Malware Analysis Report

2025-04-14 04:37

Sample ID 240612-vqw47swfrm
Target a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118
SHA256 4a98053dbc8b891462d2331a617faec51969e50ac7f3c3bcb91a3fb450e00373
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4a98053dbc8b891462d2331a617faec51969e50ac7f3c3bcb91a3fb450e00373

Threat Level: No (potentially) malicious behavior was detected

The file a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 17:12

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 17:12

Reported

2024-06-12 17:14

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3140 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3140 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbdf746f8,0x7fffbdf74708,0x7fffbdf74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5884 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.sharifpost.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 151.101.2.137:80 code.jquery.com tcp
US 151.101.2.137:80 code.jquery.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 172.217.169.2:445 pagead2.googlesyndication.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.139.127.13.in-addr.arpa udp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.114:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 8.8.8.8:53 114.107.17.2.in-addr.arpa udp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
N/A 224.0.0.251:5353 udp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 216.239.36.178:80 www.google-analytics.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 224.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_3140_VBGZSDIYGTQALAOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b431f1b1369b702e792909994742a286
SHA1 7b81e1f307d334936c12647353ae7b49d9959e25
SHA256 ea50e511c4868586d4b4efcf58749e725c667714a795143f34caaff25797e8f1
SHA512 e656e2e3f40c79c31ff95012ef0a66d24d75afd98fa2032b3124d1095c6b778440f050134fba61ad8fc0465fa02a591107fb99062b4f51a4a821bcc355842f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b305182ecee45b9eb2ce7cd8b9e6f7b8
SHA1 2873e3cf00cb6388ace7ee171e158dfbc80b9de2
SHA256 70f7072cffa0bfb036b853761584c7d00fd48c9aafc5f5ebe8c9456f104f5fe5
SHA512 170c340e4917dea5dfcaaa875200014327f540ce055cfae352b76ad014cb9fbdae8c22995a476094a37effe176e5102acc8763d3615be92b3bf7137f330179e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12fb049fe2807787e4bf53dff4d90828
SHA1 0b08e01aee6bf3cf8f42f1e016a1bd12fd88df8e
SHA256 3ab239080d872d67241bbc76a55ccaf5e46b1ada786a9f1395a1139937f16101
SHA512 04fa71baac1c0d225b49c39f87dc32a7ed23ed85ef7b1cc611d271d9655a330a0c4438d4ffaff01a4108aff76c6a184ee9f194d9823d9cd3b22e087f2167f945

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d4b3ca441194fc9a5d699be272d127d
SHA1 b2e011b177fe2121014653111a8598e2467fcae3
SHA256 1f26df95d0c540d3a658efd6147176e3cc0fe556841c9a7df3164bdcb96a2fcf
SHA512 8fa5656c9249d78633819fa8ae49860dca6222b6edb9950cc3e245baa5266c527777e3ff129b8185ba89607b2a44b37993c8340da934af73e8e769d5ac01d992

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b565.TMP

MD5 067355abd37b5bba9198714c1207b56a
SHA1 f952e1614052e76ddd55751f062e299180556259
SHA256 08e421513e03c84ff75826a7848d92a747b50a0e7e9ac42d828d69db01f6d57e
SHA512 40399e7259e0ec17a293e6d8be7663c7ee5193527d551b30887d4cb87441a99cf87fc9b97bafe944077558f154c90699f3c8fd068b2926cc957162a77bd9c613

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4163e463b10dffd42cd67121339ab71d
SHA1 130b9040f18cb1dfbfbece7c2648e7fdf44ff5f5
SHA256 94be9599d69363c0afe12f37c077e3856bc7b9148c6578f2253c4ca65b5fa6d7
SHA512 b3b267fee467836c7042244df65f54ee46051aa98d9baafb18200cf729f5497dc84acf16112f207ffbc2897076c941283942daeb5afa855a34654fd1dd8f91b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 657d80e778b39d653587f8847338262f
SHA1 99a4134362b9df2fa03c4e8fb3733518b6846a4f
SHA256 629624e44c2552d545840929a840c367d729df1d532db9e340d39a0c51d5799e
SHA512 ef63b729f03684d28865ee445b07279bcf39d542b0729c646fe5876ca45158f80e6b969ad5ff21a6c98bb449589a2aba03c1a811241afbed4d8318561ac7656a

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 17:12

Reported

2024-06-12 17:14

Platform

win7-20240611-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000084ea3a37ddef794040c5c7d9dfdad3c818e0befaec5d3f650cd156906d5a95b5000000000e8000000002000020000000a9cecc64dfd307cce8ac0e30bec17b47eb8d103980fff63ff8779c129c44e78290000000b554e332d95b522038ffbc398f7c5b0c139564d6e4d7dc22b60407d5cf1780efc6c898fa8e5e9abfd443ec069e04377406ffe46b69fcce6e0f129fbd21552fe20b0c68551899e670da14d2959a60fd46a94e9b9dc9dc5e8ec5222dde520e28fc25a51cce7170bade358e0d880a9f40db0b185fd79c82c6caf4d95818fc46489f8d72b17fc30466a17123727f85d3588d400000005a46219bc2931d396643a4654ced7b483b316883e0cf87bbf0a9319c250174873de7a35790dbf65b94d8c3f553c7796e4f71cf3fe7dc8056b9fd24e1fea16674 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f0c1c1ebbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E93BCD61-28DE-11EF-9B2D-424EC277AA72} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008554d8411784786444180a9a03f3c03b0e6d88e3ae0bd616848808e8564b32ca000000000e800000000200002000000029bb8faaa0c99e1402fec8662bb22f623a4690f7fad563e60029f662c46d814520000000a046e8d9840d904ec07783b641078d33f8e10a758ddf7cf6fd49b437e5e3cc95400000006cd0c0ffc319582c1c69b17369fb3802263550e65a16ab4fe9043afbc41ca36089332cc1b542498c81f9f535e258253c50fa9157fd3e2852b319050b198daab1 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.sharifpost.com udp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 151.101.130.137:80 code.jquery.com tcp
US 151.101.130.137:80 code.jquery.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:443 static.addtoany.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
IN 13.127.139.246:80 www.sharifpost.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
IN 13.127.139.246:80 www.sharifpost.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
IN 13.127.139.246:443 www.sharifpost.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2EEF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2F11.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2af940fe3b84f8674f99ce54eaba2c3
SHA1 a263ed5758219944a86111394ed62ffe995764c5
SHA256 cea83d39bf6426304c3fae48e128cb993b4a6be28de5895866d71954b215f8e0
SHA512 57eb4dc3d9cc4663d502c3f0224e631bfacd01d9beac821f484fbc9d8a64e565a86066bf78bc5faa0e89857d3e32f96cc733fb9e9452e8c9fe07ff132315aad2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e1646f1bf08a24cd8300c05421f6052
SHA1 99dcc0f0df045f229bafd4232b6c1c14afb14c80
SHA256 f2260f53b5198bcfd10466346ddba5be6474debdb5db13041dcee7776d83f895
SHA512 9156e37473ebcbaa4a4a489128d7605d1d9ed01af5d776ff414ec75be8fe419e1494c0aef5e385d47ba8272f8cf3a8b329cba0a9f170b85a742f80e35e5a061a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88bd860fd1572976e742e9609479ab26
SHA1 7f1a25a9f66a6a309c462e26888518eb7383c450
SHA256 d25354f1cee5ab0329a4e4134ecf5b0139d42737f3ab386e3ed00eb9d497142e
SHA512 bad2f587f0480e92d145986554e7fbf0c153eba37d0954c6540a76612abba2a185c4493b91fa558ac3a8f615f1cd9654852703ecd6ffdabb0e33083ae16a3e9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb81dfa6b0581e84d50e83ace0633a6f
SHA1 81dc3a359a18b8dfe97702b7677dc21e2e75d12e
SHA256 64ad92d72c4d9e7a881bd7fcd28995ccb43116cf4b8b08104cf066d1687e80ef
SHA512 9448b1e05942d5040e50ebf03a7e711e1f52b5d4dd81d62389f9a95734d7cda57954787cfeca3263c9948287256cd599ce4fee40becdc5cf645898de7aa9df74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e005582596d98d4c465cb226a35ea0bd
SHA1 b43efc3988f0c11caf7f0be6e191bae854f1095e
SHA256 33d9b4aa7572dd8374b8c450375a645e5a1e002c0a7b43df4007791b20bdb2ec
SHA512 51bf13fda638dd6298a2f409641ecf47d77fbd45af50cab8d8498fddfeaf61c3f31b5d7b884b0a062650418d0ef195c5251142c48fbd110c957a7c9c9bd0041e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26469788e2c01cb80e32f42474e1afe8
SHA1 939a2c0f082ee7cd21935bc23d4c8cae69a25da4
SHA256 9418f40432aebeb877d6be760f2c83a445dc0fe315c46aae9da0787aee93b604
SHA512 089ff921a949add8f21559dbf7e12f65f2d46a4f8d6d70399724128acafd7ede1ad9895674c0e87072dbddfd7aa32d709c5c3da89545f657394b61662c68c768

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be8f09d5ec4fc3b7be7deeb1c87a4cab
SHA1 c06d53af2519d51ece9c802bb817afa1ea7afc0a
SHA256 89945a8f974dfac1c97e430a67d0cba7b085a351159f429b4361a0eba19633f0
SHA512 6cf1c7fc9b15a98996cc1e8d177f0f21019bdb37884039f729bb59b8dccb9b1e5a0c3f040c6a235bc7e835ff317bebc01868663ed2a1bbc836aadf459f8a6f64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9cc200c7bb28600ddbad7e6599c6860
SHA1 b7f04db5db2d889e8737564542c89cd570ccf415
SHA256 021d0188332873b2785df39c3db3deb787ff406eedc7e82eb6e643c28075e5c0
SHA512 6c89cad6c06ddd7230ea131d85a42a561cf87863d26a8495b28b77877251ee2052830fe7bb7dcf913fbec2d8892ea60e8f991fca13aa498ff6d3cfaaf0097599

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec53b4e2e4cab349d4c08532ec45e995
SHA1 e03a1fc2da3da95c0396b662f9bf9b2ca43eb346
SHA256 3a47ae20d703430ab7fcfbfdc051be95ea5ae741d3a69bb72b8ded0c15dcf3c8
SHA512 7068f6caedb8295f26c53e696d24b7b57db293a72c3f6a0af08ec25af6db63700ab8e1ea36501877804e25bc03f2b50f81a1a438a3052a948e200de01e7e145e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b9452d7e9228cfd7e3d3212e6f84cf
SHA1 4c47df85d2a20f0399fd3d74fb9268e6d44354de
SHA256 656820d18f42d13e9a20f3ff5da1f489f5c12ea72acd2eb4011a099618e8cdfe
SHA512 e499021903491cd51eef5c696dfbd45c4ab02c649017a15d4712bec34cb96894937ed2ee4accf71f2c4a3d2843255112098085becff3b72be8344b2be86c706d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd5d793b029f6e21a2b4cada4ec03187
SHA1 a4acf6c7414a0b0ebf57b1c6099d875bb9e25459
SHA256 ff2cf17a01197d48b13553b2c6067d80325bb2633062a5e23b4acd2d2cde470d
SHA512 92364602da4bf4c53ea9b73e09ab056bd24c48fb8177112c632d4a2dd7d2769d3f0204e9123abc47c40f6de273c2fbec1d72121a01cb1a154aee43b81e10b5f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df0e654c9ecee3216f9638986f29d4ff
SHA1 75f450d6e996ae5ff765c4afdd0530aaab439ab6
SHA256 ab2cd766dddbb008e3efddf114272d1ab044c46464317213275e9b8b29c468ad
SHA512 67d6fc2082f4c89abb65064c18873ad8b3016e70d7932246fd12ab6d2116782639b2c9c7c165e3aaba50f693273896d1d59e63f7ddda32923fccc9a2bd004aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cfc62d487b0001b62761c67a1234b4d
SHA1 c78fe3ba8eb776a1984a84e22cb856d2ea72ad9d
SHA256 820e07b14a89e6a1c8bbdcbb18d6cbaf2251258dd7e9aad9d7b334675c885614
SHA512 e72e56b3289c051f307ad72ca16cafcc9ea0401372c9dc2b574d7f460d85aebec22b7e3af8afa72ff5b340e30af0d1e29c68b96ad81294596b7b59b5cc0b343c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09326ec4243a1fc915988666fa6835d4
SHA1 dec1ac22ebce4e7225636485d64a3b209f9d7373
SHA256 c0f2f568b583cdd80813acca08a0a842db662b31ceb84bed974372bde9077a1a
SHA512 0f05ca2a990c852676c8c4f0cef7fbfb5e3ec4e86ed6d11d82a0597f62988c7e4fd5535b22e5c94e8c873fd2e66d1c1f58a2712568f086909f0610553eac0d53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7199103aaec50fa8a67e9d1bc4d1a207
SHA1 f3df1edaad8a52e3b8f7dd9817d316a290053876
SHA256 fca00e3b184ec21bc8068d7b18558b5cea9ea0b6123a29940f5314c47329fbb0
SHA512 9f11778d566360431f66114dffe162044f9249273c5f737dada3cdbc80052f25c2fc41320168dc61a235e092f0f15386a8e55a866ade4db81e7771a3ed8cb809

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9e4eeb20f9f0eaf4d5ab1ae444f08f8
SHA1 343e8fa4877db34a9d40ccbc55361c77ec1d9d36
SHA256 6ef69ea8ed49b6f056c345ecf3755a49489d60b5e3798578f628c89d594b02c5
SHA512 e9fce0ad3b675d6997b7998db9694cbe1d202d4aa0cef33c2b0526cf02b913b9d707047a141737c2b49838b357d923afc8b49ef3c1b9c9e5eb5e593b4a70f5be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55b73fd659f32500762950c9af20bc79
SHA1 803bcd422410c35a864146ccc433ff98cb60fc63
SHA256 ba8ae7d0eef477861c486817dc677dc17a15b9b09bb159925c129638d2159231
SHA512 4a114965c272b8962ad071b5c1ed4a13ccd2216012916dc05dafef6e0556283365d43a95488153be0ce42b44613645c1c64aec877ff63b935dcb8b06d95e9744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bcd1e860a4cdc008592344d59bc2385
SHA1 170bfad3c188f9507ad16d337348ebb77cec3240
SHA256 0280631bacb25ad6b5fe2ea37ab2941d8fcbe5062d7717ba70a69b117d9cf3ed
SHA512 11af40eac9ab5e7a373298263f8f313bff655a5e8893608b48edf915f27bad10c6873b41bfc3a888d91145eea2865658c28273f14cf2f1747bfbf9fc7ada73ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fd3187bfeb0dfa45813c354688ad8f0
SHA1 68e4f3971a5bd60b08157fb3b8ab7c605aa896ee
SHA256 02a88c48a44050fc51fc314cf90faabba924f00a4b02f8db97659fcc0f4fe41c
SHA512 8f91c8efbcbe566ced8123e0fa5c4ee5531cd6b03ef0c49080078c20a032de8c5f94a9cf505d17bb228fbd3f98cf132c38d3d5434613a7e3cb27cef4ca8f4d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3c258dd6bd907db1b6a26465b63180e
SHA1 8a716bcf4bd9d94148dcd791fb594912ea28915a
SHA256 ff924dc418afed7fcfd6e0cf512bbb1cdd935eed97b85caaf760bbce82a30fac
SHA512 42a8447d9889ff1b74991f90dca06e20ee6cfacec3847ad24b8106c6c1d33b04cbc22467f63c9489a3b9947342212e1923bac9943bca60c23d11ce82f61e896d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d0cac8393786ac0d17d135e3702e1a8
SHA1 8e6087128c7cc8dd4b6ffccca58ad905cb205c13
SHA256 5a64c8c11fedc24aa0a46ffb2465e6f1e35f1ddef4f3b2ac48084ccf273ebe1e
SHA512 4b9b70d5433b482bfa2ec744e025ea30e11c3ab5631f44d48633c2d321593a28a5d31e9a7447bb6ef977109da90ad02044e8d86242cc03b3079ba0cfff6f02de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d8c5f5b5d3b620899947994766d11c5
SHA1 7454831bc6cc76a83440018796bf41f6f7f91f91
SHA256 0c501b647d80154f73460e8b4b3d5aa4afccac28c46cdf1924d2d9d46d14d456
SHA512 55626892e34738b4978f3683441ed551ae33ea4ee0a7d9d8757f1561a502e337236b56733a584631e07de2f4930dedaebdb55b3098250db74eb9ef955fe73392