Analysis Overview
SHA256
615502c5c1b510bf1b5c67fcc2bb2089fa1daa999816fbf1247150cc320b832d
Threat Level: No (potentially) malicious behavior was detected
The file 9109dc310d7344e22fa9b9f9955321f9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:01
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:01
Reported
2024-06-03 08:04
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9109dc310d7344e22fa9b9f9955321f9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83e1046f8,0x7ff83e104708,0x7ff83e104718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4799668789828142987,10127774354320395260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww2.xn--30986-udb.biz | udp |
| US | 99.198.108.197:443 | ww2.xn--30986-udb.biz | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.108.198.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.monetizer.com | udp |
| US | 173.236.118.98:443 | app.monetizer.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 98.118.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_3696_QOSPGDHTWBJCFPKZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f44db6748725eace1faf6206d05c41c |
| SHA1 | 9de06e9a90152c79ef7364ba3609464ab2705fb1 |
| SHA256 | 5d6722a8a0d02525fae06c86f67eabaad2fbce6fd80a0a7067fb64e2e27abd51 |
| SHA512 | 4789b120d184258688800fc58378e5084d032481c6952e0ddd92e2bf41a4beae9ddb999af28a5e5eee869ae154e759d00d54681e46b19f7b7a995aab0dc1a002 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 269b60a33b6d7d7e012f611691810b0c |
| SHA1 | 0a440fb47ad735a98653392e0db823bdfedeac8f |
| SHA256 | d8cbcef1508691c86f15b867763f62f03155aeede275865686ebcf243e24c2e8 |
| SHA512 | 0a63198708476eb425ccd7a4857b45aeba22360df2da0ebdd1bb57c499fe81aebf727007db4db223c75d92dc730df71b16ef369e655a8da10e7d4a0912021a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d50cdc2561292792270b42a10359b0c1 |
| SHA1 | 7a1e404d1f488e819cd21b76b5c16a392112f3f7 |
| SHA256 | 8cb9221584c1d5a1db8fb5eebe4f098062aa8a2ad5e0a257cb39276882b7057f |
| SHA512 | d0514c6d2cd40e9e5e8f573133d3e7e85274540546cb83f5b5d0955e8ed3439aa3b327eeefd816a9a565b6faa3dad35a1ff23de6f159cf01c7a101aebc72f822 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8707b288e0d83a1a570d9b6f3e57ddf3 |
| SHA1 | 6d42147bfe3c9237dc4678ff5b858617493e520f |
| SHA256 | 1605fa9595a058fef61f65108b00bf07b8d80107e4d8d7105933972fe1951fe7 |
| SHA512 | aca7395144e41d082aa35422d97a037fa05850945cfa276df74fec09b030f6ff127f91df142e7ead1dcf9cbb8e0829ca3c66b644c88aa6af3309b3e427f3e884 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:01
Reported
2024-06-03 08:03
Platform
win7-20240508-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000f7f0023c5083d6667f30f38737fa1f25879bf0b1211451dce4955bc2d714ef2a000000000e80000000020000200000000a2fa251912ab7a6aacb0115771adad01fc960783527bdc50833e944134d79d620000000de53935aefba7a90799ffd429c83f752fbe68dd7c585b09a278e585361b1076940000000fb94d915a4383c387d5a8dc2cfc7eed14e55bac98ad30adbbe56c7776c71d0ff1e3cc5aa9d9fe4a95093c96c3d280036dc883111539324bca180e69cff759c75 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563552" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79690681-217F-11EF-B2FB-7678A7DAE141} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ceb04e8cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000cb96a35a5b249172f577593e46050487c10342919a8382746854a0af43fa1f86000000000e8000000002000020000000302aee4af03fa82012fb93e5107e73b4cae752613289db1225cbde7e4476dfb6900000002faac4801650e88897122f65281be71208bcf10d0ae77fd35d559a774422f5a10a9e4948fda635a7c73fd33621b551d9ef94cde9204370a86ca10c6a330f2bd5687c7a49604da9bac7bf24c10f5e257bb4e8210820d968e5266d8b144105bf014bc6f34fd6d2bae993037764a2ada743413f3cdd20407e4f2ffe39f9044040cdd60854dfd16a2d0c1f42c3a1de69c9f6400000008e1c3d47f896f436ce60d45e284faf82bf9764edcb0857902ef85a019db21f2301dea22ddd35269974a689ce28d4103eab8b12945d8b2b9ccde1f3b8e526bd78 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1376 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1376 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1376 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1376 wrote to memory of 1276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9109dc310d7344e22fa9b9f9955321f9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1376 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ww2.xn--30986-udb.biz | udp |
| US | 99.198.108.197:443 | ww2.xn--30986-udb.biz | tcp |
| US | 99.198.108.197:443 | ww2.xn--30986-udb.biz | tcp |
| US | 8.8.8.8:53 | app.monetizer.com | udp |
| US | 173.236.118.98:443 | app.monetizer.com | tcp |
| US | 173.236.118.98:443 | app.monetizer.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 372c5db33d88d8048c9cdb03ac8e0122 |
| SHA1 | f9ab43a4b42ccd94dfb9f976e64dd17fe99cbdb9 |
| SHA256 | 4725dc76a72cc7ed905f3bb39b61fd0f59ed0ed1f9e33261bf6aa92f581bd3f7 |
| SHA512 | 7d8d09541c50a90ba482fac8c0cb09a1ba43e35b5754cea26c03c9dcbbb79a6eb39773f3d98c08b464ded50bac3cd9b4116e21dc23559d6c1110e248c36031f1 |
C:\Users\Admin\AppData\Local\Temp\Tar3F25.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab3F23.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3FC8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6042b3462029e8edf6944fff05fbdbf1 |
| SHA1 | df580f98512a8d4ce031ace43298dd400e943365 |
| SHA256 | d1f9b7c3dd3a89393580abdbbe0aeae44abc2b5876c62f3d64e2862d7a78d361 |
| SHA512 | 30a86a3e65e6b34defb0ec28cf6f638ccbf525756d5a7bb5eef7f591acbfae0aecbbf2119b78a848917cf82b68b8467c63017e042ffbf5ffb1a904b76e7937ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 999d931d2089a2e49108ecb2e732c6af |
| SHA1 | 9519afd28b7c745e4f1360fb3707b7ffaf2cc29e |
| SHA256 | a3792e3d264f6c894925a8f54943254bc0e9af243743c03fcaa169f1a0b501e1 |
| SHA512 | ec07c61c6f97c8ee7c519dca37cde446b8fa2bd1de674d186a6d73c09fcf3ee65535c1827c4c06c5b566fe420098e9b03284a71d179154b9679ce84e782f5868 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66eeffb3e6fb56ef969161a0ce8127b5 |
| SHA1 | d9582f24f876dbe5bbebe08e99d7afdc69f62228 |
| SHA256 | 70ed93c74672090729c96270424636688b2021698d4d794f90727cdbea46d5c5 |
| SHA512 | ad436f8e6967bac253d10e4dfa96a25344b2d4e1db846245bb15f964f2843ddcba4881925077ff71fced4399089345d4f02e5accd8e9dd058fc0ca6c529e5257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97da35c1ac78f8264c39f5de1ec53140 |
| SHA1 | afbce044786b518e8a57c9d4610c7cd5f4ef60f5 |
| SHA256 | 56dd0f4ba155212d653d330382a9413dba0390224130f653e9095bb52a4869eb |
| SHA512 | 4a658f98bbbe723719128cfab4df254186ce8a11f7bb3a6fa1e3fd8be57ed4f8fe04cb18e43d4dbfc25fa4d017c18755615312fd9af127b985a69bef7515409b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c8f611f47973a5839bdd74f77fcc7c7 |
| SHA1 | 22dae557a2a29aef1182e7226ae1b4e60937c3a8 |
| SHA256 | 369d964918dcfe675918e014d4774ef1ca8c9f0530037993449e73f0648279fc |
| SHA512 | 07c4d95392c923d446db629af7ea1e829760bfe3e04a0f781d2f8119e6f39ca85b2c523a8f06cf9af1001dc458285a3d90f4d27f92a090b438942a5d08df6bbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18a3e1897a86ab40a62646170fe9c9da |
| SHA1 | a3776f33b2dcd818b3f146df83b0e1183cb43cb5 |
| SHA256 | 6ddbf388c7aa6b8b9b9495dd7226e8f6b684898e66e8c7f31131f856f9e32d21 |
| SHA512 | 81368594db28c2ecd9986a81794e3c17582522fdbb9b8d973223e95c49a8a532c3db28dcc8749160fd7131c689a2158592b12bffb61fa5c0637f26e7c957fb3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2070dcecf65e7bb0633ef345b74cdc4a |
| SHA1 | b00953a38236faee5b86298530fcc0af0aa74b13 |
| SHA256 | 50bba91c0f14258113b0e7d89204dd018072234334024782af5b6f1adc4cfc16 |
| SHA512 | a3f675470977d0173e1a533ff9bd7b7da178902f97f9b1d8f2bfd17b27cf5b1be63ed71fa3877b04d8c1e7f9cb01e7f450ca58aa29e53821516cf6fccb1297bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aa903d82f41446e4fcb5f9584dd9be0 |
| SHA1 | 0380872e8ccdd07e2d217a34ba75ede39dd4b7f2 |
| SHA256 | fe9d968c978a56f1476ebc76d0b38781eea8b136ea03f5aba0f0b8e25ea2cda6 |
| SHA512 | d9fc5f78d8d0c029529eb8c7a0ce301e9450d2b9c13d915bcef0653c44404278b6ec636d1254c70e90fb7635c5bf4e00afd2128238a274455065812f7bbe1a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c62c3901489c67f5450875aa7a702a6 |
| SHA1 | 1d764b64c87211528f505093b35efa7959cc3abd |
| SHA256 | 938eba8f4bc8f673e205ed7bdc2c3351df3a55cc70389ad6eb44c1cbd85ba718 |
| SHA512 | 69edd6249a98ed07e2082647a1b8a8eb7fe6a883b945960b9e0f23060df2f0f7ed6b5823f142cb45102405632caf718022916e95054c5741b5433baf459736da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1662b8dd5a79d1fcc992091ef1c17a4 |
| SHA1 | a2f2fc236a58b6b912ada54c7ded18a07366d98a |
| SHA256 | 5325c0b3ef8ca8a660084dfa89883024983869cb1be912fc6744e4e21f7e7c44 |
| SHA512 | 4521dc925635b5e1bf7dc8326237bb8f03997245f9bd576d02b65bd7a9e35f90fb278ab48496f13dcbbd74b8a75da996aedca6e776672f1243b330eabd053f41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ec216e57195a107abb7a4b1df6438d4 |
| SHA1 | 70591e446125723f4242111a6b382291e9857317 |
| SHA256 | f237b9cb1228c6e2a76c53656819401d004cae074a5d5043592a5d57cb174120 |
| SHA512 | 89bdcfdc4b7a35035046c9af58542bd52be5d6303f3b8118efa89cf6a8e75e92b19853f08c0436adff83f2b65a1807dbb1522ef4323f90d1b5feb77772ccae64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b50265d9ab3ac63eb45508483cca2238 |
| SHA1 | 5478c0d53c01e4e14011e05dae2654ff63ac4834 |
| SHA256 | d71d8a1e5496209f7061fdded11b85c2dbf4823b4c4d2ba98afe443946549be2 |
| SHA512 | d54bec4cafdd3cd60d9559cf806518ef8fbf082962678f2c04f12df3091f1903d615f974b3f930cc960344edffe7b88e381202f5931170bcf520aecb10d0c1d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e6ff726e4347d77ec4376c95ed2fc8c |
| SHA1 | 0ab0d37ae9c5dc7c1b96f3c7875cd0e107838a7e |
| SHA256 | 1b21a3cb64b11c8df18df42f845813a37e122b32850307a4c02af91794273c3d |
| SHA512 | acd81c3a71bf9d944f0a59baa0ddaaf32bc43ca6cd76f0be5e761913662f1b03b0432f98787196408bd5015c6f067295bbe0f944d1f4d8e04668626b80951709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 580c873e4ea47e9fc6863a1ac591fd47 |
| SHA1 | 042d93af0513901c64347999311e250a47aa517e |
| SHA256 | 93b96af7a76f92e24ec6e33bd17b5b82cd0008a03b790d48f736bc42e9391848 |
| SHA512 | d7f10eb791505e59b20acc63877838e03350168ce30955a1c04d179d1699b469356ef686fba22dda1bf843b317603ea42e254f5677843fb00211e8d9e2377105 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 188d35ee259062e18d3761f24b5b6a6c |
| SHA1 | dc90d4ef27c7539f3d3b1fd2e8476318da069c48 |
| SHA256 | 15d9f4333d2817ccb12e131beb5b0356aca33faa0d19d0fd35bf3a2740cf7515 |
| SHA512 | d443d42303d024f5e4ced55873c432123651d52fcd81612250de0f01f7ea51e7b221966e9e2d03612c55d9e07f6fa2f0a445cd46cd7c6734db75469ff246ac0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe7929c0102a622cf7fcc40dff4a9250 |
| SHA1 | 9a3e044b597cc8006f5685e3b8c1129e7f64ff67 |
| SHA256 | 8870e9cc0514822e68dbc7ae9b1d7d789b2b8fa91fb4267d7c265211cfe04bcb |
| SHA512 | 4a76d9cceeb4261f8a2737b7823ecb6325a88b1907e2441ebe9756759e68025765d45db00d097450bc1bc432261d2a7f9e9f58dc79b5affd698fef84b69d5f4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70d08e902f6704078eb7561f28842f05 |
| SHA1 | 903f731192a4d210a6499ac67e88a7dbcbb65a48 |
| SHA256 | 7c7408a35212ff7572eb29208b12cd142d1e1e74d2b8323b1d105fcc1d364174 |
| SHA512 | 38c6de998313ab6b7a9567fc7ffc0e6d6a59db6622dbb325ebf7c5ff7faed711bf5ddd5c65e9a6f7adb47b1013f332f19e52e2c257b7baa0dcb7579530f05328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02e41613700c3622037baecf4c3c47e3 |
| SHA1 | 036f586d1b095e81b77764cd418c15c605a9362b |
| SHA256 | c02be20f4e506dc1a6e57f056a99edc1c8775eb1b279e985c6588e2a82e990df |
| SHA512 | 1f16c79e826aa31e354f1d131e3d29ce4e80234c7f492e919bbae6c7d1285b38338fd254050e2279d2d364ae8afd7bac279a9226fdc928d0609363cc047de372 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8535ce9e58428b01072578a4425d8d8 |
| SHA1 | 4af69d8c6c981935ac9042888364782562e966cb |
| SHA256 | b1edbccca20a66857462f8056d53f4ace6f4856a865ac93051cbe8e396a5fef9 |
| SHA512 | 80e8b92f4f669c186e58310a3ed37de4ef46ccd899989fcdeab62ecb1f4aeca1107ef6478122fda59c958910e3e946d70dc87ade4e55a24cd8b67387eb7a26da |