Analysis Overview
SHA256
7dfecb34fe316795d577ceb7c215857158587f2e748bee5be0f4a75b779fa192
Threat Level: No (potentially) malicious behavior was detected
The file a42adc1b51abd5ea20cf46acacbf766d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:18
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:18
Reported
2024-06-13 06:21
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42adc1b51abd5ea20cf46acacbf766d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x8,0x108,0x7ffc0d0946f8,0x7ffc0d094708,0x7ffc0d094718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2058267313256541362,11039015513594996095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2058267313256541362,11039015513594996095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,2058267313256541362,11039015513594996095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2058267313256541362,11039015513594996095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2058267313256541362,11039015513594996095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2058267313256541362,11039015513594996095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 497kd.51qqxx.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.122:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 122.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.122:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_2964_NMFSAQOKCBOFNTIE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7eace582203bc9dac54705e1cd9c573 |
| SHA1 | bcb472a8ed7aacd94a623524f12a91ed4dc04461 |
| SHA256 | 54accac1ff2c3c2ab31c2fcdffdd54b9eff240fd23477fcb5451eda952cb74cf |
| SHA512 | d3acca9cc4e052ade848f19e309ad37259b28cacdb0aea2ee6f16f5fed3e67f0767f22410b6b65fb08167b7f9b761eb89d39961b69a1a78cdc2cd6d743ac0d1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 98a138741641ca594745a3b431f035fd |
| SHA1 | 72fd69d5974beecd69c2395d028a7e964562e22e |
| SHA256 | 5374bdacf9d5c7a199d2a9d5a5ed68efc00228f8342c31ffc41d7fed1f8a8f0d |
| SHA512 | 76e40d0a92100a8748ec0094a0329425816d5b3ea32da31daaca1a5b0fb64f0c7872f702b2e8246d305cd05cb8eae7673f8833be468c81993b4655e10e02cf39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 987ebc45a5f8fb1853476aba94f22520 |
| SHA1 | edc7ce1a2401c935210e4c6e887c6be7d412c856 |
| SHA256 | 4a2c019f18b3ef5f828bda9619a4d8b13cda18fdcf97d672d3a913f0d76ed3db |
| SHA512 | d798580ac0a3e302a180cc91b7c815332e2d084c0ef252782e59936908f9e4ebfcea4e8108b2c88a17663f28c3f0fd0de60861e3e36346f5ba59684d6100c1d7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:18
Reported
2024-06-13 06:21
Platform
win7-20240611-en
Max time kernel
136s
Max time network
120s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C946E2B1-294C-11EF-9D87-62EADBC3072C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000b5c065bb380955fe2a4a0f639737530dbf763b32472b89e4073026fe2713e2c000000000e800000000200002000000083a9361aa20397ea01974aa16898948299509cf51d1012185d6114ee3d1aa76a20000000c8031663bbc9638616088fa647ce74aa5c1a7cc9fd0a82de223c8e1a16acf334400000000ebc377f4a2ad3a317931663022677a3f8b3ee76b220de0bb68c560fe473b8e00762db156f5ddb03ae68259ab161fe7a3c6f7c39cd3b6ea45b27ecfa058c121e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707dcedc59bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000005d863a3f1dbfd36bb9643b21aafc77cf1949660b1398d2264c7494a34fad614c000000000e8000000002000020000000f2a59e6d8c2d8b2e4a8390ce91f79e0c948712773d79c9d8c9dd99b073f02c69900000002a7a0a91417170ad4012d636de41c16bad4eafb6039f1d56d3cd49e64a06e767a6ced3d600b38203345ccf33817e7b298f18a855cc3b29bd6510fe82c889332c7cca221a2ae1397d4b374efa41c482c0abd5db5ff4d49d3f5ec4366f158a6aff4e6ded8d5ceaab47faf698efcf340270515c9f53585fa554a9998ccf449bda2ea19d3a5c356a87f51e27388adbc9fc23400000007d38bb75cfe98bea32e8ec7353aa82c3fca4ba8fe99c0687b282d23ec7509c2069de656a8f7332ec93eb0e2dfe23f4ff0c02de54355f54f74aaa47852f144915 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421392" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42adc1b51abd5ea20cf46acacbf766d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 497kd.51qqxx.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab147A.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d8794971712e7458919d90941d39591 |
| SHA1 | 242e46555a211c62232583a7e7c6dabd960c0067 |
| SHA256 | 4dbc9b752a0c3f8fbf93d4fa738c75080736e9fd47261fe27f00b5b9dda8e760 |
| SHA512 | 0c4bef1da56ab9457022bea9f30b90a2706349f853ed13d06d872044dbef30e7f6279bd613c15535a4adfd90c4e53d192b86a70a77a240cab07e4ebbed749772 |
C:\Users\Admin\AppData\Local\Temp\Tar152F.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad11d1bd60840ad3bb8b5587056b514b |
| SHA1 | 914314b158aae6e31718d7f9ca102874e77a9fc2 |
| SHA256 | c9f93f27637f81d7971ab3ee54363bc0cbbc4dc614d1960cbf15d134659af134 |
| SHA512 | 40c0ff8ed2d0ae7dd05f8ef61affb7dc7c826d91c51a3dfff19c29400db3910e0a9b4bd0bea93bdec5ec93ae8bc0eb835b031c638836d06aee22cdd7b3f72063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f94ec62db16cce2dee5e4979a84ded2 |
| SHA1 | e1fbabd69d51c78304a1464484f028ae71f160f9 |
| SHA256 | d138342430c0a4124c11f26009ea36bf08c9dce3d25213401679020140f1bf62 |
| SHA512 | 922b200b957c21354728a62753db88fa151c768c756de03af07ff213520e07fcebb28baf0ae462594a1855b7b1e8f792640c0d7a0fa590416c20439118bb9c6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ca31f70df199f8ec0177c9a0ca16a01 |
| SHA1 | 50a0b64ddc2237d976d76c6e44f5c53ce04bf45d |
| SHA256 | 373f2147af14d3d18dd035aa122e5400ff2615b74ed6c9f873bc611957a7be33 |
| SHA512 | 3ee52f3811eda5950e792adffcc574137a5afa27967d50aad6a232bf2120d72db1f6ad60ad5dd3c1eda211087cc9aac1d90b3a27b35ff2601d7165e261aa6ca8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e2d41520d17bbf574138d295033ba5 |
| SHA1 | fba0f7e95875b417027a8db47c43ddc70e4530d0 |
| SHA256 | a311bd73c741fd2ec887cdd5a31092fcb3024a3b7f34b7bf83c69c0d9fd48a73 |
| SHA512 | 0e8b367afc891da1be57329700f2c7d099a02f148040fa6c89af676de69f6c770b8656c6c905e1f955834d34b9cf7e48d97f091b784450ffcc20bd1461f80a15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea492fc35c061b9e7600d9f2115e1d9 |
| SHA1 | f813a3055d5adfed8b190a647a493bf33e774bac |
| SHA256 | 42e3366c66882ff0d30048f54279aa4c56133582360aec2deb521c656ac6baea |
| SHA512 | 46e5ae50d5f1c97bcc9982a3a54739e7c8c3db04410f9b0fa034d0d38eb669664e188a018f2c19bbf3f02b583e412e15cfcdcf69769c69b60220a5b76288e359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 154d51d90444f20dc53ba6292b79c680 |
| SHA1 | 4006db0c8fc9c02a5c5b1842d361b8f6c5aaf4b3 |
| SHA256 | 859cf95a3dd8a407f8f3e082bfe6dce97b599ded7bc0b3b1875211ecfd254a64 |
| SHA512 | dbe458326b15a7f128491bf38b0cb497134054d2a2cef2c450ae879865c19a674e71f2a18ed7c3e7b421a56aae822d25b70a2aca945abdbbecaba73a10883227 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb3b5f009b97bacf03ac413312e15bb |
| SHA1 | b46ef9851c2140b0267d26a87f121e773764bb57 |
| SHA256 | 09861e8b38af7c83bffee9dc5bd19cdc74682d09cd24598bcc1a52367399c30d |
| SHA512 | 6309e18360f6336f5adc3d0c4ba664a0552f59c83db6883cb3e220bc5cc11d7ca923b2646ff7e0ac1149963dd996a1f0634a444db73ff079e4978a2752dc9f88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e14ba6991bf503c6ee4c5b2eb14478e2 |
| SHA1 | 85530b905304c6981753304f2e905e484beb2086 |
| SHA256 | 1337bfe48e686e9d4dcf1bf2dd1e2696bb6a99e4bbcdc81e9f6848b431df80d3 |
| SHA512 | 0881f8e659d6a7c57f2345ac555c7d03d1e1737ae13543eb5ef0289225938fef12ac0829d1831656aab29ad191c1f12395db9915c84ee83b93277a30cbb713ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7636d5a21bcdcf22b8bb370ce64e58b |
| SHA1 | 24d7b25d8aaf56dff340870a5d66911f03ae73b9 |
| SHA256 | 8c5af347868864de86a371a634b9231b1d1378061d68a3f9c18a28c66701925f |
| SHA512 | bd582ea1a32c0a2f9bad5c8673a3de94f512a067a3ec51ba334f686e490e101fad4bcf325069a0952f3081dc99d814de403f4535dc846df6526779fd602fc9e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f24dfda9a149330cd696369fe94b392b |
| SHA1 | d685e131741a14d93671d52212c586e5e2c2e908 |
| SHA256 | 1bc28ef845260ec05bc41fc0d127dfda1bc21313aff53edf00999b3a58fea2ff |
| SHA512 | 7bced4d44ce072d22a745e6e28ca5526fe0aa99850d9fd77faf7e326b208360803df0676a9e8532100264f2f5ebdc69a3b93b989737aa5445dc5473c0800a19c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd8c5bd0ba2bbd4daff56bf50e3c5a21 |
| SHA1 | 1935dad4eccc300927f739ab88f1a9bd457e63cd |
| SHA256 | d00470656a124a3ba7e317624ca109d0eee3382cb0b40b0d04a48a60848f17c0 |
| SHA512 | e569cc16c1e53d43da681e605c20095dd277b612a7f30105b9c761c6ec7003f332b4d3efebcf6c4d114eaad041531843e00434448c16b668e6939c9d97dbe264 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 930d3f4a1aba34274bf14b77c1863d07 |
| SHA1 | 7fce481c130b24e653cdd31c3eb59718112431c5 |
| SHA256 | 0f5f52f445d52484cddc88b12dc7ac3222b62dad8a57299f4be2c52fe3ea4f5a |
| SHA512 | 76b60d58efb9100f33ccb483d1f8e31a0213ef4c8a0560937b09aa9ff2fa24064db6c572d681bc7b2e976392cbac2f27d8e2bdb7e3e65fc160ea5e361dcbaaf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1435b2d297d78f3176fdce8bd55d9c31 |
| SHA1 | 204311deb4c33afe14afda7aa9e26f31e5fbc19f |
| SHA256 | dd0f318bef6fed44ad22643944147269d4cc35a5e9eb46233de49d806b8b123e |
| SHA512 | a189ebe71db5578ff332c2a420c8bbb724d0bd76c11aa24a1f71ae7ca7e794e29283ac390357d814ab7d7b5a159906f27b6ef3960b82d811f885df89bc866445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d29830094883ab00d91a8bc430cfb80 |
| SHA1 | f4ffdb780e87eff487a623e847247fb35ae98956 |
| SHA256 | 98e61863db6ce3bdd24869e688ab672b916ca728d0c4fcf094309eaba299664d |
| SHA512 | e02e4c1e8acc7c291a9d3490b16b8e82f4e671f155afce22923bad4891315fc4d03abe62df99c256e093f4ba6f23668d9c44261da4a79d4af644a9bb74c27508 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd1238c4f8776771ebeff0b5f0a92fe9 |
| SHA1 | 6e5a868abe33b51eadc1c1a0445f728d897d690c |
| SHA256 | a7dfcc395716843c0e881a15cc2cff87a2df3d99f686f60b6a1f327389de88d9 |
| SHA512 | b43c4a7a79c5950c90b12bc380dbe9462691cea97cb317bcf31b4ed402d83fed6399835dd60b36dcceab7e4ec1863eaa237119ab6fa4f4945f52b185f16ee32b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b23b2e677e9730023169cad404323f82 |
| SHA1 | d5aa847f1fe8c7abce7ce4405003cef9f009c7b1 |
| SHA256 | e76a38cc723c73591c7ba66c0482208a55e70ef263206a456f10579eb781a386 |
| SHA512 | 8c7c7a704e82dbc7300bfd73df0bf32c2bac611a4b81b5282bcfc5e328cc48b893292aa0f442b65a8026337b97fc109f917e4b766e29e758a062a3a658c14e42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48059babacc4fd3dca24b1b521cc075f |
| SHA1 | a7ee22419ed49d0789bc3d8edfb8410baabcecec |
| SHA256 | d7b321d9829fd59f7cf7892b386ee1f02e8d08037b35f17c6003b5b6ebd41456 |
| SHA512 | 4c9a49de59df52d5c8e88df1d4e938ae82e9ad687cc7fd7160b4bd99ac419f947346475787812d2e4083c4e2d8ebdebe0af9ce6a43999707e81e56ea269049c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1edf6606d8bd3e33ea80d58134074c1e |
| SHA1 | 2265f51f5d64597a573f3df62df66ae6c94c6fca |
| SHA256 | 1d8e466c4d396957be7820c0a1067daddb91c4e3ef1bbc873d894d4be06f9cb4 |
| SHA512 | 3baa156120d709aac83ca2be39ca62a1f0f5c4d57ca1ad4c345bcb26cd6e7f1923750024832de4a2499a3b8bfdbef2db43c2a35a0681e3d7ecdd25f215cff835 |