Analysis Overview
SHA256
891c87ddd508de28e2118dba39b76bc6f13320e8b01561890f48e216fd3fcc32
Threat Level: No (potentially) malicious behavior was detected
The file 8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:50
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:50
Reported
2024-05-31 15:52
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a6b46f8,0x7ffb6a6b4708,0x7ffb6a6b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2344,8860958320372413101,17460024696146421380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1376 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dicksontnlaw.com | udp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.90.14.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c249bccd72b3889108f1611c58e24eb3 |
| SHA1 | b7c60c3129a015f327156897444035e4c0a558f8 |
| SHA256 | 281e42c5a65d69e25375396069dd5acef895f84542b81736814c7d3a235a49a6 |
| SHA512 | afa865c9cca8ba810f9c6c0bb97bbe3cc3129577853eb8e4b82300c9a5c8c7c01cf145507b7d4648224a8d922d5c848664d830b5eefa90b5427d19b14a5ee4bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82d7660797332a41f8eebda62c5c750c |
| SHA1 | e7786627bed4e02f601965a05b6d8d016a02c420 |
| SHA256 | 2252d93a428e71044169bcaa93f14400bc4cf83e8d9fc1f17e6f85b740b90b87 |
| SHA512 | 8b6f8b00c404fba116a9db40444c26314a4a8490149130c60eefb6491a36dddef216b85e82d6a0bb28a6a0265f385d2624d901413994bb80cafab18de3cf1424 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74e470c2687f8bfa06d209250e0187fb |
| SHA1 | 9e04291127d463db6c5fc903c4d57570a30bd0d3 |
| SHA256 | ebc41fa250f76edc56c1eab15a83c13493eaa76a7dd8b1962349115be8d9102d |
| SHA512 | 05c89ba6756e24a6ef6ec94df4c2e6f6720d03ba98651fd4e93666e2a7c6c93e4d90c95e46db7b714dc36cb1433141bc0c696dfe10033b106580c73c34f81105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 073b7ae0213ebe5c16f96885633bbcbd |
| SHA1 | e2547b43619a8d26ab884eccbb7cefd69cf0fd57 |
| SHA256 | 78fc9c65b23f0f710a69f1f120b7ece5f44033fb437f7e419fcb2ddf7c21e4e5 |
| SHA512 | 8f173c68315f3871754e0b7aa563dfd9d34658d5d0bdb1b854da2951a069cf23ca17766d92f3044a5a34c5b51da8f727291334dce313fb2e9563f087554ca560 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:50
Reported
2024-05-31 15:52
Platform
win7-20240508-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DCAB7D1-1F65-11EF-8DB2-F2F7F00EEB0D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332491" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2416 wrote to memory of 1400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 1400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 1400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 1400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dicksontnlaw.com | udp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
| US | 132.148.99.124:80 | dicksontnlaw.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab210A.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar21AD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b88a59e6f6bebb38aaf42f12b356f10a |
| SHA1 | ade5ecd2bb6b6a333609a5402e616406cfbc99ee |
| SHA256 | fa3d41fb5dc5993d323fbc6379b0b528f2607fae891c6ec473a810501b42b34c |
| SHA512 | 2a2a18c634021789d7250fed100e45bf462998144b038f3425694eafc283fde939672e3b4dc380f2353e7306c3db344ea80393c670b58f1e07c406bf826af950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 816d16cacb751eea0ce667348859e8b6 |
| SHA1 | bb32e3327ae0eccbb8bd7f2d1055f58969e90315 |
| SHA256 | 4ba8dbf3b1289f573447d1eb9cc280b22751ae68e01648f0fbb64e86630da1f5 |
| SHA512 | 7d6db75dc8b54f1c7a16b0e2bcbbd417ab9faccc130530919daa7a35c570515d243edcf548aaffe2f010c941f26e30ced7c303cc507dbf025dcb043903d07750 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bb4c7710d617556b3934c56f6d827df |
| SHA1 | b0df9c6b504f23c6de92adacfc08818042ecf963 |
| SHA256 | ae9fec109661e35c9deb3af6bb9f8f6035731ec5bc1be6e42e85e5e1254e864f |
| SHA512 | f3cb9eff6d741cb86bf8557dca867ceb7d121ea022aa978c3f086182185649616e01208825ee1489f45b8794e6de63ffd1f8010d739f55686b70fb08a0508797 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48dbfc2c4ac51ac77bfc1b7333c8bc8c |
| SHA1 | 9b2557d4018691a7f4442889d0ebf4ccb028fd7b |
| SHA256 | 6b1c6c3da7e85c544ecfd8dfab766589f95f022483312edf91e95d0b26ee0274 |
| SHA512 | cbcc23ef9a2294e56c1e7168e449c43ff9f55325c552ff9698fa6afbf4df0253351d536188580128ff09472d49fcb78eb7d7b2d0886bee3e41f6e24926e7b6ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b40a2472682b7cdb2def1c75e55ac8d9 |
| SHA1 | 0b8aed1e235e8b07731cbc28ea1c8a23ee268757 |
| SHA256 | 41866a9452af3eafb4633d0b409de6695767a49b2bb96e2e8290ee91f454f488 |
| SHA512 | 87d30b73d6f4ab04645fbb17cd72b958c7a381a1badd5ea60d4f08e00aacc9a3233a06884e8c27ba057486b87d45c8f589da1dc430dc352a7acd3cb4c96347f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f76932ba9cd318104421803e7eb24ddf |
| SHA1 | 2987c8c4c5dba3697a5ad134d079dd9e5faeacac |
| SHA256 | 22c5df9f4d64e47e547c99149d77ff34382f0c6a136cc465d72a251d82b89808 |
| SHA512 | 16cf321c6a203482726e49ae4b40f42528aac309481d53491103a07d5e33a4f32047b73e47439d75f10a0870bf3b27b34a327eff89a6a95f2d7bec41ccac9a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f28aa5c7bae890158c2717bc0a2a75a |
| SHA1 | b174384c0c64ee19d30f748742bcabc6fa356d1c |
| SHA256 | 97b809bc81a30968760a9cdc5a25d7cca09da91badcd28859c995d862c86cd14 |
| SHA512 | b05fe7d60b910351ca14367f8fa5f2b0bbe1c8774a3870685da2a7e33cef15581527dab13e5ebaf10ffb198fdd4fdc54df032c0f1bd8ec7326259d2fcf0c1427 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8262e4e30bd87cab2c59b56d386c180 |
| SHA1 | 3429ef952df272c98cb47d21bc75b701596162e0 |
| SHA256 | 3aaf438e17deb3666bce0986936e74fb7061d90898a3b4b79f8f9b3cf68a4058 |
| SHA512 | bbe879eb42d42851fbe1f7243de09b8a83eb6e7b2baab220363608bccfceb49ca95bfcbd65fa762d270f98d6c7b3f750eb43ffe51d7f7db65cc8dd9dc5616eca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b526372b235414475438b647ea4a500 |
| SHA1 | ea05a057b3013899702c6931724f32653fce130e |
| SHA256 | 6e1be67500fcd55217e567cc03eae4a6b53ddcad9a400974866ff2084404e055 |
| SHA512 | 1470001b9327d66f988d54601a6fb9b43d2decff6fe2504b2d13fee81220a2a4219f9abc01aa4b3611ebfe0bdd7723fae71267dd26c01d23a1728542abd426b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eebcfb4aae7de8b036fc5328c2bd9c0a |
| SHA1 | d7e58b093ab21ba1cce837e1e41fc63128e724ee |
| SHA256 | 410182560bdd2cfbe681b2b332cd829bf129d02db37e02183c5909f90fdb9fc4 |
| SHA512 | 2f45186f18b3b686f78c1da76fbb4b7f7919f061795f8b706c8ec3be0923f2908790de20da49c308bb214af0f4cddc79478c9bfc1512acfed9265afebeee7b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9a723daf2aa1c62109cc11a9af2108e |
| SHA1 | 8b7abcd08611f1d62166b3409cd7a96753e93cdb |
| SHA256 | 9284160b17211276ba3f6acf383b05c7b235cd46abbe789fe402db16878aee42 |
| SHA512 | 06d31e32d1768459a557cb873d1b87f16a73377d4992fe276daa2ae1c6d94d53369a7f914939be2e965e4d79fb6ce3dc6f95ff93e5a6f3fb78ee7af305cd767c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c0cea60000497d7be3642a1bad275f8 |
| SHA1 | afb9a7acb91a96e731b0a4582ca6ad7916d8120e |
| SHA256 | 830b68a8557f951a79e9701cd01f94f3d9444e0b6dc34301edb2020af56ce072 |
| SHA512 | 757297c67dfaef3afd7a55c749e3693b45c057b7a5e466bde237eea1844198c85b379e56ddca873a61415e98befd3f5d33cd6e1851ad247117825b09476f721a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35aec93d42c318ab93d2ec6ad70fdc9b |
| SHA1 | 3b87769b829e0e7bca5f8c923eb2f077b77ea92a |
| SHA256 | 2976d0a18a1ad28a96c9822d726f554ba8a3e43932ebde6141429034bd9e244a |
| SHA512 | 3a84371fa5623f0d0b5c705b55fdcd49e15268b80813a03224e79d90a0ca5a628600ca929c4b6f44219594b5d3f06428b2b5b202456f34f4d351afd561fc88f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 405ab876eb86e52dfa5c837a229fd10b |
| SHA1 | f50e0611081c3460b17179e1897bb6b6a5c52b51 |
| SHA256 | 26c888cddd20b98a20ef7f2a71610a84e1cc5f0fda4be93ca20b17b4251bab59 |
| SHA512 | 9eb13f83c2ee9b6c5bcce38e6c1f010dd284db0cef8bc7e9f8ff8136facd524b43e225d102ea6263833b21bd36373e68772f5cfe41c515cc0878b87e398e1da8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e554e122394419ca79e2f19d0159633 |
| SHA1 | 656089728caf9ebcf0bcd9f87b58035a7486c945 |
| SHA256 | 68141aeb648774d2bcef8ba02cb888622dbc4f39bd9fbca8e7cae85badbc714c |
| SHA512 | ba36b2c65e7b35a95d4c8deabf6d00534962e36e9085e21a81c3144db2c885e5ebb971a2093d987c81ded551b8fe3b626200aa1dc81cd4dd401a88b4184299d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3528808fddda088da344f2328b02732e |
| SHA1 | e73569ad94401f11dfc92bfe574df24a8e63d46d |
| SHA256 | dc9b3969750a8b469c79f3d2b0c7460b50a7840987685502bca6295efae20828 |
| SHA512 | 6c14c355772c252c3cee0641cd4ad894e5715db5deddb3298856a5ed040e5e7bb9b9ca8818d353d0e51d6d85fc3a030c0d50fa39eebbd2e204b3e70a9ce2798d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a1e4fefb9ef20f3c2398fab601eb386 |
| SHA1 | fa57b5b485cfb04df144ecada070f1283846d4d0 |
| SHA256 | ebb02169e36d0940f580b2fb0fc3baa0b70631ae817d9d0285ea4e41d9e13597 |
| SHA512 | b5c8e69fb6a86d82c0bc987d7c7047015d5f48fcb6c1fa5b83e01a7a16e651e6f941b13e59ab39802c581b2403d0c0fe8fff6f371a0bf3f6bb48c7a67737f683 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcced74ffe1639fc817eedc109b496da |
| SHA1 | 31775a8ecb9e7b419a84ef8a336dc05f85731075 |
| SHA256 | d9353db2761c3f60e55fc2eb56ad4777da2a50b989bf43472a7d14427ed0dfa7 |
| SHA512 | b04730b3ccf443676705bc9067ddaad82cfea991370493703b3e386d24de090845cd5db76932eda5690edb4c8f14dabc135b9a9f4e44d0c1c758f723c16da38a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 756bf8c25179ae47a2770ae2a1e092b6 |
| SHA1 | 5a945bf14e353dd1dcbdb883847ff084bde74c81 |
| SHA256 | 71725956fe54c3849886595f9ef1dcf52b9b839579c1dfdec84d2f314a1156e4 |
| SHA512 | f6d0a88425f79e1eee5aa6271c458d682c0f539c2b4dbd4f8bd545203dbbc8e367844886335fb2124175fe420a572d8b67b9184615f48217105a737f9a536f57 |