Analysis Overview
SHA256
441e3693164b14311776f9522f8691beb431aa5109107f61c1fc08d17d460269
Threat Level: No (potentially) malicious behavior was detected
The file 910d53f09a9e8e2e7c465d621e1c9457_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:05
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:05
Reported
2024-06-03 08:08
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d53f09a9e8e2e7c465d621e1c9457_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5016 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4836 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5884 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5484 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6252 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | usocial.pro | udp |
| US | 8.8.8.8:53 | usocial.pro | udp |
| GB | 104.91.71.139:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | s81.ucoz.net | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| RU | 193.109.246.81:445 | s81.ucoz.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | usocial.pro | udp |
| RU | 185.129.100.122:443 | usocial.pro | tcp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 122.100.129.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s81.ucoz.net | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| RU | 185.129.100.122:443 | usocial.pro | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | connect.ok.ru | udp |
| US | 8.8.8.8:53 | connect.ok.ru | udp |
| US | 8.8.8.8:53 | connect.mail.ru | udp |
| US | 8.8.8.8:53 | connect.mail.ru | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| RU | 94.100.180.55:443 | connect.mail.ru | tcp |
| RU | 217.20.155.208:443 | connect.ok.ru | tcp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 55.180.100.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.155.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vidplah.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 103.224.212.214:445 | vidplah.com | tcp |
| US | 8.8.8.8:53 | vidplah.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.webvisor.org | udp |
| US | 8.8.8.8:53 | mc.webvisor.org | udp |
| RU | 93.158.134.119:443 | mc.webvisor.org | tcp |
| RU | 93.158.134.119:443 | mc.webvisor.org | tcp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jsc.marketgid.com | udp |
| US | 172.67.141.144:445 | jsc.marketgid.com | tcp |
| US | 104.21.46.191:445 | jsc.marketgid.com | tcp |
| US | 8.8.8.8:53 | jsc.marketgid.com | udp |
| US | 104.21.46.191:139 | jsc.marketgid.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.67:445 | vk.com | tcp |
| RU | 87.240.132.78:445 | vk.com | tcp |
| RU | 87.240.129.133:445 | vk.com | tcp |
| RU | 87.240.137.164:445 | vk.com | tcp |
| RU | 93.186.225.194:445 | vk.com | tcp |
| RU | 87.240.132.72:445 | vk.com | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| NL | 23.62.61.96:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 96.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:05
Reported
2024-06-03 08:07
Platform
win7-20240221-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563797" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050a968e88b42974f90caee2b3be892930000000002000000000010660000000100002000000083771753953c05fea68c0f83a4e019b7004d6cdb56b7b9c3473100b4a50616e7000000000e80000000020000200000009a4f86799b97140d4446265202f7627a0f9c8f59f2635a3814ebb03761345e2990000000958e4d3036a3767880d3949a95dea71a4c112deec99b4804e8215cc8028e796f502bdcaee01440bacdc82f28e01b155cf4a8a7a57658e14c531fdeaab372db252e3f2082fde4649dcb053c00849b17a2440539489a9c14382ce2fa727674abaffb25dfed9a711afa1bf99419718df6cc9a1e33b24e7dc36f9ad8b93f29b3b72f91228e279061130e9882f046a317b4b640000000d9d003000c82b475ccd50fb41300fde5bcbc1d5fa1a0c3fbc64ef74e751c62076123ec408e22f5cf819d4aac02e0b05fcf398c9979e36b819be884065eeed1b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d2e8de8cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09AC4CC1-2180-11EF-BC3A-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050a968e88b42974f90caee2b3be8929300000000020000000000106600000001000020000000a05b12d863c3b5e08c3c8298e95342d8c1065fab212de69216f16a3ba9ddb8c3000000000e80000000020000200000007a82b444a2b8a94dd441e0579e5739e175d4a6e85f763b0baba675db91d739c4200000008047f392737810085f626dd43175b30bc3615b313ea9bbad263f2c04c152e28f400000007155ba76007cdc22813f5b96a79a5157082d02aa74883e5026877631cc6a90422fb972766d0f08ba12434eb65c92f1d77b4ce0e7c89901f91da2475fdef3c482 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2004 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910d53f09a9e8e2e7c465d621e1c9457_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | usocial.pro | udp |
| RU | 185.129.100.122:443 | usocial.pro | tcp |
| RU | 185.129.100.122:443 | usocial.pro | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab12A8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar13D8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 766b2de49c066d1272584f7f704ae2dd |
| SHA1 | 870ca73d6b7e0b2c84227a35616f966c3e3b4c5a |
| SHA256 | 2fd2514846ebf81a72588a036e64692cbbc86dacd24f61acde3fedac41496c7b |
| SHA512 | 9bb50e57345913cf2e00f2b7cac076eace9f169512bf78da4a9bef4c328f5792541cb7ceac6a72b0aa3ad7fa9aec6d385e2f03b85dd97c56649956627aeeb8bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bf509e2a701333dea0b7b6bf61e214b |
| SHA1 | b71e198b5878858e5abe63432951c5eedf91adb2 |
| SHA256 | 88079f16688d32805260398e5ab3944272ed248623a267351bb88bdaa8aed88a |
| SHA512 | 09b61fef4af934ea259a6841c65f2be3bdd72dc65c7bfd816b387d92d2917a620f909194e12faea8b2f68a944c9d20816126c48069d45ac8300818fd7ce20948 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37cd2a3cee2ab2e9920d82597eb1b7c5 |
| SHA1 | 2b64746379146e5041ee6ca5ae59be8e6272fcce |
| SHA256 | bf1fa84c48bc7ee3f3b4a0c378be629760c2bd976fd7b1e9f9c6b5457d301a52 |
| SHA512 | 0ef217402f996deb50aa7635850559059dea57b0e1fdfab65baae8aa69e10843593a032d2448d8b3fda77a5a0299c99cb3e98aaa836ce2067eedfbb966e77441 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09947a1397efb2202e15ca1a63b74118 |
| SHA1 | 164ec145d15681b491c56ea6e41c3d94858645a3 |
| SHA256 | 56ed3e14498ba502eeb54ac7154e2dcb579df4f1df362f2dae4aaca1f10324ad |
| SHA512 | da00a384dbd6168d1c1fec14fe39069b5b5d027e549051809631a29aaf3993a440c47393aeffe8cbcf1b52dd6e019dc4934015d40a5daa5bf59403e626436b41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78ae416901898dfcc20f501f9a54a95f |
| SHA1 | 3f42b96b2309b8744cbe721ed98d7bdce7104a82 |
| SHA256 | 47d7a1e824963c2934f3126b45f1e3c6cb9a82d0ab0187adaee11cb0961d36ec |
| SHA512 | 372947566e72e7c533661acc29d80748fcaef904464b25892543a9c52775a098260cd476b3618cf861010c60e40ba698f57536d509ed0847c3f13d9f75bd45bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 089a1cbf8a05d548414bfaea8ece3106 |
| SHA1 | 83cc5e4f23989abc206efab98c9ec5a2eac8d6d3 |
| SHA256 | 1bd6dd158d262fc75f77a131ab7f3c69c5358db47e68ceb74b493725c6e3687a |
| SHA512 | 7dc49ea1a203e6c74fc0c7dcfce5a79a1cfcc6d8a417d909bf4b5dfe1b5d6c83f124fababc005a88970382ea4caa5ca775dc7dc6d2ec81e98241cbef5fdac43f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75ffe8b9ce10c024798147abd53f6975 |
| SHA1 | fe859c70e2bd8cf9eb9f87e1a078354c7eb19ebb |
| SHA256 | 72490ecf64a0c45cb9747225b9e6d6a70c381255f761ad8d7d06c4f82f0473cf |
| SHA512 | ac9d8c2db02e5c1db62d7beb501dad7c9ca30cf959cd081e5af7d2fb5ac12c8411bdd695f94859fa781176235f8bad4b3df7484fea1a05187e705ad2a6d9fcf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb22fbe78f95228b2ff7d2148b39a4c5 |
| SHA1 | e1c5667c87e0a7967c6741bd9ee16ec216485116 |
| SHA256 | 12194b559e0bf969b53cebefb34109c9ec07d2412ced4f0d29b6ecf7be5aac27 |
| SHA512 | 7c2271f1ff2ef2fb31396fc8876ef0b0afd467e193eed3596df6008e8396968c72fb60acf2f685a6fb18d52b2fd6f6ec439d09990b9a311557342ae78382afd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d0d4d85e2861bab3f7afeab4cde16e |
| SHA1 | 70d869632e427d19ccb07f8dbe1dcf1eaf9bc0ee |
| SHA256 | 084e3d050f7a5b9b55bb6e88890e91559087b3c0790aaad6b8ae6c0a50989edd |
| SHA512 | daaecdf893bc797b0dcbbec1ff6e05a620b5275cdfcb9e4120afbe7ceac487d8732eddf96ede7ec9657e21496222640b7a46d91f474c961246fa2a2214dddb77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffb31e1050e683180552a7f69af089a8 |
| SHA1 | e6a9c81f2bbe8fad9edeb84a428cfae777dfc430 |
| SHA256 | 09b3a9f46d0459c89888d3111eb0014c767bf225e9f3fa7fe69ad5cd7a49efe4 |
| SHA512 | d44d337f72cc4857229c3d92ffaef09d9808d5e05ad0f7accefa51d50793e0f9700a4d974b3319aefbc622c228b9c998d45e76d62fdee020d3a0232953b92869 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb4e68fdec6bb50b31c2529027d2ef78 |
| SHA1 | a0b6ba1673bf84b04983f5ca3f8d4b6d3c3068b0 |
| SHA256 | fe5ed1b45a0d45d4a014753d52f77c58ce26b64b28d925503610d8105a861382 |
| SHA512 | d3238bc482af23d34bc55e2f885b691b62edb1ecaed990c41b0d12132241153875d6d75e75e018d6a7ac2fd073fd2c2ae3aef79e24bfcce7788a6fbcc222df27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5530465da52584c01e94a86c8c4f7999 |
| SHA1 | 68fad3dfc7a43f11a82ef1c6e7acba30431e899e |
| SHA256 | 1d8ff9bd8de19b545f54deb7f8f2e87509b9dcb1a7aee347ad0b8395c8cfb822 |
| SHA512 | c376e638a7a1ea10f1f3a315b046816dd61d0a745c8ae027e15a852abf6954bdf4956692182e077ff74b407bc5b1bd3f9202feb83fd4d5d13615e7fb27c888f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45b3aa7eedb6d8339e63eb9944c9c9af |
| SHA1 | 534408adc08fc08284acca7eaf79347286ddae44 |
| SHA256 | 5c43fd9ebae18bc45b82ef178a80b5ab219aeb706e863491ca6f549cc06b8123 |
| SHA512 | 17d1212168ab55c27e265c471eda0751c9c713651a593c7529f1db1dd2fac61b9c59e508aba0f50168206a85f26b219b58716b6566686bac77fea3a7b8645365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e044f18d865489cc06b4b071b3ef5f9 |
| SHA1 | 66c33a8b24f8b554e79a179130e368cc7f2e30c7 |
| SHA256 | e71a0e5689c804e126974fc7069c6167b7deb1fff91758deac6df809731b8dbd |
| SHA512 | 76939bc8fe16f6d189ada6883c41388dc8683a83a032ed741db31f59fdf3d2f716601bd6fc1ad67ce61e206eac74683d4f7ca0d3706e8a0a97edce339d1e555d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b89fd50f1de712d28a651b208ba72591 |
| SHA1 | 0b0944594b0f1dd7145a37c5cd94e9508463de9c |
| SHA256 | 9e77b848e9aafe514c6aa36d2ce866229614387fd88726f765718e64fdd16376 |
| SHA512 | 6933a0447a9f16ee34465519b40ef1f5342d05cc8003c6f5330aca2a7fb5bc96e8ced7ee5a4f6dcb405535d53015995175271a885b138f257583bb9076fee1b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84ff15fbdcf859de671eda1046b9ad18 |
| SHA1 | 4c1a00a889470be37a0b9afa450fdc13fbd4541f |
| SHA256 | 1fa18da0e63b7a420364d3cffb8cab05c2cbb1e40b8af1dcb84ec6eb83a5b6aa |
| SHA512 | bb88e729e25ef0567b53b5977e720d7dc1b16a5346ecdafdb6a22464b1fc5bed47de7e0e4d60e914679ea26525e181196ccaa061fa9a3db057fc7c4c33529bae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 880470dbd84a1df0ee7b7528581dd938 |
| SHA1 | ff94296deae299fc9fd82ad20bc2b8889546ca04 |
| SHA256 | 988c46789ea933c9674c0a64d8e0c3c0fc0069ab71d3d8200f6e88f3a3d0c8bd |
| SHA512 | a75d194719ad57be0c76ad2e371c6e2cbd01375cf287f120d501cd4993a07206955aa958a4f29877cbe3e85b991a88056246f2565995ccf8bad70256dcb5e394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a947ec124c343e7e1a1ccf45ccad18e1 |
| SHA1 | 8f97318172e636a01c09dcad33d26eb5d57d5070 |
| SHA256 | 664a70bfdaaafab06317b38947e6b05545548adfa11cc7a514d8877e286dc74b |
| SHA512 | c85d516a925b7c3a1e54064d4e6ec22e2f02d2eb6210eec4f15c77eacfb404b231d81153e7b77939d6c3e0c989a194279610af8e59acab54c4092cb9a0342395 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58bfcc854ecf7228faf827431ae0b3b1 |
| SHA1 | aa75c476ddc6dffac4fddf9c391e54814d2ccbc2 |
| SHA256 | 3af56006382beccc83022053bb69dbe716c30efe105f9f64e83660c5a4315284 |
| SHA512 | b1bc8faab337faa5fedaa6f98888908a1a9789d975b033e0ebc5d4680ede8f6c98ce012ae674e5c7aed94fee5eb0f960115d8e16dd6a2592947401f02f2478d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f9dec00634e944eb208f164113f6b5b |
| SHA1 | 711c8951b809ac12bde0347f19e03b2a84f5cb93 |
| SHA256 | 50bc0a1683054fcaca43a071db4e6437d90783cbbc058e9dc3e40554badeaf47 |
| SHA512 | d88e3526433b57e659d03e8de53645d55390e4761d9a124807097579370225ed2d84077bfc5a487199ed281c625cace977241a2d7487e489ec17781f6c29c451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 982d72c55930f40e00958d46ed2bbadc |
| SHA1 | 46f812edf8ae910493217ad3084fc567d0bb45ff |
| SHA256 | 9ae27c8bb7166d6c415efc569a0ecba8c7d28637f0670c2a1a7d5cac92c9314c |
| SHA512 | 2f7c4eb42b0e1e49dc4e6df9859ecbfcbb33f3d1edf9354cbcf0ea5a3e985908dc99ac63b2a7f8be7d41c85a06e260ac160308ce1697d38be12b16bbcb8f8ea8 |