Analysis Overview
SHA256
ca9993cf80bc11dc55e76bd2cd0685bd44749eac443261be9e71779b3c8ff59e
Threat Level: No (potentially) malicious behavior was detected
The file 8462e6b40b96ed7382b0703774fc3677_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 13:57
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 13:57
Reported
2024-05-30 14:00
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
128s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8462e6b40b96ed7382b0703774fc3677_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,13678461202852452569,18041826302406344242,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | ww1.srv.desk-top-app.info | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.163:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 163.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_312_JHJHPNYFDMAQTFKT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18446261d6b78d4a5321e8c638221992 |
| SHA1 | 5e89a2e49bd336b6f2eaeecfa9c96bf3ad9be885 |
| SHA256 | 590272ab3305c8590604964c1cc344ae32b20c8673a866aae87dc7f50b6c04d3 |
| SHA512 | 6250ed4cede0c0f10daa1ba6ab986dc8e50c0b14c517e85ba0f60d80843aa990bb24b068db20eac34d83c8c38f6b4961df4af25c97e23fa41f0285f49f9fef0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dbb736536685d5edcbc18a687df53b2f |
| SHA1 | 00cd67836f76f80cd9b67909005c7e2974b07f7a |
| SHA256 | 3c3db3a67e7570c00276930cea879f1a0fc23dc41d782a4f6db3087f42bb1a0d |
| SHA512 | 6c349ea918d4c8cea96466866683500675a7272e83edcd26c93d5e18021b35588c11d8095deece75ee5cafa9d1354375a32c65281fa3496500447cfb0b95201d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 429130d97a130ae52248aa96172c9824 |
| SHA1 | 3d57a4577f8e715f46cec7111ab91b222aecf47b |
| SHA256 | bd6e21c7f7086a7ca77bee49fdbbdb113b51ee05139af1aaa958f2b77abcc14f |
| SHA512 | 2f911b3b66cd0c097ab1053eba54387f70d3c1056b14443498d19ff88aadfa29b28981d02a48e93f00a118005fbfa6b55311d5bb2996a37b12bb08d2958c4a0f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 13:57
Reported
2024-05-30 14:00
Platform
win7-20240508-en
Max time kernel
139s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c7cebfddd3a6b28ef85474f9385f156771dfdbe5781c73aa2896afb8fb72cef8000000000e800000000200002000000014aa0d9cfdc513905bdf225dc0fe94d014cf5b5357c9ced2e75d85a93832ffa02000000070fef1ed1457b6005db12fde7c40e35e5f6e523701e826faf237c03d34671b0540000000a718e3d8d534e8ae83959c8d06ec10805391e6f27d1f5518b5592404f9a5fc66561d0803c1a90ed1d9a8c9d8d4fc5ec646e6436661f0495e9c734a809cda4d84 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F96F561-1E8C-11EF-B023-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a4537499b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239346" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ba6857d83a9ac6f3831c793fe803aa161db2e1551fc40bbf016e86c3dfe5e1b3000000000e8000000002000020000000e7bd277b15ede5efcd8e78e4e461244b27d30dd87fc4ebac92438a8ade42b90090000000aa5206aa43bcf84ec59bbe2ee5ff6b9ed1d0c111a2427760e1044d0c165d0d5aed6c6f370ee4de52bb5448364ec7f4586b704a7d9c8a5bfb5b2b9c2d11fa74c2eec83fe070eebb6ff220e679a227a0a1e11750cd11e8cd7990426916d383182c45326437e687c54970900f1b7618d13bc53c119bc6a03b7c9063a78b9969de4c685ba4dc46f58b9e838dbfe557d254bf40000000c05b4818997a2d9d7cc6ba543fe03d63e83bcfbefbfb9e1c8e7f9a400b393f9f8cbc6c5aedec7ff83c13c3fb2020980307ba863cb0bb4b4036fb26ce1e4d9b7a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8462e6b40b96ed7382b0703774fc3677_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2C7E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab2CEF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aca91a00db6347fbea1b6cb53aabad7 |
| SHA1 | 2652e15f6126839b70e60f1e21c05f456bf00415 |
| SHA256 | cf84c8a019955ee5387ce27d96ad121b554b910903bbbe504c62147c88fdbf0d |
| SHA512 | c19e7d5e8a573789f7ae98deb4ad7fbd8044be4c8b77f008b437a6d79bf8dc4a75bc7969553cb03ba1264c8187e3249cbf6d16ee42ac072ebd74bbe546001001 |
C:\Users\Admin\AppData\Local\Temp\Tar2D14.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 668d0d529048cbe644b8b00794ec64c8 |
| SHA1 | 760f198fd07c27170e9db179c698336972ab4136 |
| SHA256 | 5c8c568583ffdce3f8872405e7f30f098f39d6f48b487a1c7313829c10bdf809 |
| SHA512 | 88c17e2cc88cfe9e9ae3712039d3400e32b2db17ee7b6a5f4e4711df8d451fe67e2d8a9827462dd378d39a5253d90bec7d8733536ff9863b7639ac3dda36495e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3fc7526ad10c72f1f7bb8c51273a772 |
| SHA1 | 95ff61c3f94b26f9bb48836e62410e0044454e1d |
| SHA256 | 1f48728c3bf21e4aabecbe01fc6ad832a00a4c5ac2f7eb529f4b082e02edbe93 |
| SHA512 | cc24dc93af826acb5e4095108314cc8ebd3e62c682c7f66ef152784a497b3013b3295674a2b28239a4d8a764194655d06279f51e8e842320f95c46b635c7d471 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 754ec178bb328bf5eecc2aebf17e17ff |
| SHA1 | f3c9575993a1db7516bb8f3a7800c0c0908b410b |
| SHA256 | d9ef1faf8c1de65e5606f70feaae13fbaf1281b47deeeb128fb52f51ed4cd90e |
| SHA512 | f8cec3e3acaae4eff439178b85db55a5d10d91aa440be641ff3491664329708d00e1eccbdd267520c537b96b9ca0b91ec5a1a5aa71c2265434d6c3d29d8ec22f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 965bc1542070a0bf4c177a20404e95b8 |
| SHA1 | 18f32eba4bae95d76974e0cf9016594dd623a6f0 |
| SHA256 | 43ae325102cc6483774d7a7d9796a746710cd879ff8658cc2fe8fc92d0f11886 |
| SHA512 | 3384ccd576ede93ec94317a1bb6d31f139785b4da0b7c3f3ddc8d126d3db7dae71254b075823ab4cf6bf1f33be6b51e2fae25a089c4e67fbc2e7256d4f6adbb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80125fa431a4d2d3a02f52df96ee1abf |
| SHA1 | 6a86aebf585483a6496b21fd78939e19eccc71e6 |
| SHA256 | 4a9d51c94d1cdc76d3b323e26db6b3e68dacf19644dc83eea4aa25d46ee622a3 |
| SHA512 | 03b04acd1d003e1656cb8a32e3fc053f45a36090a5d1962a482e485625de938442027ed174745cf1e8218f6c01677b21d08d4e94166fdbf6e6932c6359df16de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a9bab2d4879d216d8edf6eb150297fe |
| SHA1 | a45aabab91ea93ab8b9e903c70c6100b26c20d8f |
| SHA256 | 827589167b006022c93ddad670d57f4d14a6ec8b2c8160c4997ec73e9ea3aa0e |
| SHA512 | 40a8334ef18ae7665150ac726c6d8af77a1caaea251281e171dc420ce28577e0f51301deb439f3725240b9e056c5b5f48d7b28c8dc8446f69a5bba9177b2a463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fb6969cb97ea8913bb27b64885c2cba |
| SHA1 | 8c6de220a532835d43030d3e3c3cbb0b0cf2eb44 |
| SHA256 | b1c27bee251e5bb3fc679e5f3d27e70998c3970514f03570f53fc781622e1010 |
| SHA512 | 8679b416a16ad6ea4859c685da81e4d70945801a0dcb02af2ca84afc2df8867bb5e69b949d32cd9c286a8bd6a5a2d11bd961578b85f6875703b3307e7d9f934b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b80804350d8658fe2b4876cb2118b156 |
| SHA1 | 882459512493b6aa02e1ab5997a5a238e54716c5 |
| SHA256 | c2fc4e7b4b649f8fce1d450a297515f2242f1f6477edb50b26d2c968b908e54b |
| SHA512 | 683a45a6fc1c1b063fb4c8fb01e72bc5324613f7f99cbd91676e0a9db95c82b35df9e2d455609a3268594310af3662db898209f841e999c71ba644c980414a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e26bd9017517b31f66e3d45c1f078ee |
| SHA1 | 4441664abbe188199d38a1d82e9abd8df2dc87db |
| SHA256 | 3783ef1628a721969a9d0879401dcd8e68e7ff8c4ce2897b8730cac1fdc64604 |
| SHA512 | 099a92eb4b9da222a9bb9f294f06b14dac569978a0997f65c6edd80eb84bfb3120a2f72bbcbfe23ef765634f65b23867628f2a0ecc2ff14f4ba663980182739c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b77ce9fe43f2d76557b4713f2d862af |
| SHA1 | fc807637c6eb0fe797acd3448be2d0f80672a9a7 |
| SHA256 | 202d67f22a34a5425cb957d6fc372d1efef4f41c7646342f1087428b06d2da05 |
| SHA512 | f9dcc07301d3934468edcf829053084d6dd7cbe7d3b54b35b1654211360a2ff73b82a2d1c750d1ecc73377bb0ddb1044b4b5949574516df6ff383b477b4ac209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 739bd60baf9b128f01a8c2f70548784c |
| SHA1 | ab2eac1707abdcfff4b25773ed569b53e98a863a |
| SHA256 | 9409afec880acba13fb25677ec200906691acb3f6ca9cae45fb04d77f9e21317 |
| SHA512 | d2ac3b35e44a7723fa2e76a3443be483b16169a9b8bb9533aaeae45a692046f1b472b6ed1f8d389ab71f36b286f30babad01358ad6922269cbde4369ad77c84d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0b3861dfa31945766345d4db60af429 |
| SHA1 | 37f491c0ef09fc4237493872fdb1a2b6fb71a272 |
| SHA256 | e906decaead30aa9d58c0c78713612e3d346f7af7272dcae5d67b7bec56a861c |
| SHA512 | d447b28177af02a58d086787804139a3ec7a25b566d82143a0d10a23d4d30475d61aaeb52ccdda491f38e9b0034f3acbafbeb9298e3ca18b52e7f7fc5c9e0b91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d28540723446735fe39f9f1cafeafbf |
| SHA1 | 00e4ec1d6770ab86dec8a0b6deaa5b96eedd4cf7 |
| SHA256 | 9d9921303f5861bd4b568bafd02be805480d898d46c6058b3b68dcd90fe385c0 |
| SHA512 | 387788528972db349267c4f89dde1eff4095df5f5d54bba8401e80a501eef2ea71860220d63d508fa14aa474af6f6570304ed25bbf3c3981cedc792cf656278b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd0cef034bb1922af3a16d37cc019006 |
| SHA1 | 55dd0c68865eda1b40179d16b9ccb2ad2c2f9d4e |
| SHA256 | 3de535097b96ea9603d0ae72bca5dcb912c70a812f4c469f5abd1a8e46360c5f |
| SHA512 | 8822182decd3d67f272d7fb4fe415036f80406c50ec2f91c87f8c3d8b8e789dab4c024820d2ed5657c9f70c26ad6dae9cbdc9f98bf69a095aba3c3b17f9c70dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67d9aa6c123fa6720973370100cc74fb |
| SHA1 | 3d2c54038c876458f6999324bb5cc9eddca98498 |
| SHA256 | 1e5b96bfceac75fb5f9af8d22abf9fae1645c935d7428a76d7ec07f95dda2150 |
| SHA512 | 8969e8303444edcb16269626c226d371d6fccedf842fd4d40505fce1ea1ad215b60d6ac112c2851da9140d6cd797b301bb5a2e6fe4ad99fa67bc2c56f62f0145 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b941f8cf7844c736b30a9015138021d9 |
| SHA1 | 174c01a0186ee54420d8ccba253afc5be9991cf6 |
| SHA256 | a74e3be7e58860dcf8c50e33dc433a62d6f295021db17992471eb6cee29ee0a0 |
| SHA512 | c78023022a97fcc600662418cf80626c173809323db6e392b6df6bf6768e7175da8216254effdbed441edc9170e5cd95d05e15f368a51e496cf66c930b63a0e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 997aedef9b9502ef6147700e577d800d |
| SHA1 | 4148e35305e4662e2c9c636ac64f6c4bd37f729d |
| SHA256 | a85bcae343abfc0d721b77d124f5d81d59ee9ede389f9560c9de23604dc0425d |
| SHA512 | 2d13cbda5c479d1fa7613b52b45b31a7ba5ad1cea7f5a04ef0cbfd6eddc863445a951758ec4f2ab1c16ca2731b769e895b17b5f7b3fe2d3fd4f3d9206dab4ed4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef67df43bb769270f26285ace8f97b47 |
| SHA1 | 79906b6ab966b30d970f025b3ef31fbc55786edd |
| SHA256 | f6fce139f2d822f9cfc6f69a9d6b9125db60e1002590528b7b4c4a5d8942a302 |
| SHA512 | 116458ac7ed355191d17d3fb5c84683d57c520626bd104abda41a1459bbcb4cec0545e29e1b28e79e929bd96aa018e779ae6474cb40d9134ca6d0307a6fdb9a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9980d345ce3a535fa04f11cf639524dd |
| SHA1 | d063a68c03f84be59b72fb01a38baa60e60b97f6 |
| SHA256 | da9321fcb1d2ad3087ba00635831d8cf3754950699e49235a67bb7861df789fa |
| SHA512 | 65469725b1eab4a8de5c50d6e0e161bb71afb81cc3f31909f5c51fd6ef1667457dbf99903d79ecd06b0327f2d8da1d2622871ff7706ddfe7051a5a57744ec340 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1ffa351e1db26ba4e0f95ffe75c0cee |
| SHA1 | 7f6258f161dfd3ffe7649b30a7897cb4007c7862 |
| SHA256 | 678e78ae08a8a8ad6587613718e6c3d440ee5a8522a032afe62b1423a2b45454 |
| SHA512 | e6b4e926c790379807c9565d8e54164027b4a6de4a618b6e6211cb66786fe79f08cd3c815cf5fb42a1abe9a738dcf6907f13f16152a327a8c850fac4c0f3f75c |