Analysis Overview
SHA256
ca294b952a2795720d251abb4861763a229090c660721948a17b0f712de7ad4a
Threat Level: No (potentially) malicious behavior was detected
The file a6c6d74d076ec6949f4bf0717c98371c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:00
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:00
Reported
2024-06-13 22:02
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c6d74d076ec6949f4bf0717c98371c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1635774483218386341,10709961694294810391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | reskrimsuspoldajatim.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.threadpaints.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 172.67.164.103:443 | www.threadpaints.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.251.17.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_2640_FPPFYATSDIREQIOV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 644f392a426e468597d14690e171b3f1 |
| SHA1 | a5c44693b12e6937e8b29f626d574fd32adb1fbe |
| SHA256 | da423f3ad937bad6e87bf4190462265d57c41f6dd4fb2723f335615c4443286b |
| SHA512 | fa3018185a012a3fbe201b99501645ddfdecfc9df702a1d827d24db7421cd9df32587127cf05fdeaa89b0f9c2bf84f93165b16878abb27903ea5506b13e122a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 56f32e033740592978d1547206bcc5ba |
| SHA1 | a8af31a67d7f5667f0ec1021082894d10d211565 |
| SHA256 | bd63fbd6cfc9cacbe7b0deca421771842bf522a0c44fc4ad60bec602ca8d93c7 |
| SHA512 | 899d1eeeecd99d5ae19cb62e1f0ad754e83194a2c571f55fce38104891c0c528f6c11972b8a103dd5700e302521ac10e6541fb6ba907ca35fc8e83ec7bf978c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34159724eb6115e2dd3a70d8effe881d |
| SHA1 | f7cdc3d08e953f9b2a20ec66b6d4505f4ab6482e |
| SHA256 | e34db353239b27e7af7a4258b668097ec848459c610d31653d41bb1539916ac5 |
| SHA512 | 1a875424ee4f15b1088e9288e2ad9476a32cfd4f9bd0ade7cbfafae1c20849a2d5dbd7efdb35734669dc6f51b07d2975b7232e505bfa466e3c893ceac01c938c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7c3a54fbb2780e0a98ff91b784b99818 |
| SHA1 | 6ee555a80309747218a8d113c8ad7e9259f4048b |
| SHA256 | 7ba111d21693da04006f8fcc56ce4659746487c430649c95b1a1ae696ea5cef2 |
| SHA512 | 0458606d81a92a65720004e8aaea2b71cd7f1720a1ac1dcc1f71cd1b66dbd485001999e4230e5a905cffe07d0914ce0267020f78d8060bfb4a269d821af3dac2 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:00
Reported
2024-06-13 22:02
Platform
win7-20240611-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{555C7DE1-29D0-11EF-820E-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006e71a0908922be4f5b47946b4694d99350cd6b63d4c2ca6e3ee2ef8a74f407ea000000000e8000000002000020000000c7c965e6fe185e35af834bf52dacb226394798ba5d564aea32b567f56b79836890000000ae209ff3666c2f70ad3e099986bc6226ddec1ee694c990ae1b34e0c39adcc899e09ba485a30990bce76cf6c62fad86db259b926542b008f91d536c269731b30db2e7fee62713a92e8a956c59ddb3e8ee7333da4edd96b0bfca37d61cec9f3e0ee3f8b1641a60814dd9fd358093fd84bd96638398bc044584d307cd96b39e9e32da932cee2bd518f08a0a1077fc59833e40000000bee538b66295698f04f4d3ec7d86afd9bee8490fa131b9bf100f475ffa5ca68f31170e1b5bde0c9c947ce925b468543be5f3e90116556dc4484f95fddb7739d9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477891" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001613e0eb1a470074e18155dc32440210408ef09336792de3c8be5df3000839d7000000000e800000000200002000000025a75d11aa3006bedecdbb2e67c3c12fc673efd956824729564b2e7ca064a1fe2000000095a1b94211b2db66dc2f5e1ef896791f2de5ac3938e4866c2cdeee16237e12af4000000067f258899f28f0c68fa84a2f735c27e25768aad73ea68e3cb3e931c021b0cef96b93a0c489ae84b3cb6a33d26abb67720810b1f289be69837bdf22455ee9074c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602c9a2addbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2456 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2456 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2456 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2456 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c6d74d076ec6949f4bf0717c98371c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | reskrimsuspoldajatim.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.threadpaints.com | udp |
| US | 172.67.164.103:443 | www.threadpaints.com | tcp |
| US | 172.67.164.103:443 | www.threadpaints.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1871.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08464d54bf2dbb34d4bc9b3f8e0a92c2 |
| SHA1 | 73586f5238994cc650f360d2903209c0c19d3842 |
| SHA256 | a9a667b2041b1517f1716b239819cc54c39a219127297c0f9efcbbbe52f8259c |
| SHA512 | e3814915b06941c564c7ade24c762fae5211dcdf41866c20d30de7c4cc41658c8edc69c2d412e2727e69981a7de13d256729ae4bd3d9f80f2d77925d791cb23f |
C:\Users\Admin\AppData\Local\Temp\Tar3105.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9782dc1f8d000997f51ad2744e6de48 |
| SHA1 | cc16d54b546225070d66a5b4573e0af4eb2ee5f4 |
| SHA256 | ca335b6ac1fbd29bce64a8efb36288b34b2b24442f68fe61c7a9ddaa86550e7c |
| SHA512 | c91fb0059eae79919532d3cd3141758a083973c5f5e1964fd2c09c197b41f14a4f7a3df148c17d82ae34ede3abd37a0175414d12e0a2ca48841128c93320b52f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac00d5058f23ae5230682f4d3246b47 |
| SHA1 | e4e3d8a08e93965637b699026ea07894071574c9 |
| SHA256 | b8b9ae38fe822c9cd82470b0c1830ed6dcb5e1c57cf874930965e980a2c59d97 |
| SHA512 | 3509a04c2fbc2dab4e58cef0c8302b3bf375eb302f079793d959e9a04de9f569f9d8737863a6c1fe6002730fc1dc4fb532584f342211e2cb72e451046f466b79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2bb9b3ec508ea414b785fa4e63b7e12 |
| SHA1 | 2ef29a7ae728a6cfe6440224743adeaa8f90ca34 |
| SHA256 | 2a70faf1a69e9f19246136e64c5c099197286b4c977ada14014603e7e5a3bdbf |
| SHA512 | 387157e4d924f1491ca02e25f3f7c09a9e525a47a8937a43653bdc6ff3f0f3362b33cae6237c142dd1689c0893f4658b4c052409388b03edd13818b1fb683762 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a4dff9b69aecf3b1e6c71f51b3e18a |
| SHA1 | bff67c1732eb031c1ac4a4abf4a1d4862a5b445b |
| SHA256 | 8d5c8174e2cf5bd55cef0434e7b4703845b1a22b725599e7e276d401e7d33a09 |
| SHA512 | bc1a8c533f9c4cbd0d40fbc4c8790727d051851ca6741378849903962b6ba5ce6e9500508713ebabc0111e0d669ee41d396639522b1249b591c9f12d4de89743 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e87a919338e3982f7e5232d6a8079f3 |
| SHA1 | 16a8e2be6165e90c1c050de96a5e7264ad45a9c3 |
| SHA256 | c6a595f91178bad2fdb9a16e72d3f9d828c47b015af5dabd88c09f2bd9f56d31 |
| SHA512 | b853f95a874468f46da2f48d3b9667c128b6a1b984040d9bdaaa7f8e640deab628c230459b67d47ec828799b2cff9557a31838e9db03542c07ddcb6aa1471e22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7f021ccb75773113c47b6b4d93b49e8 |
| SHA1 | 9040ff9622a6429dabf8f7538b83f4371700ef8c |
| SHA256 | fff1ca7e475e605964ad54d9592b2e924fcf901da3d55121d443bd60b6a82247 |
| SHA512 | b54c6ffc2fcf623cc13d8204aff7f21e6978d92625d0f5b9dfdbd6d4646ebc8dcc1e1188ca13c871ab7339e18a9a25450f1043ffa198bbb61f37180aee184469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5872b3dfa692cb59cb76750f0859c79a |
| SHA1 | 4794731dc2889cb583ddeef43e5800cde0f0ca4d |
| SHA256 | 9120433e24a725d0426f1da2ed325af98008d33d49f2a2ee332f51b56fba5f0f |
| SHA512 | 5e7f4985af0a0740088554fd3775697339a028e794aa5b0ad18e1372c632dfdb1688ca8384829cc76b3d0f78164e657a03b19462c599083d2721f15a46c3fbd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f31a5f63e4c092399ca68e88cb526aa4 |
| SHA1 | b9c104695ea372d01e95953c15e90472a58c3adf |
| SHA256 | 5d0af463c807c9940fee898c0f20841604766bcb3ab5f15d7bee5e75ae548b0d |
| SHA512 | 6fcee117df07278d8d4ffa2c3aaa6466e1a2192dc14c53e58dc18658c00470788c274b8d6210dc5762a678c0f0d96f14d2aaded4eb715204d9f4c7fd8dfecbf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac3ab8fc907e6abe0d158053efeb401a |
| SHA1 | ff18ebda06b26a7177032de2615a0261aad39ab1 |
| SHA256 | b6548c6b15c420a6a04002c7e912f0e335de123e7e4a6d0c9b13a8da46d04693 |
| SHA512 | c6689bfaf2a8caf9d022ab35ee9e09fb89e237972c75e86d54555cc9e58ab28fab54964092f5c56b56ed9cbe8f74b2c6891aaffc802af769a6ee5ddf6181e943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 167e1476a47f0b02111571d1cf3083fe |
| SHA1 | fb8dde14adac2f3121eacf4b09bf6c941cf6e152 |
| SHA256 | 19216b571810742473725559493d26d2590785e7d67e8e6fea4e90aff501d8d2 |
| SHA512 | 3622eeab04afe73d1b778d2cd93cc3720ee5e1326d2da64c8f5612b5805f240c9162223a3e1a6a4f64e7bd9e74f51c114537ae783889da196a80c27f8306a097 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57a4f0a50bbbf7f979e6185b4380a0c9 |
| SHA1 | 471ce56d972e5d7e04aa6e8b6a623e5b6fd78120 |
| SHA256 | 3641965028c4d224012233ac66f1def92701bd3931c39ff192d295361eebd8f5 |
| SHA512 | 2308678bafd161dbfc66c749a06a1ea73bf50545397cdac58a5a516db3a28c0cb1f57d48bee1b2905f3594650fe79fe5524d326a09715296377195f23b386563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52ba38139cd86b5e4fb12a437e75033a |
| SHA1 | eea5185d48194e928954bb4a0b944331aa07962d |
| SHA256 | fff0d870845968f045284daacb34a8e12a996dad53c7b2480a2b7388e7ac9253 |
| SHA512 | 495209c479f0439d065227811cd569b1a9faa4418e771f9b38db4ba6fc8ab709c439ad0aa9eb242fed38acfcd395f1f3e51a662761cc11ebccc522a4e3439198 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee69feec1d78b6f36a12a0d84a255f6f |
| SHA1 | e7f2c138c008115d86e48daceb5bfde5c501302e |
| SHA256 | 4140bd6de5c6b0beec458dd7782652ba2358d91fb21a5fb2beddbc42ff101e42 |
| SHA512 | 9f490e94053decd2750abc54cc2642774cd86c91e4e6782e0f98da3a3e76b4256271e08afab562050c53e3689953a112e85bbfaea9816ed20ea175c043ab00f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee4eedd2e1823b088e5da283baaa27d |
| SHA1 | a6d0ec2e74c0b27c24862b546a153299c96f4f6b |
| SHA256 | 638b49516cd356419c2b8fbd08dd526cd0b88b3c27a517529012f3697da962a3 |
| SHA512 | f3c2333bd09ab62658db7418137de8399a63fab128c9737967cfeb765360ab87bcdbcd7991b788f84ba2625a36a524a8de231828a260b90a1473f65ae817d39b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9c11496f798c013a917de57434270ef |
| SHA1 | 26c1d132c1104ed05e4fbbb53baa637328e87fce |
| SHA256 | 495e18c76a2d8998e518f664c59f4197960bc1ed087a30d27b87f20201cf9f0a |
| SHA512 | edf9b0a76e6c787ba74023724bb5eeb0f491fde60ec5ddca65f99c74556afa8dbacaafcf5c2aff7c0d9ebc1f9e1dd5f6fc70049e9037fbd5b7349a54b1e47ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44fb14943c8c2509a799035af107f8eb |
| SHA1 | 5ff31ef4bcb1c7d0336232919ea7f9e6343cd3cd |
| SHA256 | 95b77995f355aceddfc58484be92d8d87f3c6e0a35f24fd4676125549cc99ce2 |
| SHA512 | 3785881e454a449f4cff01d5e3aceffce6abdbff532e279d44e79d7704645dea9006cc97447e1bb0bfccd716d010475055c76d53721d72e8c71563a1e13d8673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81eb3cfb6c4b216369079c60f9cc059b |
| SHA1 | b849c2e26962ccd01d5ec62ea31953681c640f3e |
| SHA256 | be7c535eab4f8d7851e3c2ea39da78f15f9df899b69475417ccee66ae83d2c10 |
| SHA512 | f7a1c3f17e70943e0b52b093413e6557673a28cc7d02212fc28e2772302ecda9e684e27075a5d026b79d015379b8905bf54743202d7deb31c464042427a3b4dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f08048539945eff9789621ca46f316eb |
| SHA1 | 8877edf56507fa225202db07519e0bb880793b4e |
| SHA256 | 9661dc813946c01dedf4623d2f4fd23fcdf2b127cc40720964062938ef83d65d |
| SHA512 | c5e16cb6999c9cee5f510bfbfcb3e02576a5ed5e8e166567bf28e3600d24d3a0ba241e26217f37fbfee0620f34c33a62d4c81916e527759692331033743eb821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 304217ceb47a256c93c1262886d22432 |
| SHA1 | 0a1351fb62579ef8f764cd8bca435ffa39a0aa21 |
| SHA256 | 6d34bc01ecfc4d463201c07a1c1b1fd7d5fd64941e5ddd389fac780331c161ec |
| SHA512 | 53b7ed87af8b55f01bf06d1ec6594bf49c028af5b7f181ed40f209642c4e7ec8b42ffbb51a4dff044ce1640267c498866141bb3b00a9381ee45040c01b4e1b58 |