Malware Analysis Report

2025-04-14 03:31

Sample ID 240612-2ykjpsxgpj
Target a2d22df380be575b4d441fdc4d1fc0c3_JaffaCakes118
SHA256 8bdd34cc2b6515496362a2cfadbef2f2b354540be3a4ea87c9d95859f2cafee9
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8bdd34cc2b6515496362a2cfadbef2f2b354540be3a4ea87c9d95859f2cafee9

Threat Level: No (potentially) malicious behavior was detected

The file a2d22df380be575b4d441fdc4d1fc0c3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 22:59

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 22:59

Reported

2024-06-12 23:01

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d22df380be575b4d441fdc4d1fc0c3_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d22df380be575b4d441fdc4d1fc0c3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3708,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4784,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5260,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5420,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5428,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5836,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6324,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=760,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 blog.chrisgarvertattoo.com udp
US 8.8.8.8:53 blog.chrisgarvertattoo.com udp
US 8.8.8.8:53 www.wallpapernews.info udp
US 8.8.8.8:53 www.wallpapernews.info udp
US 8.8.8.8:53 www.1000funfacts.com udp
US 8.8.8.8:53 www.1000funfacts.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 th03.deviantart.net udp
US 8.8.8.8:53 th03.deviantart.net udp
US 8.8.8.8:53 www.rankmytattoos.com udp
US 8.8.8.8:53 www.rankmytattoos.com udp
US 8.8.8.8:53 tattoosdesigns.ws udp
US 8.8.8.8:53 tattoosdesigns.ws udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 blog.chrisgarvertattoo.com udp
US 8.8.8.8:53 blog.chrisgarvertattoo.com udp
US 8.8.8.8:53 www.wallpapernews.info udp
US 8.8.8.8:53 www.wallpapernews.info udp
US 8.8.8.8:53 www.1000funfacts.com udp
US 8.8.8.8:53 www.1000funfacts.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 th03.deviantart.net udp
US 8.8.8.8:53 th03.deviantart.net udp
US 8.8.8.8:53 www.rankmytattoos.com udp
US 8.8.8.8:53 www.rankmytattoos.com udp
US 8.8.8.8:53 tattoosdesigns.ws udp
US 8.8.8.8:53 tattoosdesigns.ws udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img.ibtimes.com udp
US 8.8.8.8:53 img.ibtimes.com udp
US 8.8.8.8:53 fc06.deviantart.net udp
US 8.8.8.8:53 fc06.deviantart.net udp
US 8.8.8.8:53 freetattoo.gnuxx.com udp
US 8.8.8.8:53 freetattoo.gnuxx.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 choicetattoo.gnuxx.com udp
US 8.8.8.8:53 choicetattoo.gnuxx.com udp
US 8.8.8.8:53 0.tqn.com udp
US 8.8.8.8:53 0.tqn.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 fc07.deviantart.net udp
US 8.8.8.8:53 fc07.deviantart.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img.ibtimes.com udp
US 8.8.8.8:53 img.ibtimes.com udp
US 8.8.8.8:53 fc06.deviantart.net udp
US 8.8.8.8:53 fc06.deviantart.net udp
US 8.8.8.8:53 freetattoo.gnuxx.com udp
US 8.8.8.8:53 freetattoo.gnuxx.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 choicetattoo.gnuxx.com udp
US 8.8.8.8:53 choicetattoo.gnuxx.com udp
US 8.8.8.8:53 0.tqn.com udp
US 8.8.8.8:53 0.tqn.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 fc07.deviantart.net udp
US 8.8.8.8:53 fc07.deviantart.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 tattoontattoos.com udp
US 8.8.8.8:53 tattoontattoos.com udp
US 8.8.8.8:53 images2.fanpop.com udp
US 8.8.8.8:53 images2.fanpop.com udp
US 8.8.8.8:53 tattooquotes1.com udp
US 8.8.8.8:53 tattooquotes1.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 tattoontattoos.com udp
US 8.8.8.8:53 tattoontattoos.com udp
US 8.8.8.8:53 images2.fanpop.com udp
US 8.8.8.8:53 images2.fanpop.com udp
US 8.8.8.8:53 tattooquotes1.com udp
US 8.8.8.8:53 tattooquotes1.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 22:59

Reported

2024-06-12 23:01

Platform

win7-20240508-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d22df380be575b4d441fdc4d1fc0c3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ee62e8d93dc02c2040e74bceea36d430e98621629995a6490d07f8af39ad1ace000000000e8000000002000020000000c81af637f17b63b8a7b54ff3eaf1d6d82441052d2bf877783f95e9b99052075f9000000095cf9017dc5ce9b2e418b33f730304f6c52c8cef8763282b93d30e132b9c7ac48324ce2f1b5dd4f76f5d6550838693f900f1474c0fd01c1e2a968d7b9845511114ecc5f923f0c6082bfcafbcbeed00c0a419a1f0b259dd5223144839e4ee6eaf0c3cc805824036ca26bad9eeba7d27acab3dd83ab32b4dc7be51fdf271fc05554bd971b287b280fad4fe82b2c1d407eb4000000069a9a6a912bfd8828595d6c2f28fba49f2149ad6d83a3fc01c98e776f6aaffe6ab0918a212412a71f2b89eeba3020a90a8996cbe608bc0b3881f4efe40a3d2a6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000005e277ea64c854000f61ad05af1e53809ebe86317b67a1768880961b57720371b000000000e800000000200002000000078691dc5c1ca813e0cb02cf05bd609f060fc38d01d9bbd2a08914179799ad96f20000000f6a95747733c395ce97a644fb70f4a23d7053727537bd1450b0889c5d4ad985240000000b6d1cb8f42aae98e36859f1f82ea5882ef1aca80f987022e002eabdc9f31c842260ac9528775964ec244adc3f696bcad5b691031fc4c9bd0251dbe2b1a8f0465 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395054" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9000fe651cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69891B01-290F-11EF-B8F6-D6B84878A518} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d22df380be575b4d441fdc4d1fc0c3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 blog.chrisgarvertattoo.com udp
US 8.8.8.8:53 www.1000funfacts.com udp
US 8.8.8.8:53 www.wallpapernews.info udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 th03.deviantart.net udp
US 8.8.8.8:53 www.rankmytattoos.com udp
US 8.8.8.8:53 tattoosdesigns.ws udp
US 8.8.8.8:53 img.ibtimes.com udp
US 8.8.8.8:53 fc06.deviantart.net udp
US 8.8.8.8:53 freetattoo.gnuxx.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 choicetattoo.gnuxx.com udp
US 8.8.8.8:53 0.tqn.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 fc07.deviantart.net udp
US 8.8.8.8:53 images2.fanpop.com udp
US 8.8.8.8:53 tattoontattoos.com udp
US 8.8.8.8:53 tattooquotes1.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 tattoosdesigns.ws udp
US 8.8.8.8:53 fc06.deviantart.net udp
US 8.8.8.8:53 fc07.deviantart.net udp
US 8.8.8.8:53 choicetattoo.gnuxx.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 freetattoo.gnuxx.com udp
US 8.8.8.8:53 th03.deviantart.net udp
US 8.8.8.8:53 blog.chrisgarvertattoo.com udp
US 8.8.8.8:53 www.wallpapernews.info udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.rankmytattoos.com udp
US 8.8.8.8:53 www.1000funfacts.com udp
US 8.8.8.8:53 www.famous-people-search.com udp
US 8.8.8.8:53 th00.deviantart.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 images2.fanpop.com udp
US 8.8.8.8:53 tattooquotes1.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 tattoontattoos.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 img.ibtimes.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 0.tqn.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 keywebtracker.com udp

Files

N/A