Analysis Overview
SHA256
ce709efba7fe0fd25b39f056986e70ca22b52f641ec6d567b4b3d46c87767e93
Threat Level: No (potentially) malicious behavior was detected
The file a4301d0eeb69024199cab4e603a737c1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:24
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:27
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4301d0eeb69024199cab4e603a737c1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9347757945847002386,14516001028977291267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_916_QHUNJNTDZCHLCMPO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a72ae5dd95cc9d5665f13143488dd0d1 |
| SHA1 | 998184529f7244dcd475e24e82a1eabae9533e45 |
| SHA256 | f756fd9d0fe4e277c636f5a21f6f3f43cc6b061fd960ee36a894b5a14eb20cd3 |
| SHA512 | 5eb9a38ffe75864a1d5992ec6eb2cdb990425ffb4d507c5de111c584f666aa4e96d64c639786db8dcc0bf84e0390e4ba63a98acaacc107cdcffc4e5f9d4e6206 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b660fe4faedf02958d5d4386bf845ae |
| SHA1 | d07b8160fa1f6e5bff9f989b0b97d52fe584bf5a |
| SHA256 | d2eab3e7cc0fa7f5ea1d1013b273fe3cfe7973800c86d2eb65be46c7eabc6a5f |
| SHA512 | ba7c2b561eced66e724dc56a40f4e834dd9b141bfd3e0fe339b55946a87a83f316cba7f7ef3e98cc93fa3554534105026302719726d9659c0684566c405f0d3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ff5c6027b15e298085b01d644ee0d01 |
| SHA1 | ccacaff4b271f2dc9f65b0afad7199d16d9eb7fb |
| SHA256 | f237011bef38aa13064e5253babc93de98597bd13882a20c08b820db911f479a |
| SHA512 | 5d83c4fd94c45d4239605043d8a19be903fdfbedb9bdb9b919d28af13847d6dbffcfb75b45e5bde0cc9a698d0e4bb351ee4059e2e500de13aca805ecd4d4c852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:27
Platform
win7-20240611-en
Max time kernel
122s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421762" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004d7880180c1b8119e7f43bb966d83f1c11742a1849130a1ce4bc26ae6c5eb8de000000000e8000000002000020000000dec83a9d03401f59f78b8a02a0f657b72acdad2bc9b8508460db039ccb48bceb20000000cbe1d4a1191e7e8153cdac597aed098e36094e4197054fa01ac61849edb2ffe2400000001d470594e04296b1c255eb8d0f533a7d285bf45e6e0bfc37688e315cfb53bf0a0eea38f1e2fe7eb646e220ca3cafa16b13962da2678fe6301f5f5fbd44ade525 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000712f518bd3db42b3aa8692dea6fc02cb9b06b0f355533a45222a4ebbe3a0bc07000000000e8000000002000020000000ad85d3bc88c67119c09c75ee9c47843697ad6ca515ada2550eb93ddd6510e1379000000076fa1698e0fd4a4368883a2de2df9b0585caf7059dd89b299d27c78049d8287391d1c26423bc513f8aaf436a503857811cdce9749cd93c25fd330e4cde0a9a003832847dc2f1814bde3ce80fc4d4608de8540882da9c0ef06e545717b8a58d669e2f7591be5bdc425a8bf80d9f637593c6e5b0902d68140d82569d497cbe8a8d99bc060c2d1292a9b40fe22f4e44acfb40000000051cd6577b20f4240c892015dca5789708b98740a9d7174e578a990fd3589801d108bc72ad326a039f3be4b81f30b1bfb11566be0db31b73dc281a41959a7b91 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A47367F1-294D-11EF-8A4F-62EADBC3072C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f23f7d5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4301d0eeb69024199cab4e603a737c1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA3A2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA461.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f26b5b249e5643e163e5fcc4da006a6b |
| SHA1 | e376d171ba0ba185aaf0be5aa4b1c3c2b1045e8c |
| SHA256 | 968f41bda6035c783ef8296f83fc6210da4744e71dd6d29f319593d4bee3eff8 |
| SHA512 | a59110efac683c4abfab8b826996863ab55eaeaeba2d7c57dde686f1ad7b565f1f6899f5fa7005e1adda8838292622373520dae4c9f4c2d9557016b716be8126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 172d2dbeb58a041d43461b85e16a6a6a |
| SHA1 | ac4acc6dff71cd06c60c08df4b6910bace985379 |
| SHA256 | dc2e39aa6e562c5825d20d2609a9fe6ecdf1cd2f60c4d78c469a14398fc80e42 |
| SHA512 | c1d934463e0cc1a9fd652412b2a3d949cde7e8fa3993471aca4bab1d1f90581c454a4734d84302e211a099455630bc0bc90d7ca3b1a5d0246305bb38631f9186 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29a7c8101028c5395d33f8440f7beb11 |
| SHA1 | b81a8f72fe1617c4717ce580abf3b018b6b3f770 |
| SHA256 | 7dbef5a67b4dd2d60385a10654d5d0a81057e37d140391f4de6fef390d16cf72 |
| SHA512 | 0193a18645bf810d66ec7cacc669372744fbb02b9e14e2d56287117e00f227673335427bb438943f74316b524ed3a00077fe4cfbb4ffdd617ba402d9322266fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d724815ff58060e6a343bbf38d517295 |
| SHA1 | 529346894b24125a2717e082cee3464bc0cec16a |
| SHA256 | b73828a6528cb3bc7cf7f726ab403de38eae93ed37459ec13a87d13baded8056 |
| SHA512 | 0346d5c2e3574f3f0da1617ebbe0ee0159680736334865da22ac929cf804bda48abe4da2621f1ec3a2725858de4f73ae6a1085f62c89910583188b3de764e5ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab35cb21a6a12020f8e8a6fc66a28e9e |
| SHA1 | 6c046b476a0c02e14060aea8c21b846b56f953bc |
| SHA256 | 4c6903848c3618d992ebf52c382a8e8c710dbabb8d1db57011b02c5512586de4 |
| SHA512 | 638182f821d1e82bc3140f324417f6aa5d3fb0dd143a58f4960d592859ee827c5c90c47bb677e90404c42ac216934e9d163b504f5a084fb471b63acb4ad9c039 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28a0a4961232c6ba80bf162bc8c117d2 |
| SHA1 | ff93cc23af5fc3764f05328d700ffaffc475e786 |
| SHA256 | d3670dc42f21719e65b601647a01be73972d97c274791a2fd1514ca22cc49ee6 |
| SHA512 | 3383764413f7995f62998e7ed845aa15a3d7d72e46d0ca42d6c336427d36994e72eff69c39568fc7007e500a04094fc69077784cf0f1fd0c8c4319a886efc275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 480e5ec981c0680c042a5ef6437c87c3 |
| SHA1 | 3643788192f8b768c2b503ea9324f3bf1cfdb548 |
| SHA256 | 96fc46458bf91bf67343d6f8571e561b0bc6edea6a7a18f0aa5aa7c511a7c0dd |
| SHA512 | 6ddd5f8c86bd7b803be8642f6b9bf3dbf6342f0d0cf96880cb45f8c796202b4e9485bcb0d17ab54041e843a01e4d0f6f290b837a3c9835db918d264c2ba78844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9373e5df1452a05dea2f4bf3e75a219 |
| SHA1 | 9fc0ac0b73bafb25166f0378bc18c640f624e49d |
| SHA256 | ec86374bb098467ef5b5687eb6b72d622d2951dddc1a9c5ee14d825e1a77ebed |
| SHA512 | ebc5ecd2ef2e558d4f14c461bf1cb3d7b30a429d7684bd8159ce89e03985626aeb333811f4b5ade366de3440f84d2805570ceb2f7296890d08dfe6184b423efc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 730d00b376f3c30101600fd3236593cd |
| SHA1 | 8e4fc54e988ec93c543f850425bef5d3cb9ea08b |
| SHA256 | 5781d3af0fd248ffb59c5dc34c7c88b5b4d8f779f0fde905eb27e01022af42b0 |
| SHA512 | 349acf324c39dc7bcc0878807f5115e852213e3f8937728d71b62426cb26d771f7432b6adf70a591f7f6a8b15f179962057d5dbe7b82426d7f0ed599bdc3bd42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3271cd05b854dbfd05b67304005721c6 |
| SHA1 | 39525003f58d27d98083a877bdabb2e871cd391a |
| SHA256 | 0d9f154b31742a8c8c5797241b44b51c45d4ca4bb2eabae82614e487d57a2345 |
| SHA512 | 3da0ee1a07c68eaab375a28c83833b061a324125e1d62bb874a8488ea518b260af16403fc060a5fb69628056aeaefe85f31cc835651e65421fa9745229d51ef9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f6d6b4c884f716d53a895dab963556e |
| SHA1 | 238c07322117a43d99bd38847e976c5cf237d5e6 |
| SHA256 | b285c9fe107fee98fafd358ad4de2df6f910f0121f3284e03569fe0a34f3258e |
| SHA512 | b565683925c261c646ebe94794bca1cb217add3f145ffd6f323345250b8cba8d1fdf0941f861370726d6af0201f340dbe8e8d954413fe9ef8d500cfa95a63f00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 462ffccaef8edc9322f61c99317de9cf |
| SHA1 | b3a039caeeaa375a8fcb1324c9ba6b33b8d4f2ae |
| SHA256 | 6784bc789bc67297d6c63eaf5eeefc167d99e1241d89e169fe7a80aade38c8d0 |
| SHA512 | 2d4382e5924404be359807eefcfe8a2635bf604c1027f15b69bf04435cba9574a92cc7d37b8a7fa0953d50e362f8a262f4ced6fcacd964f6aabffb385efa3368 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e13fe1ec7550a9c70710182b999b5f |
| SHA1 | 2567006760e975e923a20e56cf44db771ecc6b48 |
| SHA256 | 14e1b3767e2b82df7eb894528d8e9f6aab79ed61b582eed4b9fbb3bf27ebcc28 |
| SHA512 | a8a0ab3ff0240fbc24ed3c93fee680e4daf1208054217e9f17389b8eb884e88ec28a42d0d062ee9c8fc23a05cce625c2cc9431e831ff8ef0144531ba581d126a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8e69d2ea7a093651a2f2f447e7d169 |
| SHA1 | 016ca4220f59532a19123f76c8eca03ce1811747 |
| SHA256 | ecf17da360f7ca789dbe134f880d376a178894bd04675e0bc9c6f56c6ab8decb |
| SHA512 | b1aed92b86dcd167f0cdf1559310add1c58aaf6e14942e7e8e752d4aca2f28470d94968926f695477b6f3c7b71e2e548da33d8102578983aacd590de76bcf195 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08200a196937853856913f657b078bb5 |
| SHA1 | 05f5472f633a870f37d53a6f73dfb34a378d50f6 |
| SHA256 | 2eb974085ac49df2cec5d58557fcfd396f57615780fbc867a4463307d3b44619 |
| SHA512 | 9cd1757f243f5e34fad58a29ed7ba58a00f67dc15b47eb8eff3a3201ff3713e0c114ac96ba3782703ca8b003cd5f712a6d6d2c16e87eb6ca1cecc39aa5ca9b3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c488b5b6ebb36b94cc807f6e50186d |
| SHA1 | 7f04e6a4a0fa899bb2733a6f8031187ba8153733 |
| SHA256 | fe9ec38e6c8f2de157cc26bbac690f474cb644fffa183f000018d52dcddb6297 |
| SHA512 | eea20a70c42ccdd45ffa1c8249a387b73f872a9c05fadff10240d6377c28a0c76a3bf7cbed2f897665db06fff2eb5ef1dd58c4d273fc4c38f4ad54116f474067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1425894059be03a2652cebcc3b08e47 |
| SHA1 | 608cdb9d036321d218e80e962a13e90f9e86f67a |
| SHA256 | 34baf2ac3f4787e31b16e75d25644c3ef6d203ca1bc5b006833139a3f71cee76 |
| SHA512 | 9a3aa86867222e696edca6671ed6618b95f0f933a3c908a807db870157fb10dbf178c019f864d79243964047d6f246e79338bf4f6fbeb33fec83299f9b377c5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f21732e5ca52732f1f9ba3a865750b37 |
| SHA1 | be3a42a2c62bb0e040866fa90e4ba84e248ddc44 |
| SHA256 | a95e02dd42a079128f21619132f57c4dde6c5c2c739089fac8a8ae658f23b864 |
| SHA512 | b11a8ae39b5c5014ae7573d997fdefd7ba4b749d9eb0cef42995756ad782c1ae6364c9a9e2bf8750a91ec6bf8b84b31dec111c12df5e9f8fecfe0404fedb77fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf9ef106e69f22c281ceb1c3920cc76a |
| SHA1 | 2387e6150ce296ddc02b0f414fc82b10336718d7 |
| SHA256 | 377acf186b462fc60c5ca105ae054a92f9553b962cfbb0444a2045f1e04af89e |
| SHA512 | a35ecd0ec4935e51061556d37961828baa72b0a7e227b4063bf0623562ae9fa7f6aa5e1c28f87f76814a79762d34c1e8e78c36097774d3003d25b6f38d7cbd5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 377e2d36de81a2060233d5473a1cc4a0 |
| SHA1 | cd7d5688bfe15a14414d9061d38fe0ab48cb506d |
| SHA256 | 6be65981cd63603691ce6db4675f57c9e3e96faf311b1050119a2fd57c14cb9d |
| SHA512 | a902432e444855ae1aab5f7f0adfeafb138bd10e5e70d0ea661d385862d7544bf324a405c8bd9acc7be321e77dfb6bd6992f3e33636a3286485d9168dc8fcc87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2d009c1a862af53e65a266ae22d0289 |
| SHA1 | 3fbbedee6438a14c8606e0b9e994f501f2ba319f |
| SHA256 | c344fd546ab227edddb3b0dd524e5a1d25c6aa4910a4e768d8f90d764ec781cf |
| SHA512 | de796453fa82753edfcb37a3848352debb2236ee9f6460d2c019d008f2acdf575babfe6566299d88f185d8586ffd38732f9c467d3636665658c583d32ffff946 |