Analysis Overview
SHA256
825e6310dbc16833c3ba0c38d1542b4d9cd2ae295f41f5977446b9c9a9d73682
Threat Level: No (potentially) malicious behavior was detected
The file 8c7d2e44b52cdad23ce6eeb70d9af2ea_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:39
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:39
Reported
2024-06-02 01:41
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7d2e44b52cdad23ce6eeb70d9af2ea_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2349674763556829056,3448556395243463538,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2724 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | int.dpool.sina.com.cn | udp |
| US | 8.8.8.8:53 | www.jscom.tk | udp |
| N/A | 10.79.217.129:80 | int.dpool.sina.com.cn | tcp |
| US | 8.8.8.8:53 | 12.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| N/A | 10.79.217.129:80 | int.dpool.sina.com.cn | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74d94d169808667fbf73c42bc35106e5 |
| SHA1 | ec621f0d395d2e371217504f5bad0277eb0a7137 |
| SHA256 | e1ec95c72bcc609a723592df0191c524e602a62fe5ede8c2c6ec09b539bbe13b |
| SHA512 | c447ecbbc5819af4d8a68e8e7e7c12584b5bc579ba1d08031952d30efd76ecfb25805e04a50054d59ac573f6ecfdefb36de5312e6c7063658cf0a3d877c6df7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0cd292f8fefd49d551088e601645352c |
| SHA1 | ede6f70416c3ba4c02f90ea4f3e17cacc7817280 |
| SHA256 | 1f00b72211ad49868bcb29ee618ea5514d6436e683dcdb23f2a4ae5d8fc5b8b1 |
| SHA512 | c9781ef4d1ab43db4e84012ecffb2c450b90a0081ec00cad95ab5409d4b0ef72bbdbfa3390d27ecc831b082072b65e08500916e6e92dd6ecd3817574346535e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 478be705599818bc98f2f90dc3c4ccde |
| SHA1 | c4a52d6082d71d371c203206b726cda34ec76c0e |
| SHA256 | e0fae327be337fc1b724d865dd711c96230e17c7194a156e6b55aae34224a267 |
| SHA512 | 9a6668837ddec2673d861ad48f6789a49ede557f1ce80d8de39f4a523b796a5eafef6a1cb6563e5febf90449e6c272e9f29d51acb6cc8c88bb5c83df01a5b100 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa547e1ef52139ce460adae1d16f2b11 |
| SHA1 | 9040b0ffd255bec9624dd9b2f5d3b22fb44701c6 |
| SHA256 | 16c1aa1e4e5402d340061e9db98711743a8c36e17004e66d2b3268a5a041e540 |
| SHA512 | bab9e46f04fa06f04a1054bee86d827c856ada53300fad7cbf63d6bf5db42aca19ff515bfe76751647d6473a3b22a95a7a97ab5c6474b431e8a9fa7e7417f77a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:39
Reported
2024-06-02 01:41
Platform
win7-20240221-en
Max time kernel
117s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ec29da8db4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e63986395b366d45b7f735fba3951e9a00000000020000000000106600000001000020000000c3b29935f9e036f068fe4450f371622f3455bde4a36e79c7b776ddebe9926912000000000e80000000020000200000000292f1bd44e020bdb6c660826c09d9771a83cb1cbe1a81d344aacd751d2bc43c90000000f94a9fbc50294d408f5eba0fb1633f2e7df02b4c8a7d966709d60bbea80137e9303a441e1667d660b5db4c1ab2965919222c6e22ef4bd87861892ce47ada25d5015459d7643c079d3ef28dd75dcf34be3681ce1ac7ca45d8bee43af461abc9043439a493d36953e7c40aee8bc58dd87dc75c6ce3b3c3f64051d93918e7f8e42f0cac4030a0b63e74ab3f26bfc0a16b4c40000000e6ed93a47f37c912d6fd38bacc2f547c5f45f318c2dcbd4f9e2dbc54f48a2b03af62e4ac98532dc5fa07cfc37e4b62bd518e575224c8025877efdb4d44812aea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454225" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC45C1C1-2080-11EF-822E-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e63986395b366d45b7f735fba3951e9a0000000002000000000010660000000100002000000077b07e4a9b00f56d0f49fd9a4c6e9f6af671c15b175172a30e22233a9b304d60000000000e8000000002000020000000beb5b4b37609513e577d520a8b220d2ef6bece6b46f82adfd540301eae0663a4200000004422a8052779d56a08a70fdccd59ff5d97c57fe6b92e1dbffc08243569afeca740000000ccd2bc745005ccdeb37c52ff31e8e62c94798c8cfdbeafc30ed239c2ef0c04a4348f60c8f620d0b030f7727f7ca6e8635749c0f2d51c764aa3d6696097ed0fa0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1736 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1736 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1736 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1736 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7d2e44b52cdad23ce6eeb70d9af2ea_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.jscom.tk | udp |
| US | 8.8.8.8:53 | int.dpool.sina.com.cn | udp |
| N/A | 10.79.217.129:80 | int.dpool.sina.com.cn | tcp |
| N/A | 10.79.217.129:80 | int.dpool.sina.com.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDAE6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarDBB9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1412446dbe6752e422f2faa99749c9b |
| SHA1 | 530cd00a0353ed892a579c1318eafbbde7af1bc1 |
| SHA256 | c5c2c5a1b55c96a1dfc4ab7d050c746ce06b613940e47f9a472dead787c3d648 |
| SHA512 | f6dc302f5b92d76384e723bc85a7a7296aee60a776fa5e217f3359fa34300a23b972e040761313fd2f90f066cef0be4f5f07a6602d96975e16fdfec3e5e36b47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f93586ec61e64d9fa47190f68349ea5b |
| SHA1 | 2af1544f8c2e826d32a9581fc8c249829cc2c666 |
| SHA256 | 1b57258ef4d83edb465d454042a8c6fa67b1ca0e6941627b3960a68b28a995c7 |
| SHA512 | 41833dcf5fc5c85260517016abdc8c7d69473871bcab5c6fd04bc7793a993d0d5dc41248f93accb6703909f1de54939f3298297a206eb5b94686a6c6882e9cb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99ca3567eb3ae62611de87b61d99e348 |
| SHA1 | 01ae4e70ee75a9f1ac9c24fd3d54873190fd74d1 |
| SHA256 | 2dbd8662e6175682067dbb7ffe78b7d322c24834fc5917118432ed23fb114528 |
| SHA512 | 04113437f1335a9eb0589e8f73ffcd4e2ad1aaf3d3aff4b170b38c664afe757c9d3b80f6291171d4183c686ab8d398a8f0f0ae280ba058446f68e5f11195dcd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 909da8df1ff9c9d2ba60f2db745f236c |
| SHA1 | 4cdc3f5430e2c5e9397cd6e69275bdc2fff4846c |
| SHA256 | 4db5f1bc16a0c5806660218a791af5a97d67a2ff000b49323bf05ccfef6bb1d1 |
| SHA512 | bc160632627aefea8450df87a35f0a3017fb1dc9c6f90a0eb3b046694b52ce44be685c7f7a52dd4912c0490c99d8c915b72482f9c8451faa138d93a6feb3d603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 922d82e415b414800a53e5666bf7198d |
| SHA1 | c32bd027a5b316a82ff792e29e32c0c82c26f897 |
| SHA256 | 96da245397341bf342f76da800ff6dd1252279ae030a1e052655383bb6fb1a0a |
| SHA512 | 230ca85a026cb41a989212af2560e9af02e1d20c5487d949c7b0f1354156d4d30d4c6ec68607b3182866d8181e4a461a429b78269d1f5fe10d2ed122bb0f5180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ba60f15e4737f643b9fff5c098d7b32 |
| SHA1 | 5922459d9767adc18707bf8d2f097a4f90a539cc |
| SHA256 | 67e20a96e6ea1f2e9a282935ceeb9ac311ec627e8ad20eb001b8dbe555878ee7 |
| SHA512 | c358ec2b8f57af7cfd57cfb274631ec467448b8736deeac4b7a19c6ed019c26b4b51c1cff826bc5b70a142e071f27b6fd1ce25904508eb95c89724f82178ac5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 347a4010cfa2f47aa042abc7bbb36b01 |
| SHA1 | ce63c4268568686bc40761b47f865738dd9263f5 |
| SHA256 | b8627c3711ada1c6f73006b21b510eb668f8147a6cd68b040d084ae486143638 |
| SHA512 | 333f753f4432d39c87c694621ab903ee6530cb18d1eb338d169d5075f44f7443fcc63b880dbb945b3bf4fd1a73b6cc29069d9652746f1f2b871815b39c55606a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 925038a469f8f0f53d51abba9a30e463 |
| SHA1 | 77493d31cdcf38fe979e07ef33b40fef87a0770a |
| SHA256 | ee07b9c2ddf674a3b86fc4513938057662955cab2566f345734091a66aba2367 |
| SHA512 | 7bda2dab2d209de765a73056f2a92253f5bf80ab2b3772ffef3933cc167972da85913a0b506705445049dfe82f23d90a05b7012ae1367482de0d6b0d293e6c4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3660023531891e04ad8daa19b2e036b3 |
| SHA1 | 37ed70a5d2a8594c7ab0d037d3a54d001e8cdc26 |
| SHA256 | c78d6ec55086eee387ae1e5023d0c438f44a262b0ce2b6e81d7e52be8de922ea |
| SHA512 | d4d0735f6ffb3be6a6812b3d5b9616d74914300271ed7d42c8fa391efcc7de48e84d9ecda877f1a1d7b289e76a49d21ee4caff667f1ca6765d6f78530fd63752 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc8b75272658d173f67be8ca4babae55 |
| SHA1 | a8f500003d24b27e356f16e51d63a838a0be5ace |
| SHA256 | ffffe360b50c80acd1b7c6578433dcdd5eaa35f3bd5aa4273f26367f1217e618 |
| SHA512 | 7c772b4a6f048a112b813be55eaec71597d8f6876cc36dcf3a0f3229542c89e49b1386d4492b2debd485937ad1c33bc501ac86ce43e4cf9ef403909857d1c318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74a7b8fbd1007d37bd37df440de61b42 |
| SHA1 | f8b6ea9ed1b204ec915642302e2b7c3d96d7970a |
| SHA256 | 3de5b61db3b159d9710a17c07ecd61c2842f74260f002933937dd3beae2c3d6e |
| SHA512 | b3e39e9034bba2315e1cc82be8e7e80c02608100703346fef44a007c145d5be466f1dd7a01212f0e13bad2a93562c8fc01fbde8941bdac47947d8c43505b88b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5a3281cb49bb239c118be5428316cc5 |
| SHA1 | 8dad9a597e9298e5264583bf0070b44714231c61 |
| SHA256 | b26ca92ee472918ae736b06ae88bfe4756f30f6a24e56976f58ce10aa1f37ad1 |
| SHA512 | 2f68ef81dd9b91fac1c0e1045b95a071427640c6fa771e488ac59a1635fc6064e75244f22a4859bed0968abdcac2c0752710b9007962b260722f269006aaed0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd3fca9311aba0935d3fed8e5f4fa531 |
| SHA1 | 5552e6db29bf56cc07c823c5db52171e057dd7cb |
| SHA256 | 58f2bf4cc77b61b79063ab41ca81da77ef86f7735537b5da2e7204a423521f0c |
| SHA512 | 54c8e8e6ff017c68469dd5fbd1e657d6bb2dc68e7ba0ec7eaaad66e547e828c39cb5ef8f16477dd5dc09601b85e8e9af1472c36719c798c55a4d3f1d09ee0d16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44caddbbf1dccbf2e387844a5042e4a2 |
| SHA1 | 96d92fa93cfcb6f810b88643bcc1f9e5026b3894 |
| SHA256 | db37975e63852d38ed800a9cb9e2031b831de9945f6c8f4e4fca12ca56e668b0 |
| SHA512 | ec35d852b43463b71783fa7ed2764b7785772a897fa0e840f75e9af497252369c693b643bb2378596e08ea7c4790fe22f192c517641c5f103eb5be6cd2a1e394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfcfb46305fc426e3e5b53f41712b6f6 |
| SHA1 | 629debc8eec9fd310b217930b5a47f3f8d25f6b6 |
| SHA256 | 289bab5d96f07baa47a0b1e94e7edc6942f3622fa0601aaa05ea8a2194c2abfb |
| SHA512 | 2cdc3bff697b2971280cef84010e3d07dd5bd5a64de4c02d8ff42cf6632f89ced37889564c674df158ee38cff1498dbcf63ca293640988cb2dff5ebb3bc21ece |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ef0f8c66474376d91976f2259db54df |
| SHA1 | e794d77c6ed293295073eac1887904e22664bf65 |
| SHA256 | 9f0f3a6ba58b369ccbac743c65db9f1cd23ec0ab63d2590e1522afcf90d64847 |
| SHA512 | c25023042e6d47fca93797c0ee9f8567e4ce86f6c7f2b1b30c18fd539963dbf20307f862fe6ff22a2c764246339c31273297710b24ba631dc7f0d979d8cfd5ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5200e491dd452029a39fddc3fe3b2f83 |
| SHA1 | a10d21cf7ff56685a6d0d4f3c4ec42c5c5d0e49a |
| SHA256 | d2f549f6c2ae979faf8122a7e86058f6d57c58824c1c85c490b005fb5d126b63 |
| SHA512 | e65c8d35a1d4954d3fdf7982f1edf07d09983d258f1a13abc12afbb159b2fd9996648029dfb05ddae0dd6c96a2afe9421d412d31b0fb07457de39d34b89b526f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 152833e9fef39dba677f0c55eb849c67 |
| SHA1 | d15c0cf39382142b9e6f044ee5e4aad6b0d5b139 |
| SHA256 | b1f6373ea446946803122497f7b17ed07cc20f5ecf0fa8986cb457b4cbcb8873 |
| SHA512 | 23647b6e6eae211a848f490934ecf4f2cfd230be66c05de84af76e7b43bb88dec4c4e9bca6410594ec64f9bff7678f7ea83ad2b797372347d1ea402c41633a7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74c1c6a1c4d5001011904cc0ecac384a |
| SHA1 | 559967863e00384a812b58c4302a5ecdadc972ee |
| SHA256 | f09533f7fe7042a19d61d9a71f5ac7897bd57ea118bd2cdf79ec90a482a5fd2e |
| SHA512 | 5777b1b9147bd471daf584198500f599d07ac585b238869614803537cdc4c95f7228f5480f06b9ca5c7f030254b635bb8df5d0c50329968131e961f8521b15a1 |