Analysis Overview
SHA256
daaec3127e1683e8aed2f261e3386c552e7e2bf56a04aa97e6fd0f2d73b09b9b
Threat Level: No (potentially) malicious behavior was detected
The file 8ced18c4ce5f2e759972b5d5e0f36ab4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 04:46
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 04:46
Reported
2024-06-02 04:49
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ced18c4ce5f2e759972b5d5e0f36ab4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9166794260952038979,1177839017898892325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i2.cdn-image.com | udp |
| US | 8.8.8.8:53 | www.assignmentspro.com | udp |
| US | 208.91.196.253:80 | i2.cdn-image.com | tcp |
| US | 199.59.243.225:80 | www.assignmentspro.com | tcp |
| US | 199.59.243.225:80 | www.assignmentspro.com | tcp |
| US | 8.8.8.8:53 | i4.cdn-image.com | udp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i3.cdn-image.com | udp |
| US | 208.91.196.253:80 | i3.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i3.cdn-image.com | tcp |
| US | 8.8.8.8:53 | pxlgnpgecom-a.akamaihd.net | udp |
| US | 2.17.251.4:445 | pxlgnpgecom-a.akamaihd.net | tcp |
| US | 2.17.251.32:445 | pxlgnpgecom-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | pxlgnpgecom-a.akamaihd.net | udp |
| US | 2.17.251.32:139 | pxlgnpgecom-a.akamaihd.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_624_KUDTTXZVWQEUMDBJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 790daec39c3c99235366c805e4ac7f22 |
| SHA1 | ae958bce3a5e3b527e431d7df54e4ee903de8f2c |
| SHA256 | bf929cccb091d88e9faa99922702b2931b896b2e97bd28df6cf8b97d1d1a6005 |
| SHA512 | 2f2c224c82e40b2a9dc37d138263f88c5789f5e424bf9e09e7d11392dcaa5fba83e47c264416b46871baecc2b4f86c3f53590b461cdfc24257ab467ad2a10521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d4df29bf5f3e59658e1e551e58286ecb |
| SHA1 | 7f7e723b898b51ee5a410cc3623b6719fb17405f |
| SHA256 | fcb4b63120b0ee2d49036316204f4e84338e8663aa4e261b555c770a4fb2f9d8 |
| SHA512 | b60c94c0ae752c1d915c6ec592ea15ca0ceb56b2db70345fc236114018edc50f38a11cb84a222a039bd34921b10946da4c15959ba10f7bcf545baf4c48498003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ac1afb398f6a9392365676ab224df3c |
| SHA1 | 49f90b0b1d8d0d813f0c56cf22a36766bd18c496 |
| SHA256 | 3bb1655bf23dde32c0d572b68530689fb2ba5eb2b767110c23f569960513811d |
| SHA512 | 546c286d9d3e7ca13eea50ff6c5c6d4d3a919c4a2a38566d0afe702726fe5ffc0708578087e457aa3582f9e58a06caf261cdf5e3477405592eb91978034342e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 04:46
Reported
2024-06-02 04:49
Platform
win7-20240508-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000055ecd65de739e0ed49d3a79f924b0531d25b5616d71dc43e3f5fa080b963f991000000000e80000000020000200000005d58ce7b61204c79157dbf2425db3326f5338e363474becd2412f58f9fca67bb20000000bd91f6293e31c0dea075ddd956c012aaec987c9e27f5ea9ce0dae29585deaff540000000147692fb729ea32969202c38c60c706435b65576aeb1f029379dc173fc6b8b986bdb496179ebfb64abc36f34a6ba90aa1a58441f2d3384fb092066d7d7440415 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1864BE91-209B-11EF-B04F-52AF0AAB4D51} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f534eda7b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465467" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000031a6096d5647b932f444365b88be72108d1039f47f2802b4bcf713d74dd3a1ee000000000e8000000002000020000000aa3574b8953e9c73a474c8ddcc9a212002c0d17de5ce580b2a63023cc7831e7490000000982eda33e9284221c19cf1cbd36109eeb31726b8eba02b5e027f4cfe2e32489d794332ae68733d40e8ad8c81807790355998ab79804d673b3e3b0e747de05abbdd3a9ea6ac227447136564bdb108890a5affb525e6a3687468c0c90c626f6dfb5912bf339e91c73f0642ef86b9a44e38a274341b968bac70966937718a46664af8c70a76a2d3095cd0c7396455af16af4000000052d58bfea46c74bd4cb9104fd870b2953f5e21b122d15da3132264f9db3b93a7d400e06e26b91b5e1cc16e73dcf42a56ad6c7614102abb71e23c0d004dd8fe01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1896 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1896 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1896 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1896 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ced18c4ce5f2e759972b5d5e0f36ab4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i2.cdn-image.com | udp |
| US | 8.8.8.8:53 | www.assignmentspro.com | udp |
| US | 8.8.8.8:53 | i4.cdn-image.com | udp |
| US | 199.59.243.225:80 | www.assignmentspro.com | tcp |
| US | 199.59.243.225:80 | www.assignmentspro.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i4.cdn-image.com | tcp |
| US | 8.8.8.8:53 | i3.cdn-image.com | udp |
| US | 208.91.196.253:80 | i3.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i3.cdn-image.com | tcp |
| US | 208.91.196.253:80 | i3.cdn-image.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\px[2].js
| MD5 | f48baec69cc4dc0852d118259eff2d56 |
| SHA1 | e64c6e4423421da5b35700154810cb67160bc32b |
| SHA256 | 463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c |
| SHA512 | 06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37 |
C:\Users\Admin\AppData\Local\Temp\Cab35E0.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3666.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 300277d4e17aa53aac59e4ff6aebd11e |
| SHA1 | 96b1857e31b2f3ae8795dab75264d03b2d8ebb72 |
| SHA256 | 5e7e6a7f04a1bac5b9f97de8379d9bc6e50ab4cd7712882b5129fa95e3793be1 |
| SHA512 | 8a5926531fbb5e9734def861f88c1771da4eb27b0008ffaf95efe156f296a9e6b090657405e14ba0f14c46c4b93b0256fa0dd343e39ad982c2f1237358aff763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 896dd5c989255f9e4803a90280a3ce15 |
| SHA1 | d85c06e8a66fcb19b59b6c70174a71471c2a632f |
| SHA256 | e1d1ab93784e64dbfa0af96eb6a2c281899a46761e954f084c8ec2210dbb4de1 |
| SHA512 | a82da73beae0c45d316ce6bd21f79d2662e3d0fc252ca974c1da4e70f8021e799f3ce6895a125efdaef82ec8a661e15791a552fe3c9519aa8c83e6e518c73d80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0302665c8ec19b9506359c91886d3e61 |
| SHA1 | 5f597f546bc1af13ac3f724a83d2beb27de3fd32 |
| SHA256 | 01945350d02e81097a27eea5af8cd2b146d190d430f27c1e5f43fa206da8b29f |
| SHA512 | 2d486a3d776796ca4be00102b47850e4eaa1c22e0798bc21966106859a22f137f92df1d2ce5e8203dfd1a57f79dd2a174f7b36ad894da27c17f787af0c963e33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1df21bd37c3fa922b2c524524df9a38 |
| SHA1 | 2e29964b25b37e59df93edd0f3da1f713d8f9214 |
| SHA256 | 54f4449dd6f4378d16862ebad43c9350cadbf3242baf88ab0d6f2fe5c31f1ed7 |
| SHA512 | 54148f6cc698059ae7e0a767c230d20a669e8ad43e8a052c658adea6a7c6d98afc0e3089b024200155815663ab68892808efcc76056102dab9e508d94ec0b842 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6930304939af02cf8b00a9473468f76b |
| SHA1 | 893b10cc9d4a2ef0dcb840745843a469fdac95eb |
| SHA256 | d59fe252ad48f7415e10d80b24dc8cf149f2273ce300f5436aa57e04db9ceef5 |
| SHA512 | d06ac339a2f93b9c5451773a596bd40fa4f07f8832b5637fa1124de2c74ccd95593057a89809f66d8af77b240bea2a1946e199b2dc05bafc9aa02e76ea864629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02e7d1291cfd4444a656ede4671d0b71 |
| SHA1 | 3ad01e0e5b49a0a09dfb03c598d38f1b4ef068f6 |
| SHA256 | 8e157c249e944fc7091a627b3fa39b8aaef2ef721e9ae6ae444bb4ec98ab39a7 |
| SHA512 | 2894e93e55b9aafe181d43a9b1786c42966bb8a1bf89fbefcc88bc5686231bd6b1997e1f9221a66eee85846806910c413bc76b4df44efdebcf82fda2623df1b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58866c6bad23f7ff7827a531e6fbe0c9 |
| SHA1 | 5a939f73530074212bdaf4650ca18e5d0ba4fc5a |
| SHA256 | 299821f92cf7d01c5b39ac6795dd409cff6183a0b57401321a39c40481121ba1 |
| SHA512 | 700f41e641b6a961b26016b8da8cca2f5eccb000de0217443ca36fd68d3c8a29b5598edda0c3e3ea4d00bea535a0b5b020afd1b79c72fd2b18212f719945dc7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e45c0a02f12393cf46cb7b8c3cab4390 |
| SHA1 | 72cad71ae9bee885efdffffb1822b5e2e4146b2d |
| SHA256 | deb4713a307df9140aae97e73da798915421e1ddb09114e81f4b19baa4076a19 |
| SHA512 | 5eac1b5ddb99763ec6490adf080ed82fabe917330594d606c0e058ed58b029495797b4db1f8a16b006a9ca1dbd4b64b0af06fbb3a26b67a07e87bd98f0323994 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca4b280d28e2b9fe6cd70860a919459d |
| SHA1 | 124eab6309066e19d3f858d832ee8c205d9dba34 |
| SHA256 | 52866692656b9b9b6f710f3f959a3315886693b51c26fb4e5d02b1f022ce8c65 |
| SHA512 | 22735eaff94d97990f2a9cec7e83f231df5e013cc57270cd226c65c0c2c0b1d2c61612e3432e84cf9d74d652bfc4eaebfbc5861d14a72c0cf772f246dc4ebfca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac0cde2af0aac265e047c08aa5af87f9 |
| SHA1 | ab3880f3b60c2fd86bb178c19542e7028e2a72ab |
| SHA256 | 51890cedc5937fbc338f5c6dbc576ff14bb7840334213c35f5e11da2b3320fed |
| SHA512 | f2039f32b19a27c2f6510621d57f6f0f57e5d869a401d4e02c8023f874faeca19c66b627a7886a0c8e98930481b64daf6002bf4a026219221d556ccdbd878b36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba31f14c20b92e671a61769105f55544 |
| SHA1 | 75e161919e23977a41e87d79fe307c3f8bf6a525 |
| SHA256 | 494ea4a069f9f58907574af044429620b1ceae3f31739de57b9f934708b1d20b |
| SHA512 | 37846cf0964c8e81aa97450ce8729fddad79eb75e0ca2a13689659c1bacd3b991b5a4463859a420c4dd9dca865b0480e74eb78f32e2feca35e73c9853bd58cf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06770c23b4320bfeafd107f5cd341e14 |
| SHA1 | 69b3d1731e27f36d79819b9cd5e348b71e743bd3 |
| SHA256 | c15baf7ede7895ee281931172babad163b215f7401b73bbdb3b57e1f2d8fb546 |
| SHA512 | 8d9b98b9617458c6924c6c4833bed67f150e7484a216654af6d51d0802c768035907c48eb97bc0e8dcb22a3a4ad7239b8b0793e72ae0f4a8948db3f71ebf51b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4546ceba7c077157246b81c5d4518a2 |
| SHA1 | 8831ef202611228acdec84a64b524d41afba3ca7 |
| SHA256 | 694a79da2c9394dea5063875fa099320fdf3f7a4eda7f134a44cb24cb6b017d6 |
| SHA512 | 03ba405c79c7a0b1f608df69b47abadc7685e4223cc1f71cf4bfa9193a18684422fe625d27ff0e594a7108f613e9c43d38d97810e068f5a6deb1e532f9052211 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e47b02c8069d456e6fe6474708b4aeb |
| SHA1 | 33d96dc40302a3108401eda61a2f5e6d478e6c63 |
| SHA256 | f26b3d7cc4004dca25abd0667ed4ae190a9d169c1e9c00d87ec37a89257d715b |
| SHA512 | 2b8032ac15e57403987fbac4c63b452a9376aa2e3036905e2afedcc974af2dbc0831cebe1a56e9ed68f0e10fbd4590bfb442f5e3a37fea588e4d1ee0441894aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c208450e00b07d0547cc410a1c2719c4 |
| SHA1 | c650235a169f0b02225f95a4c682593c9cbf7ff7 |
| SHA256 | e9d95698420df6da67a227be7a677dda40409c1e122e3b2bb69732cbc474b4c5 |
| SHA512 | ce7f604d38dff4380ff661f71154e5086518fbb322104a66667d9d97bb2b51036e86433ac1b0a030cf64a78dc48b311255a57a8e91cdf7f4dec7cdb2b39a40aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78d180865a9738e6fd7243b562ce40c5 |
| SHA1 | fbb5ea9270c747b75551c5b652849957bdb9767b |
| SHA256 | d3ddaecbee1c145f395d3ba833200a38a638d4d89f1011dbbe5b6272831f3f47 |
| SHA512 | 48390bce743cc13ea5c55f63fe16beb8ff2b769d7aeaac69df3a3283f3be638bd93d4011fc52e607e96db0591bc9845820fa194eea3b859cb11a3fc060163764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e235561ad68ac64ff9cf684e690eee2e |
| SHA1 | 8cf51ecda2b6c08599bd56f516f55bf03f05ffa7 |
| SHA256 | 226506b36d3f6ab15eb34a7eef0728b5acf2479f255d3428c97811d5971e49b2 |
| SHA512 | d83d77b2f3161e1b4cf9e298f50f60f5c48c67a2050314d99604e58764b860bbf0c0246eef6920620c5da22ccea7d0b4d536f8251dddd021bda568e2c1b9cf8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05bb77fb63ea0704447d0f31eec1db3c |
| SHA1 | 6398ad932d200f563f3406b99683c465702a5f16 |
| SHA256 | 284c481322106e84514a6510e1c36fbaf4adfecae24500e01d32d763edc1761a |
| SHA512 | 3341a5b855bbee2122274f729221120e4d60b5362e6918f35f4de29ad98bb613234ed52086d9bd2e7df72ef6de27f8abb2fd7a2c7a40e4c9150b96c64955694e |