Analysis Overview
SHA256
4a34c2857062ea5f2eeeab05611d07e497d58fbe7f619d1506e6f4c23f6c963b
Threat Level: No (potentially) malicious behavior was detected
The file a42b7e0e1405fb5ada6f0349e5b55702_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:19
Reported
2024-06-13 06:21
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42b7e0e1405fb5ada6f0349e5b55702_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4670859617839849416,148543030209164395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4670859617839849416,148543030209164395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4670859617839849416,148543030209164395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4670859617839849416,148543030209164395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4670859617839849416,148543030209164395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4670859617839849416,148543030209164395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | eeblc.ain9.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.107.120:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_5116_XYZVIDGINTYRRYXN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 572cde06d4c56553400fc7c63b79d533 |
| SHA1 | 4075d8c1648aa373a7bbdd39a17c665b3f74a449 |
| SHA256 | 7f0b62294a67d43bb71bb882f29cb223c74611c8cf6e0537e7735d669a76a854 |
| SHA512 | 3a6371502c1bb84c4628990fa8963e496df2e680abde84504c1f44b09b455d3e8662ce0330a37fc619a86e79bbe2e35597ed4bccdc0279cd3a32cab6f9c9e439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9c25cf7cd01d3ce8ce4ad1b00e78a1a |
| SHA1 | e6da07ca5291eaf9bde3fb54053143fb75d609ee |
| SHA256 | 0d2f73c70027852d1d4e9ea00018aeb00403982c5d2099bdcaa55f6a1d845cd2 |
| SHA512 | 718d2acd56a9c81106b83220af1487fa0dd49b3580438c2fdf2b87df547bd0ebe157c2718d75ea2b66ef352bd9208e4bb2ca1036294953fe52f9a85a78647612 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57a1041c63438ed5de1a53096b5f6a03 |
| SHA1 | a37b978ba2cbf11473e81ee537f45284290a3a7d |
| SHA256 | 69d24e61327bb30a50a1960908fcab40ba802654e8ad70c71cd84ef6571a3fad |
| SHA512 | cf7142ee5ea26a2dcdd6d8ae38cc84305087efcaffa771ecdc8e5b4f25020d245a771f08990a392b1e0f05edff0f7cde46fb055cbadf3d4d0f807eb851177eb1 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:19
Reported
2024-06-13 06:21
Platform
win7-20240221-en
Max time kernel
143s
Max time network
124s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421427" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5005bcf559bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000041df8ec9aeca484092861e64f1997b3700000000020000000000106600000001000020000000eb176c951f239bdc790a66b6b0a4340a01b1b723a5acc3794f14b2cef373f505000000000e80000000020000200000002103abcfd48b5092fe42c131692916fe4e8cfdc4caadb20a825a932cfbe42067900000008c80640b89584370b76e07ecb7c013bd69e6ddfc70145b3b1da5a426430c658f0ae1d0eb6cf5c356918d8ab72cc16351ccc96a92520ec9cda1f2a98d283dbdbe8de7d382f36eba9ea076d7fd308b7ca68ee2c8b3f499f9bcd0585a5537952a216950f405569cf42a90011fa8f68308b9565d738d6c88a80bcc1d4cd18bc6d1098912e89830f247e1e344ed650075203e40000000e8e02c7227765eb0c283f688fdc14065a65979075f65dfa2884dbca82364875ed1ba8b4da2b7adc773e22f0bba169cd5ebf37d11bb36e110c4839221afaf2d25 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE312A01-294C-11EF-878B-CAFA5A0A62FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000041df8ec9aeca484092861e64f1997b3700000000020000000000106600000001000020000000d2d806366942f1af380ad9e030d4c352beec5da047097b66009fcb08dd429f11000000000e80000000020000200000009d2548a71661019ac23ab453c2a2c53f84a4c0599d44db90d1758bbff28e989f200000005fae1e802a6fa8d04ba284e4e53a0eb54c484c2b38af7c34ecc4795fcbe2cb464000000088bb24848edcb42c250b4bde70b1cd2cbe17348dfb342bc2b1b0fb599ed72bd8f1181d5df94bc2786bd8a5562953bf5b03136151fe559e5c52a9a89927fae6b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2128 wrote to memory of 1064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 1064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 1064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 1064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42b7e0e1405fb5ada6f0349e5b55702_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | eeblc.ain9.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab27ED.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab28C9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar28DE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7b4a716caa5e3ca45cb48c9a91dfe08 |
| SHA1 | 90c0f6be7812c1b983bccbc29d143fac75ae2e85 |
| SHA256 | a78035329ec653df06c5f1bd0f3afd8b8ea67dace54c6ed9348577e2247fc4be |
| SHA512 | baed7dc29d7243e17c0f704a33f82c08ac84d41844fb2831dbd60e5c9e09b46f06a4b84cecc2819753eee66c8256ad37d383ebca8f0bafcf79f263fb96f99e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f26e4ef0e53664b6ac959a7e2fd554b1 |
| SHA1 | 4a7b49619f3b016133cb580b591f17e702120385 |
| SHA256 | 1015590ca5fb1fa293f4c76cecf92e48a4035774bd974dffdd1e2d49bf910bdd |
| SHA512 | 9dd26285f0c89e5ca4c64c7f1f222153b0be8033c129c31dde4be36f406b086ed40277752c7ac985ffa456671de2bd65d447f356029aa87874211ef27c89face |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e695943b18c53766027d8865f67a99ec |
| SHA1 | ccfe49363c5a0132677b733363980d48fd3b44e2 |
| SHA256 | ef6a3a0657080e454b87dc8fbdf1cf5e762864bdaa3f8e706883eabc22ccbf50 |
| SHA512 | 5c684d7a53b9efa4ce542bbae47404cc4a7925d29ecc68f35c2b6943ac90cd53b6874e9cb47048f8b8fdc2ae2cb98bd6a6f58061b3a9097e97b428eb7182d767 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 591178b9fad00444d6d2e4c41ee38771 |
| SHA1 | 3793c2018c239bde040e241c74ce48f89f9b5853 |
| SHA256 | 6d46b40c227a39a5d8cb2be807666b5e1de661f7b6b6366ae47d144842c277ce |
| SHA512 | 3e95cdaf4abfea98bdf87ee9612c60017aaacc67cf25f172c766283007895b53d52714334537f53ce045be125a2bf29cec9a28aa0b3652bf64b03ff8227c42a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de716ab7b3bbce134e4d5987a17525f3 |
| SHA1 | 279ca136611100e3af4c7e51875e695afe5b538b |
| SHA256 | cec0c0239a4dd86d59e9cc7f83d57095a189ffe879d3ccb228a4387c9f4fb1b1 |
| SHA512 | 8508d66289920fbd8d83eeb9a740ebc79f03f75e420af5df4e212458fa7df182d91368378613caba27870ecb3a0c6271843ba12ea9e8aa473744aa8cf8549a16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0083ba42a70b3d93b62bdac3e52371c6 |
| SHA1 | 53971e683eabd8cb2e1bacddf313b815a8b1c0d6 |
| SHA256 | d96c0df43a07c23b3eb39342ba7f5c4b5438920fbb85bdc90782602f633fc1ca |
| SHA512 | bdcf7811d2b7c988477f0ec29b82790d5da6c9d5b29838c904b9e05d3ccd25f09de130ac1ff6d4d757e7bd6c458e867b30bff5c26775e8a30b651eb3b9912b47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f373cbfba5800fcfaf4ac1f6e81591f |
| SHA1 | 5a54f2355c46af1d903b6d49cb8a68358fb6c0e0 |
| SHA256 | 96f6707729b9a8829260cc218dafb1da3cfdab4ece67ee41f7e92e6afda552b8 |
| SHA512 | 45031a59b8057b379a6f13413318f19b28c6991e1009554662f866ee800c5fe88bcaea7dab084e0933bf80e8ffdefb14d68fda01ac51a3856e85e02c1993e726 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b403ee9290f5318b5d43f2ee4ede2b9 |
| SHA1 | dfdc3845788f5fe2f367e2cc3dae78516816a2de |
| SHA256 | 70bbdc1ed2a640ab530597e9617ffdecfb963ceb4b3ac03cc250cc7179903407 |
| SHA512 | 84df44c17d29a35e1976c3480b7f0619a08f18b644c104532e922ac5ba0acb19c96b6d0f89c499acbd4b41da7b5daf06184a7cf0d773627714033b314e1e17eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c6a8bc45c4b305415ecd3eadf6ebffe |
| SHA1 | 9c82953d5d42659e84612b6df990990f57071d39 |
| SHA256 | e93e9b78e9aa3cdcc6c007463037696543b9d92e1a5387e77d9a13b707ad3462 |
| SHA512 | c947238bc64e2392d5f097f489a126a9fcd4ff013c3f851038ab3db0d8bbf000bc49da36175b3eb02d3e6ba379295ddb9f7a40a353ddbee31b920b97330aaa83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c37b2e5c6d2a42f4da3b0e0495a00506 |
| SHA1 | 6564a90fd7c415a1aa8670e031b1c5522ccbeb18 |
| SHA256 | 48f3c84c9c59d977d626a784a0c4c351a885ea0964216f650a7765802896d7d0 |
| SHA512 | a2e4890d612471fcb01e8327262501d113f9583343ff62de0ffc8020fd6de29b1210e7864aa6b435bd47bbee54543fddc44ee5950b6236a21664461a46a60d63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac2a93076d143e4f8ca683374101b7ad |
| SHA1 | 103bcc15b3e525c9d463b9b4c505b9a722883e4d |
| SHA256 | 295d06b9cc8b21a4a64a3e19d26409a34cfd96def8d7ec600ecb4ae97c622ecc |
| SHA512 | 82dbd54ddf78d665b1fe80ca3b157954f76f9338c6397580d6fc22b9a9898575c6967fe9eb51b18c36c4a1f9a133f2db9aa4c7e89ac2e1a30cc1d696081f2108 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef0a1631d35daadd5bab6281053fb0ec |
| SHA1 | 44d9a8f6e0ed104a94c5ca862b5b87203aec4859 |
| SHA256 | e6f998af7067957f058f0d5f665bd4580afed9d84c8c161dc4fa3c2fc18463ef |
| SHA512 | 75f4e32e04d7c10c8f82c284f1870a1a479a238635fa72f1752bc0c073a93177832ce7ed318d2e96de26061b4d1c340e48b76ea14ee8e25566ecddcd98585413 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7021ade28eba6562625029f0422d5d3 |
| SHA1 | 2610c5ee383f89c9304e0111d0416dbe505c2ee1 |
| SHA256 | 973d8bb948588c4ebffe8de6704ddf18923a958fb9de85881427a2dae4916bbe |
| SHA512 | e0d3ac57c5b9bd3955d56b82668c9b52b3199c3d62c1a29dffbedaf2e42c13818d6fcca9d3f2de14f46b57803deb3680cbbfe08bab93e68bc322c5da438c5d27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c238a2610688a8e803a294dd94c49783 |
| SHA1 | 9dc28a3e8291123be2fcf8022a247e2808ea3486 |
| SHA256 | a4a6090de0105a5ce06ec001d8943a5fe2b216dfd42c6696158c2cf3dc65efa6 |
| SHA512 | 673ddf529b5775f81993f024827bf332de2239930d2651201eb4d73bd68c6d1725454f0bdcec3ce3ec2d1c2351565b11392a4d778a222e9ebfdae4ebf0240d8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f593b2dac3f83866cb81dcc22278516b |
| SHA1 | 95288d0ce78bb78f031517fc86ecf9ec07034574 |
| SHA256 | d815f7d42d28b9c18d8771edb9dfc22e22f47730cde97cb1f7cd5dcf253e0737 |
| SHA512 | 9f8bf1991e37baf0e5803ce18f8acc9484aea85d5039d1137747f67e1f1b7fc23f295ae1d3f05d4143eaf76f40e59aac2de058f54324744f0807d0904f35723c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 994db37cd1f9b9d95feba7f9dd800edd |
| SHA1 | d84823fcbcb29ee1d9b6b2080ab1c52873b2029c |
| SHA256 | d261de70f7614c46c9e84f0d180599071c5bef59c80020c609682274af4f4f37 |
| SHA512 | 0e05bc3abff66b95a652aaed5720dcd9ab0e8893e6d4d7c34752f5d9be0bcd09eab216c168d30e4c28be1642653bad550d0bfba19791e9694de6605cbbbfc592 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11399a1a3e97a440f9f4721747e1a9fb |
| SHA1 | bc72050a335c14e8344045d7a96cd7fd97e8678f |
| SHA256 | 3d750022b7da7c2f2f93ca4551991a5e2d884776cbe433ca6fe1ae6593ea499c |
| SHA512 | fe3847ee618a3a24326a2a7098eaa99a66674f68d49e781632275377612af81159180ecf2b409f3acbd24099b00981546c2e4d6467ce26f11b7879a6037447f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88058936a72e7afdb7704ae1e4282ef9 |
| SHA1 | 768d391598829447c58421a2a0df45992a8e3140 |
| SHA256 | 6031e759834a8e764069f8415522f55d343f38a4056cbb7639dcb7928f6fe92f |
| SHA512 | c56a754308a6e3c9a00638d941961de619b0620d179a7cbc43cd752753aa04415194dcbe3973a235c684f9f95dde2338ff8011467369d93a4df16efb636a6a63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa89df04a06151c6e7a2611147a2e4c8 |
| SHA1 | d25149875cd35c149a49dced15deaef08baf5221 |
| SHA256 | 785e9ae4c4a7bd58e292c5a296f5e1f4f6e820329275ddedf52ae11b16827687 |
| SHA512 | a04a2352ce3631b76e07ee9221d016ca06940d25f036ef4589110ba5a31373bbaf2faecb59412665e9849bf45a40a4eff7a7c03b47c59368c7f3a19691673467 |