8f6722c6c0a66019a2c43bfe55fac96d32195b7ae295cc848fa1205b8ce2c649

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
Size

25.5MB
MD5

8ae30c8be4625767a1073a1912136e2c
SHA1

227fe088986be2a394fc3ba9e6f4a992a08759e0
SHA256

8f6722c6c0a66019a2c43bfe55fac96d32195b7ae295cc848fa1205b8ce2c649
SHA512

3f87ded5e2d481dc5a0ec0445dac0afe2aaf004e3b0aff3b0edacf70b602011cf8f215757edcd2516a39715358f4672c0f27e235e9035b860247ee5ff1639c45
SSDEEP

98304:XX77GBfWfaOCzIDQOl/1sYOXwnS4rVPS9mKV:vGBfWYuQo1BIBmKV

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Cortana.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Microsoft.WebMediaExtensions.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.Brokered.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7zFM.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wab.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.Brokered.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\GetHelp.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe_	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe-	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e85b5ca2d1272946a4d1f0b183b85ba500000000020000000000106600000001000020000000458ebf80c6bdca1de37f47567e8ff473b2e05f1a8d7f56b82c2495ebaf8e3457000000000e8000000002000020000000d69573f0f7c80a27d1ee9379e87bca38f00bd0496d8cc9146e709e711b05a6c520000000d1a09e257487bda1f98b877df5f6957d83ac2dba5f61347d896c91202f37bfde4000000090796fc16ae36c719440a80ce53dc9d17a6ae69b648ba2073a075c1a761e5626f270d3a1828c74c653ce289ad033dfa6b5d28846c53f11a1ed00bf496bd3cb2e	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7000432438b4da01	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "560248362"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{47E7C836-202B-11EF-B9F7-C69DB2B6DED0} = "0"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424020555"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110200"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110200"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "478247733"	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e85b5ca2d1272946a4d1f0b183b85ba500000000020000000000106600000001000020000000565eec298fcc32340e29cb6f4e8f9cafe1dc9feeb1827fdceab8556db5d02e82000000000e8000000002000020000000bac316176df3564c1de64dd7253dbe211d55d8f7e72361f954e59d0c1d2492f220000000c6f6eac8463c34f1350a322d0a3dcb52e1a615c76f40490ce144941f747293674000000007d03b854d82195c7a8cc22aeed1b49df7d3d76ee31a39f69ae84820572974614580fdd2709cbf432a13bd4542a70b0a3c2d2f857ac1f01f56c31f39e972e873	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "478247733"	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ceea2338b4da01	IEXPLORE.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2464	IEXPLORE.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2464	IEXPLORE.exe
2464	IEXPLORE.exe
912	IEXPLORE.EXE
912	IEXPLORE.EXE
912	IEXPLORE.EXE
912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2464	4948	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe	90
PID 4948 wrote to memory of 2464	4948	8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe	90
PID 2464 wrote to memory of 912	2464	IEXPLORE.exe	91
PID 2464 wrote to memory of 912	2464	IEXPLORE.exe	91
PID 2464 wrote to memory of 912	2464	IEXPLORE.exe	91

C:\Users\Admin\AppData\Local\Temp\8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8ae30c8be4625767a1073a1912136e2c_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Internet Explorer\IEXPLORE.exe
  "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
54929d49151f3d1deb92d4882fd7f29b

SHA1
74fb1bea4c7ba9b9c69aacab601ad211cc80e12d

SHA256
39e5885ca8868a5612268f987e7007fb20526221c11af4e62426bbab4fdc2141

SHA512
3900823e9765f7cde1d6148c9d9de8079805d30f421728cf675e1c1264440be1a037394edc9c1e0a4497d2658d7897784a96062b6eb1b829ee1245fadb83087d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
0334c7de289c66fd589df6fcdc38bd4e

SHA1
4945ab2552acbc7deeb95d08ebde6bb0f29f3b57

SHA256
89c379b4a36fed0249c7aa669440cbfcd2f21c3de658ec486a59ac2ff626afac

SHA512
1741ef0383c081e453dd2b6fd7208673f3a12500cbb402fe9a0150688381a398dfa081c37ee9fccda8621170cedc2b18caa2c78b5b15d77c8c5691ecb26fa22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\odt\office2016setup.exe

Filesize
30.5MB

MD5
2f6b406510e8db585511289632c3cb4d

SHA1
fdd61276f4cf5a2144dd1a9ed7bf82da9d3fc2ee

SHA256
c0f74da3f1de2bf4ae644a7d2a6678bf996623a60b757a3cba399cd1b08e0f81

SHA512
cd9360edff8c0316c9ce53d99e05a84b87d4ef2d6a15f5a38630c66f220520ad12fe622f5e9229336af1a2caf0cca36a5fe617b9b3f483b73fbae6ac7cde69cc

Download Submit