Analysis Overview
SHA256
328a049e332a68159a4e279b6bbf2140b3d801571b85d47aac2fa0f2a59fe3c2
Threat Level: No (potentially) malicious behavior was detected
The file a6aa12a718de5bd74a6d99fa8061dd29_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:32
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa12a718de5bd74a6d99fa8061dd29_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5024 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=6016 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5752 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4092 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5156 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 213.180.193.90:445 | bs.yandex.ru | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 93.158.134.90:445 | bs.yandex.ru | tcp |
| RU | 213.180.204.90:445 | bs.yandex.ru | tcp |
| RU | 87.250.250.90:445 | bs.yandex.ru | tcp |
| RU | 77.88.21.90:445 | bs.yandex.ru | tcp |
| US | 8.8.8.8:53 | 163.205.31.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.132.156.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:445 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:445 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:445 | mc.yandex.ru | tcp |
| RU | 87.250.250.119:445 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.178.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win7-20240220-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476226" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000738439a3c19c0341923bdf499eb2c19c0000000002000000000010660000000100002000000063598b57f8d77cfce812c27f8cd7b1c47e3f3a66f439b83ef61dfc7f3fdf38b1000000000e80000000020000200000003e6a0a2dcf0c7fd1f30dbc29119d4277306423ec0c08a653bee170ce6c5a900d900000003dce38406b1ce5b6fdd625e2430597f9963e2f41d9ec504c8a84d28b2aff6041ce7e6c88482d92558c976ce2102aa3797756a5e1e1ae518af48dc6872f33e8faac3479e2873282ed220c6bdeeaa7a07bf28ffb22e12676942b0bc6095d8dcc3264b809a5ba00804c9e6392747ebca6bac12c8087ddb41c79b072d140c2e9aac1f5647b2d317d5c2045d6d4b9f8e4e66b400000005fcf09d6b7cf6339b01434b8b657af284cdec8a601a30d8752650e031ef2a2af613567917b47e16fc3d1816468b0e2348131bdec33d26d3b072123419b859b45 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{757BFD71-29CC-11EF-831B-46E11F8BECEB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000738439a3c19c0341923bdf499eb2c19c00000000020000000000106600000001000020000000672df899c75ab6e5bb5deea90a55ef4a4aa58aa65b4f4e90341159f270ec05c4000000000e800000000200002000000086b3eb8876172de3510b7a7ff80de2b6dc3da393f8315206069db51520c74b49200000004bb4a847694eb70b86ac1d5f55cdd896e7d123ec70c3a57059b8a2d2f7ba088a40000000fcaec487bec0e361388de509139d61e7d22e3cc3fc0afd5639ab4eedc3748613f06d9ffa72c2763ebc86d244a2ceb2ecfc96109a270a14f0731bc963f712a542 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607b2f63d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3036 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3036 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3036 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3036 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa12a718de5bd74a6d99fa8061dd29_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar23EC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c653d032472e022d89e98c36cbba4e |
| SHA1 | 1da446f30457bab7e2e59aff9d25494aff50ac50 |
| SHA256 | 98d8aa6da3676f9c86e9b3ba363cb80d43e0218e5ac51359aaa21559cf3b1fe4 |
| SHA512 | acc33e93db1a157ebf87a0942502f987d7cde1d0246f1836b7f708e5796846400fc778c6fe7f7579edcee5bc2175a603163a4e87ff81cedfc17d16d322fcdf4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d6f4e94d27b0d1f5234b267984dbd7 |
| SHA1 | c97686bd84a3907782d65e4a2bbd2a0f4582029a |
| SHA256 | 3dd075801f208d3d06fc124ed52995d262c22b3a3124dfbeaaf4690eef2d6243 |
| SHA512 | f3c3c7ab9dd9cf6835666b3ba8b171ad5560c47083dafc51887d84f2bfb1c643740d5912bb3e5dfc962ae582f600e35073690ed46774dc8f72b72a7d4ddd7c09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5ebdebf81bef84763bf38a21012954cb |
| SHA1 | 85fa13ea9b9b8a447d04f4d30d94eb8607275660 |
| SHA256 | b437ff97fb15b2a90014766b606076c61c45ca1372ac3441f47590eb971bdf9d |
| SHA512 | 04f1420ac2004532b1600c1942a02d4180c402362345e05b91655f410cda8b84a1917d91e9c03c8efe9b926a3b7115a27a292f938255c7354abe95e8574d5c23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fd09d8a68e80dd8facfec3fad89aa44 |
| SHA1 | 79f865d779253519c19f95942eaecc1308f50d94 |
| SHA256 | ff9db4f7981e79bd8c3004b13058f10f7c53183194d3514b7b9080a884c77e73 |
| SHA512 | aea2760d473daddb3c5f671712408c17b6d35b712629e39fd7e4163610db4083607e3b8d00443b0b72106e99e8fea5e56fbe6a44ecd46e2973acccbbb9fcc37e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49b88fc3c54e2a9776c8f85a89c741bf |
| SHA1 | e09096e0430bf73b9e94495f62b06b9747a8ce03 |
| SHA256 | 7c0ba7be73bfde7eed7d197a9a9ddc46c61eccf48fb41fa011a56277cdde3402 |
| SHA512 | b353ef99b849374217be95900f6e9412d03a11037e5df92861b269bdf5f2e92ffbafbc89260c4e0a585154a840ab8082714c5168ed74c5147c15963656c0cda1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 100ca742c49f87cd2fb14d219e655553 |
| SHA1 | c8bb48119f690745e87546ada9604430737c12ce |
| SHA256 | e8565e102555528457d4ddb223e5e0b5f68d715b9beb929e4d394b9fe4c2a4aa |
| SHA512 | 55345d25cde82daa2b9f60583f6230d94330c72072248457ac0e99f6f327a5b1c4707c45bb3c70543e5a347af68a26e18059284222d7f947541b4a7a23ada522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eef36c1786659a8e536bc2d3b6fb7ca |
| SHA1 | cf4880835d144124bb2c5a6b16fe9458170aa2da |
| SHA256 | c4c0b90a742fb7990a4fdbfabc0d0481c374844adafd6d7c7345b8e480947047 |
| SHA512 | 0ef8dc7b1e14c784419283ac0e297105540a62d5f56805f94c4d3939aa9b099caae18a1bdc05c9643299d631e15e5eb99596abd2a990ea6b23e2920a5e59bcd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dfb565439c88456dec2cdcc9cc69684 |
| SHA1 | 1d51e083a57c244eee2903c3b6a4ac66c735d2b9 |
| SHA256 | 3adb8bf987b9696592ab23dbedc6bcc7d695588970fcd915ddd8c1b0e4bea05e |
| SHA512 | 5a406ae466470e703b14f33977da66dde4a4d6245471b4567066f34ec7ebb00b268513fb8de92cf8514a028ca64a57616cb040e824ce38680c02194f8ad9fc7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a1a4ecae81d634a7d51a17b14b0d5b9a |
| SHA1 | 1872059572a749aeb4e613ae7bf4cef135ec13f9 |
| SHA256 | 47e4525b1887bd22d2bb157797ed1fef55740df556de19844000fddc458f59dd |
| SHA512 | cc66ae9bf22d89ce4c1fb0848cb00d2ccaacac141116d6ba210a7e40c8ed1e07c3b9b7fd53dfbdbbacf8517dfbca5dd62c0d4548cd38dca9845d2a8bf6203cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65764d34ea78bb0417e984a2cc45822d |
| SHA1 | 5576246e37a86a17c1df24398db2c9571064e96a |
| SHA256 | 922a7fd9516787b35ab710dbe581874a919ee06a06101c59f4f252370beeeb3d |
| SHA512 | 518151be45e784f59bca467b3f90697060658d57f5d05cc6e794d07bec3b8ff3685293066b7b2f69ec2d32df3c2e00b1b7df67d68fb840d93d9002fb587d2823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00a83b0bd9b849192476961c6ba35ba9 |
| SHA1 | d8a58e0e95a58c2f1dd8d4cc417050d2b7d21486 |
| SHA256 | 19f194d23b77e0350ba4e537d2d16844234c470c50fb4a8219e04c576cf8e0c1 |
| SHA512 | af9cb5bc7666155e9d6f00a5ae5465361295292b506439aba3ca6688a2427680addf4dddc32ddad05c427dcbe053d11fd57d3465132674b94704a3ed187787fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ffb2a777cf5fcad8e073512d4629af |
| SHA1 | 736fdecf08f6761dbb1a7d670fb6167b489414b5 |
| SHA256 | db633d3cb18e559f936f699eccec2f09eb9ea889d78e9240028364f51db03f6b |
| SHA512 | fa062ebd38b20bf9aed7092c3d050c9a816fe2d03af01eee2d3583da3c24bc6afa760b0dcefffe6083ab34749e36a2c294861d1f022c21f2f9ea36dd8e12c42d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af522157ff2f50be6f9b8d4124510e70 |
| SHA1 | b7e233710f95893f6e97ff392dd76aa58984cf5c |
| SHA256 | 84f7b447bd0966c5dc253a6ac83098f1f47eb4964f205a59cf5fe081fbf3249e |
| SHA512 | e73f7da9f6cb495a0ddfd9a03cc8fc99d9f32ca10152e6c40bb5ee797890e6564a83e30f1a5af2e9f83e86ee27c23d7c1a939462b6d765419ea815d670948531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76985e82743f8a40816d1cebca21a305 |
| SHA1 | 72f0d957e29bce4210d896b0174c73e171951110 |
| SHA256 | 12a9f875126609c2ddb3622683cbf8a3d85b6cd9fb8589546fd62ad7ea6c24e2 |
| SHA512 | aaeda203376cfa1ecf260da9be603913d62b946c412b5160291435ab1a948a6ea726e53e275563e81d6807cf3c5bbfeaa99c6ebf08364069287848d13543f4cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75afad9abda6d5585988ce44b8c3f1d6 |
| SHA1 | 05e96cff3ab480a4bfd6658130394226e5594b3d |
| SHA256 | 0f5f0fdc6987787f64f77b1b927f35c1249533530fcbb817e7999a86bb718c16 |
| SHA512 | 43bb71dc96dbc73621a855e9963904e8a40cbcc64f816466b06c7bb510ce0fc7a3ee82d0db7c1ccb4c9001582d38bf168a5c6dbfd8c3d0ce4d1beb778579b0e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 445b3388b77646dc52e7b39755d5244e |
| SHA1 | 78d42f6c0a782058eb862532c5ebf08ec48ceb80 |
| SHA256 | 86bebd172cf3645b943dc5e06b573ad557299f8ffe82d5ebd1af09b03427ab06 |
| SHA512 | c3548ea9ea7109ba50fbffb3f165e3af5440c76ffad8058b8114f2680d5ed1ecc73111b8050dfe9613e1ded8818712b2b3274ce4b34464a59eb677e8f4463c13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f123947046e565d0665690d4aa3cbbb |
| SHA1 | 29830e4fae5c9ae80bc8438de6a4390c9fd72076 |
| SHA256 | f8c4cd66ec46d6184936c2672db927b25152ae8e1a59fdc54461fbdec111cbbb |
| SHA512 | 461415155c62998f7b62a9269c1e1a2f90b026d7fa34a045cbe9d26741506493bcc3fa6ea4071ab1236ae5890ad986377df267c8e6738998f6ad401928083e8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5c3d089921c13100b85c2ecbab2cf47 |
| SHA1 | cf8de799c554c1ee120b52fd6f737c3428f7771c |
| SHA256 | 5543f4ecf64c8e5a36d5f8eda6f49d740d800bd47cc483e35302f0afd223d8f7 |
| SHA512 | f71da953b6caeed4ad667db254065d42bb3280f70813cf88344c9de3a3f97b08041d79ca3d9eee253f9c469e7935ad1aa02ecf2505dd9623e65fc469d3752223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 844ea62c2ab0b11c7076d2ec94d39c53 |
| SHA1 | 6b364f433c351d8b24cf524c5ae46122fce47e0f |
| SHA256 | bee505e3c0973ad699d7baaebf0fe217d6c9495c29cae768759a839f9159feb1 |
| SHA512 | e3bcf7a051293fe306ee623396170bda95b1fe8dce538d428cc64dca08e66124f4a0d9a8eac24be1ae6d1435a7109518b5a93f380f0e2c178e5deead2c89c46d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc5b6e74119c79289180277b02957eb8 |
| SHA1 | 7cf4309d5aff46a2f134fcebe0bb2215aac29f79 |
| SHA256 | 7fa98ca34aa0dbd6b10fe17f372e05708982b09c81f572f16bbf2009567ea5d4 |
| SHA512 | e54f33a5219547a95d9999e873314e85ea83d8d38b0917917417b7839221350c89e355a790ed1f3c874b2d7ed889547225eebc844882ee5ec70e82b9bebc4597 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ff5422878123d76556440fb55313e67 |
| SHA1 | d30978f0f6fb1e42c2ba0606982be010cc7eee83 |
| SHA256 | ca23ee73f5704087680da3ef37158e0366532076ebb25341a92dcb6bd2b966da |
| SHA512 | ee1eb1127231f550ecff90404b136413ae66ba18b3af081615a7ba1523c51a9651b84bb3ab9a26247ff23d935976249d5597fdaec15459d73cdbe14a77d47397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96aca7b72356e873b53771191cb6561b |
| SHA1 | 5aa16b1fdb7e1f94441cf1143eec4ff11ce770e9 |
| SHA256 | dd4f944b44333bd37837ba4585f6613fb93e977c934640eabcf5414f5ee1a1e3 |
| SHA512 | 53a7c70234ec10eb9f1de5a144dbffa81d2f8452b96045e73cb9b2ba7cd39a4545ee1c005ca857dbefab5c6c92e5c74a56b6bea32b4568743c0a9c9a8e333cdd |