Analysis Overview
SHA256
e2182dd6d8758669d22f06554f36f62b8918b6b87dc499391668d9a26e17d340
Threat Level: No (potentially) malicious behavior was detected
The file a2d991f43b38c338322a8a26be09f591_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:07
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:07
Reported
2024-06-12 23:09
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d991f43b38c338322a8a26be09f591_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9095c46f8,0x7ff9095c4708,0x7ff9095c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12450758817160477036,8502558809115254588,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 2.20.12.103:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.239.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_2668_YAVRNENHXVGZBXQQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cd8c5da0a72489f56ab5abfbb3263cd |
| SHA1 | 2b6a677d038fa108612d7a685df6e95a84b8a180 |
| SHA256 | 8e5898e60d7d7db97b36be32a4c5c690816bcdec034f4fc5b66d19e8a7317bb8 |
| SHA512 | d559663615d09a4344692369f71ea3bd2531012ba48d1cc0ce15fe0650fe4f8f532974f1e9a452201038d8e3bc1f6b8e605326643586ee30b3b795f7d737ff85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 28461202e28b04236be907b568a9ff1b |
| SHA1 | 0be06d40bbe6df7a3808fa81ad883c2cd03f909f |
| SHA256 | 6451e2676b9d1c44a48875fa8b0a3e868dc61168b06b00f82b7e927c5a4529da |
| SHA512 | fa553f5f8056b1baf50b1396278e4be43a1d35ce0dfde0494621f00af7f643a92824f3731e6b6489ce90b788499ca889460e919fc4ab115d34375c1039019564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4781a04a5fef898b0c233a684f9659ce |
| SHA1 | 397fa0c4335dbb10a909f587d2ebee59a9bd2664 |
| SHA256 | 6ba14afdfbd359f512869efd6f18a30896731b7046080a12f6e0608f45cff7bb |
| SHA512 | e839264f67ff5ed6c32f42e37ee119d6475b46d649e0258aee0d6c968396583a76b6693f7e00cdc9476b71f4f042a25cbe5218ca71ca15990b76a7f57ff687ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ee8e5a1201cbc2a976152cdfa64fe92f |
| SHA1 | 72c8f702aeb19d83126fff9cc253f43c046b02b2 |
| SHA256 | 7c6d942b26987fbd8bdb6fe60d603f34be114f47b999e36194df343802bb60a3 |
| SHA512 | 827fd1229346780d6c81277dc0e5ad5fcc8a5f46bf55b0d3badf5b63195050ffd4b3703a390e30a78d88b2b4a9cd6bbfacd2f632029e8fd1f954db2680d1142b |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:07
Reported
2024-06-12 23:09
Platform
win7-20240611-en
Max time kernel
117s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90611b551dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395501" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7FA1C351-2910-11EF-A8D3-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000faf050008a05bfafd61d642fa4962b4e49842c729cbd8eeb4d34857f8ba0bfa4000000000e8000000002000020000000aa48a726196c522e607f08ccede1656a981eecb4691a6c3e407949433038c09020000000fcca8dee97e6d77f17dcae6e2ed0472b2cf5dbc70dbfb4535b8e7d9d172d578a40000000478ec3fb6b44de7e6abede093aa1f6c2e5f7957279f500fb85dc600423adcdcac623fc8c1e723ac7b63be98864358ca6d586791491d6586d7038d8927c8fb873 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000da6a303c4e414a83f2ffe3ab83db76a22ab651258c6596e4f3c8940eb1311b2c000000000e800000000200002000000010fc4a7a4ff2b9acf7b35effbc76b215d97b9502199a943424f78d54cf7856cc900000003ae0adaebd5228e8a12e6a614b7bd8cf0315e94fd93e220d37e6ee98a4a32f44db23dd689cf27ec419bb7386de2ddbb0d3fa47f8e8e4063f9ed3498c738787e4244c9a8820c0d6f8b9e9c9dd0df84dfc06da0c3ee4a0b37baf79af577ed9a06e693d316386f5398bc7b5cc65bf260e5c8e5d35131526c059b03748e02bdb12fa38809aa2056838f3522084fdeb72f4244000000005f78e7e898563ff22d835878fbaaba4389d67c2595ec0198de8e7e013b4d47af735fc3ed7101de186a2688be2c228d451201bcb5cf79784b80397a181130d3f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1732 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d991f43b38c338322a8a26be09f591_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6BFD.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6CB0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f223632d5c16c0c9889f57a35345f594 |
| SHA1 | 4930c1c179682c9bfbec84df2eee1144a506f2d8 |
| SHA256 | 1bac87bb8320689f48c23fccf49e9da1690e635e8415fb73a3ad222122be1d05 |
| SHA512 | ba1e700abd6ef1e00c534c2c4c0f8c8b3978d5348edcc2b35a0d1a90d0b754f94ea4088a522b397fa77d79d71635bbdab865d8e0e09c39a6dcabb182a115bc60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74e1b2df744a2a5acb3377bddc7037bd |
| SHA1 | 122f1f9e4bd180282d9f631a817a45964cda07fd |
| SHA256 | 85d407ef4d705fd42b82d1753424208fac0042679b4f9eec42e72a5642fa83b9 |
| SHA512 | 0b6a0efb3fc2791994cd52590243ce57d4a9b0265fd7e845e828862f872166b2e10d57d08f78963437baddf706e85093e13c6f5d5dea6cdbae02bcd3dd59d38c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9a00c8f6cc0de4a7e6785a2be043552 |
| SHA1 | 81d5951d2734701a9fc30ce136316cd61af5d625 |
| SHA256 | 26bb38dd5af3a5701921fc27d93991a31c4dbe61b914848543849f6084836512 |
| SHA512 | df01feb14103f6ff84021a8439dd926723cb7465c5e77af9b38e7507a3f632672bba60f69a8bda98697627fa7360cc688d6c2e6dfa9065dd4c410ea60a3f2630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b5eaebb60e4e09aa827b6d3a760c3f0 |
| SHA1 | e21e6f55c47aafaeaa12093a0c719fdcc7595e3d |
| SHA256 | 1fb93fd251476318e2cc97b3af2771c4f72c60e5b0886976f52d03d30c238003 |
| SHA512 | 8af886b6e0aedc98a7f40c3bef709e9763c97ef70525720a4ac78d5ee531e3a7251e9eb36abbf4d5f3c5eecc2d045990b3194b7477114b560b4cadbe7bfbb0ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2494477842a2466a951bcd39a03c5e5d |
| SHA1 | cd5b38849b278f273ba610f0f1bbd7a141095af9 |
| SHA256 | 9c47b1610d7848ed92c9b156517bc7638200db544d6a81a1da8d008e9714863c |
| SHA512 | 9467eb1116e5a7e7cb25fb8bca3c35b1b175f07ca4263d52e28e2ba0f30eb651d726c3476b56f9aec9058a15e815af327220672fbf27c724ee5f0ce26c288c62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3637064e2bd5d3eaa636da99ac61c635 |
| SHA1 | d1591523dad312124bace3f48a6f3b7cb1fbfaf7 |
| SHA256 | 74930f5a5ab55aa236d3229c2ccf9d0ade6a4278791cf9f6dbc3a50ffcb13cb5 |
| SHA512 | 70b2a8ec916ab14bfbd73bd16c2a1b63e0ad3d101c995b8af61b40d1d3138c5ccd7fae57e0143faa0916645cc89fb14498b85f6ff139750684181ea8d5fd9e98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4319f70c750f2f735979cd4035e42dbe |
| SHA1 | 5937940b28030fcaa97da9c9a9d43fa3dbcb5541 |
| SHA256 | 4033ddc54801f9ee01e0c35354331814ddc1a4be814b9ea7117ee4666eca2c42 |
| SHA512 | 6fc7cc95dcdf30ff423a7aff7c08d1755e82c09d7e27cb168799821c911cdd7f507e6915098561a6c0bf835b2336eb60c8903bff7b6c0282674c7553bd227388 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 900b7890c03aa3f523b7420a3c32f160 |
| SHA1 | 490abdfbfb6b3d1e7cb5e5d5ac3c84d1e2afb70f |
| SHA256 | 9ea9a53a7d839efcf500e0065abc7bf6ff5d35c5be6b1cf577ccf0eef77e4eb2 |
| SHA512 | 94adae08de5b3fe43d4e4043fd873b2e67069c08f25d911af735287a9e933ac2abdf454246c3b73cdcebc562635c19b94a5cdef57f67cd6bf389140618788515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 456f45286f6841ba0e9625f097addc92 |
| SHA1 | 594b800367cb3078f622bffd2f048e841dde2e43 |
| SHA256 | a4d208a2abe319bdf2c2b1fee33fca0f3ef43dfa8bac0fa26ce1a34cd7894d56 |
| SHA512 | 7554bf7566804c85431decc25f527f35a61d77f49bea9cffdadf83731fee445aa387874b72fa1702d266b02fae9d1cb4341bf5897ebd6c48349b2968c6f0cdba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57983c0d2353582320e25d4a151e9a6e |
| SHA1 | ba48709825580970642b17eca2dd17720b164f94 |
| SHA256 | 9e0c11d80c1b6ae213b3853b23ac0d3b38119554343ea53db41b225e7f593996 |
| SHA512 | c9f9486710e17d29e3f9ba8874d3dcb5b05702bebe9ae76036cc733c653671fde854471f2650c27e3a9a0438311cd501eb4c597569e24b5a5b64d9fe0038470d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1d26acfd4a606bad7224fc35cf4e8cf |
| SHA1 | 14957e55cc8c6b48e8f4053603caddc80dd5961f |
| SHA256 | 66815022b5091c7e57c4c8a85a255ecfc0ff4f2683ee5353c0e4da9c6ef4d9bc |
| SHA512 | f3193df83ded9fadd4e0acda496d31fed97d62305732d057de848e41ae3b05b38dc6d14411f6835dde011df0006d648dafab04c568b952511e0f396cc97e5f59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87eeb319df2580e1862664dfa33564c5 |
| SHA1 | c4c8526206004e8d1fb945308473b8efe80ce8ce |
| SHA256 | 9fedf13323e44e45018ae418c3c5c843b9e3f42d30389ebd8b8d0a6b79b91e85 |
| SHA512 | e97e1a842832cb2db69ad0a9c220f3cb2d9f91f0c5da81284632f7263014a171e54ec54ff0c66328ec47fcfb6702ed00587ff2ae8a38449bb452e4a7f5bc5de5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bbd9e95a8d4781dbc17430613602f81 |
| SHA1 | e946e585ded12478048bd78c92ab2d7645dc13ef |
| SHA256 | 576cfce8428630c69fb11f5d5a698325fbef5ff7af0878350e97974359a077dd |
| SHA512 | e59e0e24f7f6e6ae0a43f00c9b512e6190b9d640042ad221f443540df832b46afa08bb07c94e31387136ca47ceff1dcb33e03a6a62357d2e194f71ef74f49209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 494caaa7c0a684a3f79be2132621c727 |
| SHA1 | 39b496aee3ffe886b415d8304bc539ad8837083a |
| SHA256 | f29926159b6c79595f0b06db01e04f9cbd9ffe51ccdeba3f73876d39ce5bae72 |
| SHA512 | 56e9ba76364da03308e8829921bd2b20134a5642d329e7c9004f4bbeab2264945a4308d0dd77388bc9c9d06a9c3ec8e3aaf42152f8aff44f283979947ba43dbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0f1699fe0772b1325b678949eedca8d |
| SHA1 | c4b2b46c3be002724ef35a12fb6ec1d18da4e15a |
| SHA256 | bbb15e8f23344d353bc08bbc2a42947bdcc369dd3e71578727c820e992c2004f |
| SHA512 | 8bc4be052f8c58cad844a49ff897c38d6e9025c7f9a20a6bdd6b71fe9f0734c425aa010413b518e2888fe0473424a1a4f9d8296709fd260ecbe60cc85f14cb1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e22c3d1f066c6afafb15197ffc79e4cd |
| SHA1 | 7b1f83a28f4614b81475ad217c4a49966e9b63e6 |
| SHA256 | 7ee9e2f044c94115710355de43e43bbe21b5d3a642aceca8336298c486fd1627 |
| SHA512 | a7e09e1d0bfea758a0f1ef8768168a98af9b386678327df80fe5e27a7afb339eb318d88376b8760e002286f2977794f79137afd2956cfa3729340a584d965cb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45aa754ffcea132e9df63b8f0967366a |
| SHA1 | a7d12fae60b18dafd1b56f3b1dd99ab9debacfd7 |
| SHA256 | 67dd6737445bae19a6ba7fdc79ae9c3a21ba96e9b71f1f89b49ce342cf7e400d |
| SHA512 | f67b1bb1c0fc306b8b77bd7d4be1b4e1b159e000c0cf9f60c42bce9521cf1d5439787f1f4940337463a10f3cb298f6975caafe68a7a1cc09fb505fd9ddaeedaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9156b02d8ee0974b5b7a62e3855e4490 |
| SHA1 | f27c938d19d78c71041707c77f747c3076e85d29 |
| SHA256 | 49c7763b344017c897fc97ed8c3df867d0415a5932e301fe9ae5719a002a4a72 |
| SHA512 | b2f05fe8053126d50f70b0e41174adb692f2ab36385f4b1780a3618b1b153f16465fbc789c9d8f64124aae331ce67ba5b80374dee564924630f8e66e245993e6 |