Analysis
-
max time kernel
135s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 18:22
Static task
static1
Behavioral task
behavioral1
Sample
2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html
-
Size
574KB
-
MD5
2967cd6153fe527a8df5eec4e879dd6c
-
SHA1
cdae31662b54449464d2382d0e1cff8ed6c55cee
-
SHA256
d7423e7e6c18b04b5c55cb0a5302b854e41b5d874bd46cdc605d255885c50b6c
-
SHA512
3454fea0d60a53be0eab87871f8bce4b771d787097aa0789519fbd6b6b01e0225be180bc3f7a695355d6a69fc0d6dac0ca531f838e6cd9521b894076cb198910
-
SSDEEP
6144:SgHsMYod+X3oI+Y2sMYod+X3oI+YDsMYod+X3oI+YZsMYod+X3oI+YEsMYod+X3+:Vr5d+X3a5d+X3d5d+X3D5d+X3Y5d+X3+
Malware Config
Signatures
-
Executes dropped EXE 6 IoCs
pid Process 2676 svchost.exe 2568 DesktopLayer.exe 2660 svchost.exe 2004 svchost.exe 2188 svchost.exe 2480 svchost.exe -
Loads dropped DLL 6 IoCs
pid Process 2620 IEXPLORE.EXE 2676 svchost.exe 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE -
resource yara_rule behavioral1/files/0x0008000000015d56-2.dat upx behavioral1/memory/2568-20-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2480-35-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2480-36-0x00000000003B0000-0x00000000003BF000-memory.dmp upx behavioral1/memory/2660-23-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2660-22-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2188-29-0x0000000000230000-0x000000000023F000-memory.dmp upx behavioral1/memory/2676-7-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 11 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px17B5.tmp svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px1813.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px1822.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px189F.tmp svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px1767.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10db89120682da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000008887ec61fbf6cc5c615760dbd683f16fc3b1bbcba2fb9ae9fd07713c3478766f000000000e8000000002000020000000ac777a6b11a5b11c11aa29fb7a3ca07e9b34a12fbbd29b302cf37a42375f22ae900000004d119f4d1bf049e3983c049abd3a710eebdf416c090cc11135c7d01c7d965ff6c485cd29c237d59ab0e285b7026f5c399440ba5dfe94296d2518de0514a172e5c6251fc68c511f5863be58a5997503db62a513155c5b54fbe5a2ea2010289a2e0ce7e7005da78b6e95f709898ae9332d801e2daa18c16b639110f18a03a8be269e3fd37acda85e488f90a3960108d38e400000003d53b3a54ccf824c7d06f434e6e1e9e6831d88dc244315cbe10a46e7d75b58e0c2e905be1ea14385d643f5d0cf6e6659dd3721db29d993841a6cdb4942815081 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417898392" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3DB6FC51-EDF9-11EE-9C17-5E73522EB9B5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000d8631ee1df05d2eb3ea2e1891010deeaddaca2f022199e7f4bd24d208e428a85000000000e8000000002000020000000841a843d5a89166829da8a6e68c694dc9a0327ed1075ac47b92ef032483421f620000000b5a8f2c2fb7962d19ce55a6b098073038fa664b91c3c9981b54599ed8b014214400000009b467f76978cf7bb8ad06d6bed13a46c8e3aa42951f16d10738db055dda998a92127b1cc95bb8ab382e9a2fcc1b42602a560a160cd7168ee64450df3f385d834 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2568 DesktopLayer.exe 2660 svchost.exe 2568 DesktopLayer.exe 2568 DesktopLayer.exe 2568 DesktopLayer.exe 2660 svchost.exe 2660 svchost.exe 2660 svchost.exe 2004 svchost.exe 2188 svchost.exe 2188 svchost.exe 2188 svchost.exe 2188 svchost.exe 2004 svchost.exe 2004 svchost.exe 2004 svchost.exe 2480 svchost.exe 2480 svchost.exe 2480 svchost.exe 2480 svchost.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
pid Process 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe -
Suspicious use of SetWindowsHookEx 26 IoCs
pid Process 1808 iexplore.exe 1808 iexplore.exe 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1540 IEXPLORE.EXE 1540 IEXPLORE.EXE 1632 IEXPLORE.EXE 1632 IEXPLORE.EXE 1272 IEXPLORE.EXE 1272 IEXPLORE.EXE 2420 IEXPLORE.EXE 2420 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 1272 IEXPLORE.EXE 1272 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1808 wrote to memory of 2620 1808 iexplore.exe 28 PID 1808 wrote to memory of 2620 1808 iexplore.exe 28 PID 1808 wrote to memory of 2620 1808 iexplore.exe 28 PID 1808 wrote to memory of 2620 1808 iexplore.exe 28 PID 2620 wrote to memory of 2676 2620 IEXPLORE.EXE 29 PID 2620 wrote to memory of 2676 2620 IEXPLORE.EXE 29 PID 2620 wrote to memory of 2676 2620 IEXPLORE.EXE 29 PID 2620 wrote to memory of 2676 2620 IEXPLORE.EXE 29 PID 2676 wrote to memory of 2568 2676 svchost.exe 30 PID 2676 wrote to memory of 2568 2676 svchost.exe 30 PID 2676 wrote to memory of 2568 2676 svchost.exe 30 PID 2676 wrote to memory of 2568 2676 svchost.exe 30 PID 2620 wrote to memory of 2660 2620 IEXPLORE.EXE 31 PID 2620 wrote to memory of 2660 2620 IEXPLORE.EXE 31 PID 2620 wrote to memory of 2660 2620 IEXPLORE.EXE 31 PID 2620 wrote to memory of 2660 2620 IEXPLORE.EXE 31 PID 2568 wrote to memory of 2724 2568 DesktopLayer.exe 32 PID 2568 wrote to memory of 2724 2568 DesktopLayer.exe 32 PID 2568 wrote to memory of 2724 2568 DesktopLayer.exe 32 PID 2568 wrote to memory of 2724 2568 DesktopLayer.exe 32 PID 2620 wrote to memory of 2004 2620 IEXPLORE.EXE 34 PID 2620 wrote to memory of 2004 2620 IEXPLORE.EXE 34 PID 2620 wrote to memory of 2004 2620 IEXPLORE.EXE 34 PID 2620 wrote to memory of 2004 2620 IEXPLORE.EXE 34 PID 2660 wrote to memory of 2616 2660 svchost.exe 33 PID 2660 wrote to memory of 2616 2660 svchost.exe 33 PID 2660 wrote to memory of 2616 2660 svchost.exe 33 PID 2660 wrote to memory of 2616 2660 svchost.exe 33 PID 2620 wrote to memory of 2188 2620 IEXPLORE.EXE 35 PID 2620 wrote to memory of 2188 2620 IEXPLORE.EXE 35 PID 2620 wrote to memory of 2188 2620 IEXPLORE.EXE 35 PID 2620 wrote to memory of 2188 2620 IEXPLORE.EXE 35 PID 2188 wrote to memory of 2184 2188 svchost.exe 36 PID 2188 wrote to memory of 2184 2188 svchost.exe 36 PID 2188 wrote to memory of 2184 2188 svchost.exe 36 PID 2188 wrote to memory of 2184 2188 svchost.exe 36 PID 2620 wrote to memory of 2480 2620 IEXPLORE.EXE 37 PID 2620 wrote to memory of 2480 2620 IEXPLORE.EXE 37 PID 2620 wrote to memory of 2480 2620 IEXPLORE.EXE 37 PID 2620 wrote to memory of 2480 2620 IEXPLORE.EXE 37 PID 2004 wrote to memory of 2500 2004 svchost.exe 38 PID 2004 wrote to memory of 2500 2004 svchost.exe 38 PID 2004 wrote to memory of 2500 2004 svchost.exe 38 PID 2004 wrote to memory of 2500 2004 svchost.exe 38 PID 2480 wrote to memory of 2608 2480 svchost.exe 39 PID 2480 wrote to memory of 2608 2480 svchost.exe 39 PID 2480 wrote to memory of 2608 2480 svchost.exe 39 PID 2480 wrote to memory of 2608 2480 svchost.exe 39 PID 1808 wrote to memory of 1632 1808 iexplore.exe 40 PID 1808 wrote to memory of 1632 1808 iexplore.exe 40 PID 1808 wrote to memory of 1632 1808 iexplore.exe 40 PID 1808 wrote to memory of 1632 1808 iexplore.exe 40 PID 1808 wrote to memory of 1272 1808 iexplore.exe 41 PID 1808 wrote to memory of 1272 1808 iexplore.exe 41 PID 1808 wrote to memory of 1272 1808 iexplore.exe 41 PID 1808 wrote to memory of 1272 1808 iexplore.exe 41 PID 1808 wrote to memory of 2420 1808 iexplore.exe 42 PID 1808 wrote to memory of 2420 1808 iexplore.exe 42 PID 1808 wrote to memory of 2420 1808 iexplore.exe 42 PID 1808 wrote to memory of 2420 1808 iexplore.exe 42 PID 1808 wrote to memory of 1540 1808 iexplore.exe 43 PID 1808 wrote to memory of 1540 1808 iexplore.exe 43 PID 1808 wrote to memory of 1540 1808 iexplore.exe 43 PID 1808 wrote to memory of 1540 1808 iexplore.exe 43
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2724
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2616
-
-
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2500
-
-
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2184
-
-
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2608
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:668678 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1632
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:930819 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1272
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:1324035 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2420
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:799749 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1540
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:1455107 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59881175819de9ef16df12b32b82f10df
SHA1e188fcac1951626529f8484119e4ff7318ea99a9
SHA256bcaa0ec9e1cfd246b22246b667fcdfa4af0c4103ead8f650680da1aacb318ef0
SHA5127a9844c237414bcaf90877b2063778712a29fe127a989ec0193ead6fe05f371c0c5727417780a27eec90a025386c90f78a0e67f548e182c929b71e20f0a6b44a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5253e13629c7b1bcfb679eac17ef4ffd9
SHA1352cbf7191ea257a5657959ffa920fa9b82f0ed7
SHA256b8946e59cdea64fad7e72c80ebf12d5e2df6284db045dfa6f7f6c8a158b1d1b8
SHA512efbe5366e790c73a96f8682d9898de22ee189bab0ae3e946c21115548b1c081aa9718b029531b752eaa9cdfc0638bd3d46871cc277bd5644fc4b818087d63568
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD588d42af9e9b7e9d82c34f71cd0b8caef
SHA19c5fdd5a016dced696e6995887caabbdf94ec1ba
SHA256607783be2fca49c8c47e38bf5e20cd165894b592181680881f9f89a6aabad36c
SHA512f83633a04e4d630ebe41cb86c18aea65c470a010c1a8ec2a0d3b9af4abda57a7ab6b0ac2339ec2e1d8c8b86d6a85471087dac7555155d4625760bba9988a34c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e0fc1e71b5a53d8d7df0977380b08db0
SHA15a10379efda2320458d50f8b08ba6f624e231f46
SHA2565672062d49e2b6cb0b7509f476feef5b1e7f79a5c0d431b810a4980472c6dea5
SHA5126fd499f96e55cb4581422d9d435a20f0694b0a44077ed31dc38f819074dbd63e0f808d2122e59b34bf62355274c6cb6f1e879f6d1f45b53d0307b0f5432d5eab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bf39771ecf8b09139b467e5588f1260a
SHA1ed37e89893fadd07f5fead5fcb8be8d906ffb4bb
SHA256fe03260be36b60724d2ab20707573b9b45ec4467de876d466eb402559f5be048
SHA5129026567e310f7c51ef93576e6f16a07c6bdcdc1e6a89ad71b06508fdd1822895946ca30ecd0c921b330971735fc34f9ee8da60d39a48e248f96f819e54da1631
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e790ab4b2344b9ee27af408aa95846df
SHA1473f6ebeb65caad820ced4dd1ee32bb0142976b7
SHA256230575102e5df07b160a379ccd68732cbc6f58740c1ae4f1adebd2532277827a
SHA512a8c8f0f07c8201cbf2065c3b0ed6be67a39ba68691543e6b2b3861b4deeaa54420882534bd3dc630cb445c039aec75b2e006a85a95e741ffb581d67c949ee2ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d94895ef4d836907a6b429da22a27588
SHA12a294327e7376614fd5753b7f7a99dc9ef9b755a
SHA256dfbe2f87e9463f1f357ae766fc6e265d19d7ab6cd7d0b3d79610faa89b71426a
SHA51213c70175cbc07f315e2dc8699c9b36f4abe59f73e7c7110a9ac498215e4c501eda607a9cd6226a2450a9457f79c1d586f0c92853817427e710624af4b137aa19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55204cf05a078011c061efda791551a49
SHA103df6ee898b4530f8602c11ccb62aaa337352cb0
SHA2567a8a276102e5fbf2f3e13e0e219882da67f5a6251539a4ce680fadab7f25a892
SHA512b4d222d3e509da057e6d3c384323fcb3aa4e3a0b9d66fd05b3b60f519d87ef6de1194f0dd099e17d2c796c83d8965108c90f676d81ceedc59a0d1133d0834db1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD564cac734ce489aa543a2e0fdb2c97931
SHA1b6a45f369f8f4465e8b9b2eb5f3aa40966f4c3ab
SHA256a8b196a34b4db7318d597daf7f806b8698b33b569e0ac4ab6299a610c5a81d17
SHA5124aeb36e3bf69dca692259b424015b102d38cd1927c7a6e20867b9cbeb6ef45095998b7e352860014e4a4e5f7d1dd5c04f951ff83cc976ac9552798929d2d816a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c670c4f251360bddce08ebc58e82662d
SHA18aeece7f36a689301a830590a01891f87b955875
SHA25607cf90f654cc40c9ff8a0f73910934a00f76103879a409b9d02a37b8a61ba3ee
SHA5121dbc1b0e6fdfe7343ec84a9cd120acff39466ecd6844328559e840df4cfa9b710c1791f1269f50ead5380f1aa38a7dbeeee1131250e1a97f239ba9c1998fa7e6
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a