cf-a5d5-465a-a3de-7bbb476b9fb5.tmp
| MD5 | aec35fa57f991f37d7c8f69db5e24a4f |
| SHA1 | 385b0339d29d82d4bd2d9f5093adec0ea25f2e1f |
| SHA256 | 02e043dbbf6462a34bd125791ba8aa290eb27f127764aca0db9631811fe00da6 |
| SHA512 | 075ca069c15ea4dc0c39b79e954d1bf10ca734f0e8d469bcc2b973894b06004b3e47ae2d39588a2e0e4bb2f7908eecfa85bcf3d2ebc181d6157fbdfa6dc85b8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eda72a913408d836736cc4f90f178a9f |
| SHA1 | 04dbb30fb0b8cc6b2b2c14a310acff8e244673fb |
| SHA256 | f4e2237956b6f2a0d2969617dcfa81ff704d08ee1dd5480e45254aedfc42cd73 |
| SHA512 | 5afd54b2f8fdd22bfe4f6bb41fe9f5779cfb7d46870d3a42dc62b87c8842d295ec60d3a7f8b35225e73eb59bcdad31515329a957ba8a2c9b37b9f77c0414c119 |