Analysis Overview
SHA256
717b24246586fef822244f81b828ca5fe855f4a4b75b85509b04116587205656
Threat Level: No (potentially) malicious behavior was detected
The file a4299010a718760bed056b20394c91b4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:17
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:17
Reported
2024-06-13 06:20
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4299010a718760bed056b20394c91b4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a24f46f8,0x7ff9a24f4708,0x7ff9a24f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14016308039716842095,10145637922727454463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdd.net.ua | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_2584_CGYULHTZFHQSCJMM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd4403b7cd261c4d4e00f3a58b7f9ef5 |
| SHA1 | 6fd0595edfbecb810dac4f0fced8f529aa9093f8 |
| SHA256 | 0abae6cb6cb42816b76fe6c3fa3cdd690cc62d5829cf8540e2118816d917049f |
| SHA512 | b0c38985f799796eca5d31496ed084b2073fd891c263fe8dbdeb97d55426501801d21316850eb4d3735904c67c50eb81521820df06a6d34f871b63b0bc2d33f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5b9fdb79-a5da-4fdf-a371-8e0bfc58b06d.tmp
| MD5 | 6b39a3feacab8f0e5f09b2b0ae09e50f |
| SHA1 | 73531ceb26ca70dd6ae901c46e8df1d4b1e2ebfc |
| SHA256 | 7255fefb26164d2ab715a48f919d5cedd90102fed06ba6b823319aa5e64e2af9 |
| SHA512 | 7fe5a937f08e763de0f5e8cb2edc3f2fe20a8cce0691cb24b25bf8be516e6aab6c35b415808fe697fa9143d75cfcf9a18419c5187803133ed13263355586b058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f54d62e3ad62183f65a3738519d4ccf |
| SHA1 | 34eacecc2c07fe27331b5e6e896a49c38cab0b02 |
| SHA256 | 624bcf77ae0575a5ee5729c759b205ef7be9b0f60ecbe806641910a0bbf0c772 |
| SHA512 | 92998111fad12e23c5fff719698828b603e07ac69c7d54de0d042c52960d686153230a3c5409e99d0f95764a8cdd4efbad9aef1dcea9e2e3d64c1c4190dd38cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9fd2adef96850e63bd550c0985fbc6c3 |
| SHA1 | da5e10546638263397cb80717a8a8e67591b0798 |
| SHA256 | 7354b9b2491b45f07f59bd03fdfc0c7c2969f59a72f5f2eb5d2b118a99296869 |
| SHA512 | eec87a9abedefacc21839c701352174541392f36191421851acc83a9f2a3737f9a6128e77dd7f7d8c2df2113c0260b2d1cda483e0bba591a287095a73a5dee2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:17
Reported
2024-06-13 06:20
Platform
win7-20240611-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0565B11-294C-11EF-9E46-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421324" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1696 wrote to memory of 936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4299010a718760bed056b20394c91b4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdd.net.ua | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab65D7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6676.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cf8437a1a64962dd75107e075dc18e4 |
| SHA1 | 3d4c16cb428ac909e518c4fa17c691a9898f49d9 |
| SHA256 | 5ce2f864bcafbf93a8cc23a680a6a03dc669fa310593c2e6d3b827f237195379 |
| SHA512 | 658b9b21ee08b87353b9db73a265099ea7bc7a6a2685f038f492e3d0676cedab75b0f7943aa2629a09e54faccdd9b9d03a75039ca8b7aacbd1e2844057f96601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 269a96d2ff65f49122e2849d39d53d32 |
| SHA1 | c2d68d86babfb3f72d22c320fac169fc8f524352 |
| SHA256 | 9541e526df3b03680c8b8b3872b26b524990ea3f47bcdc2179b6c73ffc9f19d5 |
| SHA512 | e8867f2c28f3b04e0c591ff695d833af2ca89e8fe2e6ae07f8e527a6257f066f1960d54fb1fa48e52504f88d76f193de5865ace190af811148145b4db872303c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfb5aaeb123afe21d1afa1a3811bf2ed |
| SHA1 | bfc60f403c41ff66876bd2c1d3090351c393a8e2 |
| SHA256 | 56e4773888cb269a6226f7d5a1ab9e3e7cba66300eb0d573fc0efff7d85b0d46 |
| SHA512 | 7526f6ac6d54d85e5b41cb78754fe52f9aed86483095d9a8fe984de0ac39f29a4eba8fbb70fd000124ab95f7b8a179307bbbe54f51e1a975894020ea1c02bfea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f745629f8fe95b7481ccde01ec429cdd |
| SHA1 | 3c77f2e2b828e232bb7d4394fd6ad5f91f6d74fe |
| SHA256 | 9f0d4a1f43b84aae636666c3a7309e94c5de6111fc4cc7b53a09e4755bdfa355 |
| SHA512 | 35f887c9522d1b9ee4d03d5b948c326195a00edbe3c688d9468eb0e5bcfcf73d5d845de92333ff5d3cf6163bf0fe8f42f46f53d73eb61e93a00a4ae0619a8451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18cbaa5026e562c370a5ca156a914335 |
| SHA1 | b5e9b0e01b725e977e806c96d1754ba0371be4c4 |
| SHA256 | 70be4857f333a8cb7b58979691a09c9cf6747157d94530e4ae8b10273ca11c64 |
| SHA512 | 21deb9e28a55caf460816f2b00d87467a517a02ee79198fbf6a2c6e6a986b8ec73d468e07e6707225fb4c9660c4f978654334f12fda310f92a672e99445c5aaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1798e48f2bbf44f98a7a53e67cea775d |
| SHA1 | e8c72b61a813510b652fe1ba69e76c47222d3730 |
| SHA256 | 44f2eff42a5b93789d083d5f0dd4c9241226ec8377558036d993f1fc89f7cc9e |
| SHA512 | 89b4714ce235b20cfba9aa92917a744b767c8106474c9d2b5aff51568018894fe2cb61c6b02aba8937ad0fc90c8ec99883d5d44ae0e8aae57ebbf929dcbdc760 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5933627202865b734fe610718d259cf4 |
| SHA1 | 27f8716f2601e155b29bcb4304eb39023e96c342 |
| SHA256 | 736153bf6e2a4a4cf075653091465b97c6404c378690ea9331fd0c6831646b69 |
| SHA512 | a9cedbf9dde631e17259a60fc2fb8ed209621e929efe3c2a4b5d5716f5d77cf0de19525e536a6e933698a399c1682f6981bc3399afd7352eda31635c93c97abd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21c939d561f8026cd28c674aa9dc9048 |
| SHA1 | dad74b8cb62ee65ed72e2a5d6120b2e8a9df410b |
| SHA256 | 01aa9e1b1c5b972b3f9ae502aeae34ab738f449e8b823eff13ea9766fed55165 |
| SHA512 | fbde3456fe621b470f33e95c6e074b88382bf9ef11f47a90745899dc62a9938b6e8aecd874a5bc7bda62c5528e8b6e72290dccd63489f0f91fabfc554d676a09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f9d57951015098b76e72645639e0c0c |
| SHA1 | 6d61a0b0dac37ea037b6ac9d71c01e40f1bb074e |
| SHA256 | 72f926fb1bc67039a10c10ee924d62e8aff535ed172f727d0785de749e91b99b |
| SHA512 | aba9f55f35d5678b25e56f919327b4eec3e411b62008d3d238d725bbc205077dda65c696952ec89f565e9b07a24711ce0ead7cfc753369e2fb6080c9db655e60 |