Analysis Overview
SHA256
fca92bdb2eb0f63cde491a4a86d58bf494cdcedef16add5c5be0ba4a051090da
Threat Level: No (potentially) malicious behavior was detected
The file 742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:16
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:16
Reported
2024-05-26 03:19
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcb3246f8,0x7ffbcb324708,0x7ffbcb324718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,267737295474570341,9840594484801761895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| GB | 104.91.71.139:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_932_MSQQHWPCAHURFAAN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16deac80e5521bfdf775a3f7e68a4dc5 |
| SHA1 | a3808bef45edc470c2a1e787ae8237dc2f6b2f3b |
| SHA256 | 725a600cc92d2cdc72a90a91b067e8546852c0f77d1c78ba2ce2be0d2be6603d |
| SHA512 | 6ab502104b9b6ede51fe369aa06815d4493f31848b8992d85432a38563b8d7432d4aa32fcb1df0c0e228f855958271442396140dfbcb442f3500e38592b46a93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0bf2cef9ac72f419cd2b7e0a571713e4 |
| SHA1 | bf2082dce69929124131c8f3b0a695a77ba62a5d |
| SHA256 | 9f0d5e808f6d5714ee50acd99365888c3d97b21f98818e78a7edc00fe34290cf |
| SHA512 | ecdda89085d12e41ae55abcbefacf0e81637d03acacf1395834c092c6fa08b1dd754ca7565d8b9c5403ebaf7f072f7ffde61d273cfa73c76fac6a08826803482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1cb2e6d0ba80abceab304df3a524e0a8 |
| SHA1 | be60fbb70801e9984717fad445fe13704f6dcb1d |
| SHA256 | c17d588fcfe64ae4aa18e5b995aa0afc2df2dabd46d5cabf7281e4247e9fe88e |
| SHA512 | 107869ebdeedf39021bb18b1aaeadc381a047309e4b16d71ba824db1e0562dc20beb6308a0dc6ef1f3cc0f69c3697e7b819ebcc2deeeb49dc68caeb7ea40cef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 34119a1a5c544a3f0fa2c5df079f3f1e |
| SHA1 | eb2bd64a9d58a2b1fc914524d13e33c00c89fc9b |
| SHA256 | dc23844b64c5edd252f2195f4ab138994870cfce5aafcf7b7fe6829e31b0eb62 |
| SHA512 | b38e8746f5bc0fa002ab0221debeba0c783871d7dbb0fa965afc28db0625f94b11e86e1ea90ff41294e977ad3b5382dd6ecacee28e896c0f803c6457798c7deb |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:16
Reported
2024-05-26 03:19
Platform
win7-20240419-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006efbed4f3855f2f21230ebb97180048c4f04a827bf304f1a37251341f17470b8000000000e800000000200002000000027b1cda4f66ab986bb5ad50b617ea96edbfcf24d2fb76c3544f535936572ec3720000000dd1471525d4dcaf2d1c2de7a3444e5d2cbb183d93d6a1710a681205503d2370a40000000c7b5ccfebb31fa17982bc40ef6bb89e1580a0979dae072bbab7c5abbfdaa04ac859da7eacfec93df71d5e64aa4678623811e495687266ff6da845971f593e16b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855267" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000067f592935e9502ad8b6c0359b0a1eb25fa8ca0960a85fb6a376161cca40e80e7000000000e80000000020000200000009ec681dc100e86e6786dade9bca045509fec11a15edb288afd416155af0b4b9490000000898c83930d3181502c347d06a0a2e3ad0b8c536a0f211562b0fd649639334e5722124de36cf00635878dfa5688d25c37a787607b20cf43a818ccb0796e743c2638977ae6a21e319fade2b612df7c8381c05e5adb061f1eaa25fd977d63bca3c9b18f283cac1f3af9a55abece0296ba871fa20dcc59b8135cd9ab8b7fed964a6e5245c6d241985dd7e2b02e24d732184f40000000145d0b8a302ef9f50515c1e5431b43fdc9bf09719d678f32d10a12e2c563a43bb5750d714a5442b0713518cf9b39c0a57650621ae69eb6279bcdf659ec82f7ae | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5EAAD201-1B0E-11EF-A346-76B743CBA6BC} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e649331bafda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2028 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1BBC.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1C0F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d50be4269436914a8d943b25e0db590f |
| SHA1 | 17d68d61cc7d8169f925c2a3c256a2e92f0acdcb |
| SHA256 | 7eb4b239fc624e2bf68cbc64aa03d4de78ead86f7fac6e24683ca78a98cbb3ae |
| SHA512 | 16391e303f976b5c8feecf163466d712564607a5ac7bf0c652f426207329ef4e1e9f01c63f7005e86b0be072d7f1b208062089646401099db19818304d46bd25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8db753902332e7ae62807304f10d0543 |
| SHA1 | b0f476e338c7c264dfa3190deb9331ddf12adc06 |
| SHA256 | 4ba16b88365666ab94f80cf2191cbcbab881bf2023fc33f13e109e0e1a7622cf |
| SHA512 | f8de42a153583cc3109bbdea69a2da7639d4c5f54baef10e5495a7c6e005132fc4533335c25677f6985c8300b94280db7fe172ccb5ecf24bbdbc65b105a1722b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbcde2690b59adb847e7dd550f97f627 |
| SHA1 | 1bb802d73058710aa10769e8f87ae95b5fff3729 |
| SHA256 | 2359b325eb2c3093b76bce83b4f14653c16c79ad40707fc4cb3dda5a36a2530b |
| SHA512 | 0b42fcca178c2478e10b18dcdc5ba2a84073b123d8428226884be2cdd361f4b782bfe7ff8698c2e3c4a1e724ee9ad77b695ba79780cb57c3729d80c7056f41b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f55226d37a3ab3b29f09fd2a6ea1eac2 |
| SHA1 | 2ecbd22470d737f7f18fe8ef1e1e2c8ddaea93de |
| SHA256 | 806c4b66fb6f5a2d17fb1014a1825d58c9bb467b7072be912bbe86343725269e |
| SHA512 | 15b062f49aa25c174f7c16b9263fe44601026f2ba383ce5ceac110a58dd013315e0be43556aa821281f4e69ba3cfed4cb1dff18c725031c47ed5f560cfd09f39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fc9b59721b8bc9b51008f346cf59f8c |
| SHA1 | 16d167397010685d6b415d335c3ba1d038511074 |
| SHA256 | 7cb76522545ac22b7782aeb05dc8d9996cd0e2ab0ee666b059a52774d1690515 |
| SHA512 | 2fa612de1cc01af2fff23f22699c2aa64e5b1e8358949907fdbc6ddb9cb006aeac214e192ffcec286ff6610560c0b25778ddcab7db3f2b9c7914595f0edbca9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b8bda0392a6bfce1a43365c86d791d5 |
| SHA1 | 4f432fdf146515a361c150e9ea145ff5e2aff7a7 |
| SHA256 | a3ce0a084929326725f85a4ed5c248f037978dd7fea403cafb60bb3c145e627d |
| SHA512 | e7c5578c1234ea8c029eef28e2ce6aef459c59b55a420981e753c096dc91eee9434207f4f5e1e1305950833dfd5335e4c79a2fd2ba43cb0e5aa1caf795539505 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be26e653dc0ca4a49bb97e43543da353 |
| SHA1 | 4f325c6dc1fa968e4b293715b87411c3da4da5a2 |
| SHA256 | 5b8f31f8366b6d4193b010cc7e7caebfbb7d64c864cb86f4c4845a8f48ad37ff |
| SHA512 | 320135bfb1a6aa1b446a79edc6e6bdae41c1fa266e9cc89e971c19faac043b07c57e38466417b05d443f0112d85c95362e9c5cab6771b0dd0334aea902b71ba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bff88d793dd2d67e9cc017b142215f1 |
| SHA1 | 0d49c59d31c47e3d48a499fed314fda73e62b49a |
| SHA256 | 11420fef9543b25865120a4161fee35c22480a39771fbc59caa3004b68b89667 |
| SHA512 | 403d5c4b5830bad3e6c42646b910eed43f01d6bed9a24e73ca4f450dba47925967ec68f0ad286dc5449a5d2ac9f74dcb1ab3c1189ff3c18413fcc95deb009243 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c56c2edd85cef30710b0081c510d01da |
| SHA1 | daa4ad730f60ac5435a56dd2bdcad1b5cb90d18e |
| SHA256 | 557c8f4d082d9239eae6bc39d902cd072cec691a8928fbb7df58c492b234ba10 |
| SHA512 | 67d2b8e87b29c177bd2a5c64f8cb6635e112d332f88af2dd1f6d2a70367af688cf3748992b8dfa6d8dd26d255b2e16233fd314736d8dbcd13ceda0cd860b4e65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb3337b308bda7fc75f6de349edba472 |
| SHA1 | 44a398bd0c4703a723dffb159489f351c7de5428 |
| SHA256 | 89cf1e35bd52498c0cabfded81d5e1f315f000830dc54595f7ee0ff4cf4a76f7 |
| SHA512 | 7a7e812ee0316d3b41781731f25fd0655a48d05e936498eac1bfd399d5f4265626599fba9068573d06b577ddeeadf24baeab1a56e2e1064001750483a33af50d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e447388e4d1927fff0f681cbc3eeb41 |
| SHA1 | c4786fb3e65ed410533939800894f44747575926 |
| SHA256 | 3c76696a30435c6da3597559b78d613f0edf8bbcbc5891212930de7409d7a5fc |
| SHA512 | 0a17ac1e7111af1a3ccc5d175199c3c1733ba70fba9c7b4e1330e10188f10426d8fabc2878824a3985868ee7304f61ba04be157f407fa8be460fc88d3c983779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e62cc8c677c845c5ec1deec357975d39 |
| SHA1 | 75c050340600e7e806084d5b2958ed20767a086d |
| SHA256 | 02f2c77316fd0c9ca78543c03f90b43eb762bd537603c26cbc839fcf2280cadd |
| SHA512 | 632f2c98ae3efdaad1194c6191fabcf7bed2d2459edd1c2ccd665ba360b5dd5e81c6a374991add2e8a37ff7e7e1565bec6a8b052dbff9e20f35a8341c12c8307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2455393cf8508886d4fc51e2e86f6b5 |
| SHA1 | b3352a4797fc47eb1f21139213cc49ee90996dc2 |
| SHA256 | c421eac7ee9a9a0117503dbad31a85fd4d554b3b899ece5e68c934373e1001d0 |
| SHA512 | 17f6cefe897a1f7983c74a5632203e929ff57b90075cf12f50a8d6370504b0c57fad3f0dfb2a02e60dd301facf30e35f9b2e5a40e0687cd25b2710202d252629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca6078c2d08ae391f53cc7e3b3f82e26 |
| SHA1 | fda96a1f8c755d8344a5cc8f1985989dd0184a00 |
| SHA256 | a149717f5c8ec74377565e4a3bf5935e72a18fb4f27e72ce1c9d71cad5fe6b58 |
| SHA512 | 2da9be93155f24ac7b528b83997ffd45cd101764160efd9ebac8ce32f79d6c329ff4709fe95d1277b9d414e387b44a0d264dcc1a3f305a2530449e2b6ecc1599 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2242107779bb75ecac0dbab20e1fa903 |
| SHA1 | ac465215ebb6e1da77429d1a7a949bcab222b80c |
| SHA256 | edb8998a902316421140b64c1a3e5afdb1f06d6681fa2d3cd52ae977d9d9bff9 |
| SHA512 | 66b9cbe348df0d5f6af0a81e9b5c3afa1ad8e4ac708691d5050b0967f10955c0236f3ed7854e78c61526c4004ba5547c036ab649a351f4d8b48b5c716f6ee822 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b82c216b7d7f34b61655d003730f6d88 |
| SHA1 | 21cfa85808e4cb6d72a8d820e9d89d140fed4c41 |
| SHA256 | 22481320c79c1743aea79516457ddbaa2af59623e1d1667ab4e56f6f2d34de91 |
| SHA512 | 74e56097ec0182ff656517a6b20642ad5c10e48863662182a25c605c247eed8b04ceb54bd63ea3443838ff51045e527e2c9ec8f34c2ecbc04012a92e6a4ecd75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 138e28fdb132162b655992a8b2265812 |
| SHA1 | 9811e5c6b5be75e9f59ff473e6ac8f42f7d4212f |
| SHA256 | 6428b602c7bbac372c1e44580fef0e78ab08712017cb7d59f693040ec9e99906 |
| SHA512 | a3487769d529a6a25c0b75c9d0db53cd996530cffb0a25e952cd3ecece43b73b8979e9dcd3bad2dd5dc67a0dc99aa50e989c45c884cc8c607b02618ebc44e412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79e128a4ac09d2d5241e822709ca976e |
| SHA1 | 7197dafc8ebe38ce8c4514c40d744b4a993b58bd |
| SHA256 | 35366ddf6cb5bf53205452cb322d2ed0ecf08fd62518160e4b5fe725b716eda4 |
| SHA512 | cb03a5eeedc8fffdb691630b3ce8e31374e99b136f07ea3c457ce638d4db8d12a814a8232845e3496a72c1872365fccd3baffffe73ff4eb81883fd829f6fcf10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5403caa717c73bbc8ec561b695cdb434 |
| SHA1 | 020c623fc032add995346c73c267c697b2dcb265 |
| SHA256 | 0d82e7c03e0543669890126c10d564e0fb736cd6aab9e71089708d1d077454ef |
| SHA512 | 3aedc9c732498e02230b587d0e5a7f2958696aa941db699e88d604a4292fb750024bf22fa6e5d8043ce4f6bb3983001a2362b94adcaac9cd79ce0e5c4221a4c5 |