Analysis Overview
SHA256
a07b55b4e7913a212a38cb544a3975e34a1e0cd493b97fc06f593db487654cfc
Threat Level: No (potentially) malicious behavior was detected
The file a11ab80d3c978cdad82497b43d0ae1f2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:10
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:13
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11ab80d3c978cdad82497b43d0ae1f2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1424,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3824,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5184,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5368,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5340,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5932,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6164,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5676,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5840,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.moj-snar.sk | udp |
| US | 8.8.8.8:53 | www.moj-snar.sk | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | urlka.sk | udp |
| US | 8.8.8.8:53 | urlka.sk | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| NL | 96.16.53.162:443 | bzib.nelreports.net | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.17.196.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.106.15.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 216.58.212.226:139 | pagead2.googlesyndication.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 131.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| BE | 2.17.196.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| BE | 2.17.196.145:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 145.196.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.197.17.2.in-addr.arpa | udp |
| BE | 2.17.196.184:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 184.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:13
Platform
win7-20240611-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366897" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405af2bddabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c24725272ba8cbdaa80029bd67bb3412f9ce74e11fe2fe1255e0f442defbacdf000000000e8000000002000020000000e08548331a605b6889b14c51f24ef1de004911ca6aa16c59e3745973dcda413990000000935c6554fa38ad7bf2cb97757839f566a9fa73c73d9af407dc07356c8cf1c2af27a6d514954537f79a82d9d1a09a9559defdf5f54a2e8ab367fba6a36f08ae4c83ddef6c8bd79297db57d5dc31b115227469a6300df9663979a0547a4423d0870ee076781ed4a837c9ee0e9662f4d8830f1503fa76bf56db26c40a157cb1a32b8a65f06c7a92883fefc7b1f3f80897184000000087f31fa02417f7659040af00b27d285b199ec7a77d8b6f476d8a6a7adfabb83d83dc6fe6eaad094d62c4f8a8cd12d7ad75160cd1a347341653f52d46a327a2f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a17e348f6c0c5171d4ecc0fc44093086cb4f7cdf780ffa55f8d72edc603317a6000000000e80000000020000200000009b4baf8e064d29362598b8cf606119023e4d18d2f9b2e68720b2229fbccb2be3200000003b3164e0024c82bd50c595926ed07279f7897db5ccbea7d81fec9670e2c66b884000000061a2f6290d8f30ceccb9a001c0d3a21d7667bbf24aaf5a9b5a1d8e74c6b28b02557687b12b4eff5ccea1e748ee633ab5f103cb608d5b5f6489791dde42ebfca1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E856CC81-28CD-11EF-A490-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2108 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11ab80d3c978cdad82497b43d0ae1f2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.moj-snar.sk | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | urlka.sk | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| NL | 51.15.106.134:443 | urlka.sk | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabEA1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | e169e73ce9052a460538600ba89eaeaf |
| SHA1 | e83986b7f3be126b7f641af253869859e6100a5c |
| SHA256 | 16309b9186d1203e4fb968132459756ac109a6fbd53b3af0a0d7919b56935ecb |
| SHA512 | 94c3b7c80228e286f34837b35b09753e9385a884784c54fdbdf048cd07139da2e35849e39d8c906cd12070ae6ba45107a17b0200fc957180133019829a38f3f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\Local\Temp\TarF61.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b510c2897085bbfe2f47fe43555eefd |
| SHA1 | e14cf155991d20a2c4fbf40ca05b13db9d59da19 |
| SHA256 | cb346212903df426b28d50d3074a49a04365fdd1320e07ce1ed77f197983aa13 |
| SHA512 | 05ffe07f030133db43143fa5f53e6d8fa9e1d2c279874d404fed5998d73df87be1b016201eaf6a4ad317919f6f3ad739e0b26e1b6f5df897c64a87317547b921 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03760baa8ec0c4e6f6d4449805788003 |
| SHA1 | 3036e77f463ee66fcb1bbb8abf6797e1d7a329c2 |
| SHA256 | ec139331b87e0a5150d93cec1e7538058317428fa9007ba7147c2fcfb5071a65 |
| SHA512 | 8295676c3461f08ac87295d42fea169543913f73acddeb7dbf55a0feea08e58c25819d6986e7b1fe835945cb83cfed530010bf2b122462ac46a57d22778cf49f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\477ABA9C818BF86D5C1FA38D24247F43
| MD5 | 549f9eeb62e06da4d57a11536707f239 |
| SHA1 | 8dca8143ed9748bb6dc3c811a4c24ea813d50b58 |
| SHA256 | dc2714e09927513803a07af6c9f9acc2eaf639d763afcc526b3d8c3012730232 |
| SHA512 | 2f6260d296628553d1c4f2affb9ccdd1ed07072120fcc0b2b60a4fe91d7b30aa6e800f969085529d4f86e68f3ceb1bc2cce1bdff220e1f3854921deda30d43a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f4927b263d7ca0c3cd958e977f82fa6 |
| SHA1 | 68cb8e8126ecd2a09beb35710e156ac5590f78a5 |
| SHA256 | ca5312237c4140d0e8e12b80d97371ee5117a836485b965d4e63bd767d2c2458 |
| SHA512 | 8fef3fc2fd9017a62dd8771548efda193dd1b92b6636cb42c28a99d55fde8d3a2b964bfba4e7c8e966f29ac21f1fd2db8a5974369e0a3b1e4f28e1b91fd1bfe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be8c28853c1ff5109bd6d8d264eb369a |
| SHA1 | d5ee8bc07dbc127beb98bdf0ad55ee23715dc470 |
| SHA256 | c267f28380e0611f82daa1e27acd7e3212458bb8608647d8d48fc47c831d8d18 |
| SHA512 | ed4261b032e5605098f25990ef95c2cc5842fe223c2a73335e42e468ae9afc82c53ae9213b8996ab0eb0ec3cb1f89414adcf97047edebe9bbb00244baf6faf86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1547fa17e601aa3e9d3add753a9c295e |
| SHA1 | 8f40a8f45d8ff25eea73c5a1c2213899c0ac5270 |
| SHA256 | 8bda7ecd0e3a6dafe47c126ad1fa377c71a7a97fd2ed9a9141d998c42e44cfc1 |
| SHA512 | d6af81c596f64e4175b13ad86a5ff78e714148994c227897d01c120dab43b5536e2a0f6375782fd646901e1f4a54b3340467b025f64eafe8c71be809ff68b927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 015e72d883554df2361664db15acc4ea |
| SHA1 | f374223b43ad45d8abc03e9881eca011e708be80 |
| SHA256 | 6caa69ee718b7fc674b4a3ed5bd5d4c67c8337aa308ab6bdcd78e47c4e2cfee3 |
| SHA512 | b984ffec1dd0422982f2e4ccf928bbf64641a84433fc9ccce0da3318e846af0aafd5d8b608690164f26f89fc1eb8ac9a435393ece582091266c9cacbec61af62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f9c9a96404d10c719f0520a560950b8 |
| SHA1 | 15f53569a008add5c99b439d2f6476e03796c8df |
| SHA256 | 9493d4cfe576153fc643c098bb503de46a78259def751603a9f302cf037c4f85 |
| SHA512 | 4a893fdf58b3a3dd0add3c57d59c8ac06a76bccd53a2f9de3306539d7240eee0dedb66de77787f62089716323717b5b506e1cd1902293acfb0f524cfd11b8f1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2450471578a25f21b5bd23295f8d05d4 |
| SHA1 | b5a97ca4cbaf6da36eb883024118309553e3c039 |
| SHA256 | 84daf2093e0efa3c03d040b030a87f58b97e5231b9f22ecc1932b9d120262333 |
| SHA512 | 8b7074d2c0c616637629b65f40684914111c689ad0d68fda2729f0d0f5f0d264e60feb079d1e6b7dd7cf731c2bb57e9bfcc5f75376c940aa8d7ad63baa484c84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bf403bab732802334c1007a1562eb43 |
| SHA1 | a028cc9806a45dc30631761565441da9c24c1606 |
| SHA256 | 52ae724163c89f2a8a874fba8688a469964c5a58343cb7e14cd775d0e31ef4b3 |
| SHA512 | f4cde7e7108a90610bc2d78da76aa113b2b20e626987d7cb83930bcd5a6a16da5b4be8474ad6ed0f1ab74cc65ca5b1b11dc0ddef735611126602939cb7a84ace |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d086c89e32dc1d7c054eeb56bd61333d |
| SHA1 | 2df4f2e675b8adff84098497f9e94a74da512286 |
| SHA256 | 4e2bdab26c335681e88a872f4f6893aaaf7a8b330b52363b6243f896fa62bc56 |
| SHA512 | 0b323f21ab286e61951a91e4be6a915106343a843095165d92a57ca2c41cc229679333cc811ecda72e003c8c2a7ffa8f35f9058db42b96426407d1317d882c18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b57c290b2b92e2492488a1478e6af60 |
| SHA1 | 51687855742685ed33d135c0f64ddb61093dc690 |
| SHA256 | ae3df2db8e438af536235fe1cffe5bee6caa483a67f8976caea1b813a2f69ff5 |
| SHA512 | 6360aaafa592a19e9ae7edae0c39958bf304f13d148ecd4e5838121ea87c3757d24af10d78e9e81d730a449f7279b4bbcac0be6980bea46ade0f9a351ad80152 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ed04cbeaec0d562b5e8df8991f94729 |
| SHA1 | deda8f13c750de34f773b61cbec53477dc6f2341 |
| SHA256 | bd08631cb0cc4ec01d08120c94d9509dccf660b7092c5e06c0aac92228768cda |
| SHA512 | 14753012e4062f11ab31daee29ce478295b607a1da538939ffd33fc322d6c45566b9e2eacca0fa2800a286227351e6551ee2e228c649005eec7ed8efdee329ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac2212244ef48f7d16218a2cb2d39020 |
| SHA1 | 8e18f420a47a78234b814c211de0e35ef8768909 |
| SHA256 | 5e1ecf5f878a5a44a07a2d79b2a7a74647d1f10c45ddd061a0bfa368d8a71587 |
| SHA512 | 29208849092afce6c4b611f915611918cd4c0567a328ecf387de1a1ce612b3aad3eef45f33a7cd49a3683fb6b58498a4dda5b60256489dd8d06aadbc2a480c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb3fec801119a4c71b116431f2864b78 |
| SHA1 | ff39eae3db345e331a326247e207c80100c59d41 |
| SHA256 | b1a3908f5ac178659ca6fe0c1fb8fad24522d54190a4b24519c163b9cdc39df9 |
| SHA512 | dd81df370cf06bd24ea312958b325ebc050677f5706d568ee7458e6900967ceb2ba2009e1c65082dab5255f96b484d41fd80b0b7a70d6d341bfb64d9828582da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 397ca9550678ce326a8e58c9659e0cbb |
| SHA1 | 239ce1dd954faca932b8b16be72438a34c4fa811 |
| SHA256 | a3d77ee4367a71f981a250c0e8020848de60d0137fbf986319995650305cc59f |
| SHA512 | 1100d1ac5e70b6518119d4e53d3d7fa700d644be985f89df4e63ccf3ba103701b8aa629f1f30103f1dc26c83640146e9bbbf7060e708294bd9b0335f69fbc02f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aeb262a32430837f4aa477f7105f5bd |
| SHA1 | 63367d24cea8824c5262cd3ec5891d14ba5d819f |
| SHA256 | 3cb02cddbd241e360f54c412a970428563fdf981d57ce983e1ee476a924fd49d |
| SHA512 | 7488224e7fa664157de63b542b46e79ca3cb4e61ad61a738c88e491e41bee9104c9f7ab441cdbdd24d588aef0e24976338035aaf71025963623fdbdf6ea880bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ed3739107619721f495536146e7eb0a |
| SHA1 | 2f3ff597fe44b216c4801923b995ac3ac3cd50c1 |
| SHA256 | fb3411570f9c325f20135d7ce618a31593ef56a08c730924b8c3a195192219a2 |
| SHA512 | 38a2936ecdd7cf90240e59728501ea8802c3b50a105a40597da29de38851654abc785f14d5ecef8e39ea5cddff45ec4e9827f3e6b842ef6ab5775445aab9442c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 042980f8d65e38e90c8dfd724e72e9ac |
| SHA1 | 3c1bde3cab6af0d947e08fe3e703550e43ba4840 |
| SHA256 | 2b0e5e28ca978f6fec854cb4446e0526aafd4e8ba1aef7a88d57116459e27e7f |
| SHA512 | 2d9365f0d592981c8e3b2ee533f0ad1ed00c90cf19974964f086911926278eaa008fb2af07afdb49e619582500a3d4a1ae700d53fb76c2ea4df07898a068631b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4851e98b6649759703324878ae95168 |
| SHA1 | df5d0ba831507acd33ce0d79e830f8c801af4f41 |
| SHA256 | f2dfa2b6e919c947a3278c8c5e0af9fd1ca3bfe7e094b2c1679e21a1cb93903d |
| SHA512 | 1b7bfcac0f9ea5c7847d83b422a94a1833a8915c74ed0ec9c155ff96e421b75a5cb80d17c20c8efa0450d076ca6190139dabf90a300dc35af701e9a040e08b92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | accac55fe3cb8a226dd32b995528cfcc |
| SHA1 | 212c18f04f2ef67ea66e06969d34ce58812c74c1 |
| SHA256 | bd1a4ace22c649032f782ebf0e5cbe12b257bb708643597bc25e32d60cbf298b |
| SHA512 | bfd7016557b16f47cd2e722c857602e24af49e354dc8d5c497a6a4f1248e3acae7245d50f50cd5155f88a27776f6e7a1a1cb1fa9ad7a27c9397e235877dc5b3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3ac6dc8444a511b4ea348803073b71b |
| SHA1 | a444a125afb39cb8d0baa74be13a8e6db9f65282 |
| SHA256 | 1f23220cb64f7e2ed1760061b05e31c96c43fbb16c22aef71033cfc47968c08b |
| SHA512 | b5f2bf2179ae6c875e0e7c07c39c39d08e4fef2685353b0ac1190c4ff55551f0713f1cff8fedb199c0e64a54ba375e61dc08ce6074fff14f8d1fcb94fee2b408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a14a008db20b453e403053300513f3 |
| SHA1 | 3cafb5e7920fcf694f19783daba6052cdd3ec8ae |
| SHA256 | b144ac846f1195704d9cc6f4ca4613fad3cea625f69b18dc0698773581884cb6 |
| SHA512 | 97ed02c9acfec8339c79d8816c40d6f7a27696f067154f152bf9cfec098caba36b9e18a3f0061a2ca260ae31c773ba84948eb80eba50dbf51635e2cc7146838a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc02b977354f09a93e23d536639780c8 |
| SHA1 | da5f29b0fddd8a0b3c457a55d596054ba47885e9 |
| SHA256 | 51529362b896aad68efcacd001f2c6b682e1288cefd69eda8c9d2341dfc3e155 |
| SHA512 | a526236b49b4a30871924ff46bf4867f5eb4fa42fb3587521a297c7acfbdb6d19a0e88f0d47a41ba963f18ad8e776df122b7e360c64dd25856e53998691500a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e8cb2c290906abd918f8140ce1af6a0 |
| SHA1 | 7ec045521004afbe316bf3befeab638989a6d83e |
| SHA256 | 20626d6a3f6f0030451b736637d4bbb571f51b3b6cc612607763dd07a9bd08a3 |
| SHA512 | ab90b8ada936351031a460aed9816f862c801008a3979cdb06c923e84537d58236edf7222abd65b5cb72fdba1c05ead39b0f0a2509efa7caa123249f08e511ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0642b7ecc367efa11a2b0c0dc19c4369 |
| SHA1 | 295707445dc1d671841761c5f88f9dd86f824621 |
| SHA256 | 7a3ba225b1d0690447acfce26d4c64c82bd467efe0c020eb7e6227080cd46c0f |
| SHA512 | 19ec4be194d5319544170c04d18edb5a394cfae456b585cd821cd7b1cb1b1a1751904b1bb62c89cab441f2ddff43eda98132cfff82f6ba1cbca8f57c49f0683f |