Analysis Overview
SHA256
7500036c4db2399d4ff2e82632886786d5f4fed5fc2805fb3d64d887aa25ace7
Threat Level: No (potentially) malicious behavior was detected
The file a43cb606391a22cf0fde17562288970c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:37
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:37
Reported
2024-06-13 06:39
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43cb606391a22cf0fde17562288970c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4780,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5000,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5344,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5228,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5888,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5884,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5536,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5020,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5256,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5776,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5664,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | 404.html | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:37
Reported
2024-06-13 06:39
Platform
win7-20240611-en
Max time kernel
135s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422508" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0bb3e375cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61B89A51-294F-11EF-9E46-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008eb469508d6dad5c89f7e166511a33c6bb58f154a06c4c3f97d5d4c63d1b6d9b000000000e8000000002000020000000c28bd633f647d6d68cc07cacfbd6aad9505399a98f800e08a4e530a0f2fdec40900000000a483355d95f366ebd0375b85a5bf3d3a37e9abcd848d3dcb29c599f96d0ad50b122a75b1fffaba1e1107f0a45928dcc197925b66a40bf7acd6500e549e25b20c31d07900fd4923dc4ac3f4f0fc91c728a339bbc80f92531f11aebd9bc58015dcdb438f9b66db7d32b4da94004f44bba4543e245c673e00a8eb4fb0caf57a09dd9082b720d1db79dee2e7053536ca5e74000000032b48327f10472c15bbb91a77f3b824b81be1eb09592d27ba6886ee1e7cdd845bc1001019532f7b643f57684441ab2649753cdb1cf327307028559ab98d65989 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000079fc662f9ffc236b57d44ff5b5a2df4112b43dbb7f67fe468befdae1ff12e570000000000e8000000002000020000000d9b8b94a0d94102825926958988ca646c434006907224a64dc8f2f34f23ea6ca2000000065fcaf13cf392eb854aba8cad2f5e7a992ae5b197196e373af7e43457c57d731400000005e42aa6d87fec4da1a4ecd7382be50a244d6f9b3267627cdf4a7b5e0dc0a557b64b85eaaf7b85f9e552a8e2f99c97bf8a8d96d6dd5d8db7a61c82d0270e49707 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43cb606391a22cf0fde17562288970c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7725.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar77F4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19742f459214c37750194741568dc8e8 |
| SHA1 | 22ecba9a4802f09da8ccb43b9d9293fd4ca69766 |
| SHA256 | c6ad39d16fee21e10aef6b6f85dc80b7f07c365ee56836193dd378c787053975 |
| SHA512 | 10269d2caa471b10164f27f710078c472a9aadd692f0e7aab3ee1c4f1f89fdce0c871c0e9043e56683087194f26d6b0abe4acd5161df0e05defb0eaa1fb98d49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a55a0136d2141f6ae3826c30d2e3524 |
| SHA1 | b08fdac32905d5cd04d891464a895e1f815aed36 |
| SHA256 | 18781dca81d189f2bd3bac85083b78a0dfe184c3060f65e5fbf38205415dc01b |
| SHA512 | e3eba6fc7cf72ed7b245987bfbdee6baa24768d2e64a0e19af086dfac9c91c9869b499ed7c954a40f49c44c227d8a2228fd5d9593f8f7c78768b4c1c62c01b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 632d3e8c88f61a8aa5d90086491f423c |
| SHA1 | 8085511a9904d16212ec1eb0a8c716b38ab6f82e |
| SHA256 | 541fb2f06a8611b359229d5cec721800ef5276d9eabd7e0bb6e55b8acc8eff9a |
| SHA512 | a2ac96673796834eb99333c32c89f7aecbb5b2eb1fbe50655af1a5be761bf097da717336da22f6a9f7fc4a8bb0fb0cb749f0bcd8dc7daa2de7742c31e0c4c590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ee8343e2d1a6ac06d19cb3a04ab8ce9 |
| SHA1 | 619c6d5e6928945fdad0aee2d77068871c6eff48 |
| SHA256 | 4310f38e7c64204ac769293f9fbac9a51dab62ed857b0563d29f7203e16fd4ee |
| SHA512 | 3d8b64bbe6b357b2fdee33bf0acdf8dc3a0a6a23305e3a4dcd8a8dbea616afb69be1f0dcde64fd3f4ad538a71375d3b1974ddab2e75dfedce07e457728f89a69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cd76ab10309f92571e634c58646d69a |
| SHA1 | fe83f203e4c0fb470a1735c0c774c7e1e11cc77a |
| SHA256 | 8e013d142966c50175902ff81eee03d57130ebc7c954d3702962af4b09f0d352 |
| SHA512 | ad9eb7c64c312fc3ed03f87aeadbd6dd3155976c085d7ae95362d5df9b5daf7b6fcc0f697382e60fb46fb8148ac0407e4295e5bd0559ff37a3a17526f08edb79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03bfab4a9f04c3972afcf96f183f62bc |
| SHA1 | 1ea162a4a8d19d03ec9ebbd7d23b30741a17d3aa |
| SHA256 | ca52280291e0a978a8820beb14ca51056e0a0b5223bcc68c15dafbe19ee522f4 |
| SHA512 | 0b7c3da152e91c996ea423e0a8106f5fcbd820c6ca38c02a332e812d82c20de3d12070a8098ab2eda1c2ff6dff107f98c79ff58e71b90d7a7832dbebca604496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f5015ebec12b69f41020051f30b72f5 |
| SHA1 | e4356aaac35a7981c8bde0c73b5d180a6465004c |
| SHA256 | eb29adea2c5724757804a9b1df7f682c0eae5616bbb3b358578841c917f1cda8 |
| SHA512 | 4740504f7ed5d51464dae8a588a6b7d2a77a9555a3032043697cbbc838b668e54cc96fd5c4988071f83cbab4d5c67c2ff006131e7b8493aafa396937106292e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9144d3eb2c62fc117d894ea273265be |
| SHA1 | 0f50e2c19ac080a00f5cff279c935a354a38716b |
| SHA256 | 9ad52eaae517845f4338e0d2878c53ec5aa0b9d786c62914a2c520fe9b650be9 |
| SHA512 | 89355e30ab57f8932f554b9abaf4960156d1b2fd70137c13f15ed913c1620bf4df9ac50fcaae349b3ed10203d9a0da3d49fbfdcf495da69f22cb3cc566dfab7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4369e90245cc67705c3d663472daed5 |
| SHA1 | ebff434e7c63bb3b031c436188f8034995991812 |
| SHA256 | 106d408bfba6a8a4afa508fc4d9da411636a0a66fd39782f012f6ad53332a68a |
| SHA512 | a47100b5b5dd1e45f5c718562269199213cb1b0e1695ccdbbbd596524d4febf78f0727e96856e253f1ce2957098a99fc26dfc9a9769e74cce0ff0993c43b8f6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d02657cf828f71e78329d8b31df43bf4 |
| SHA1 | 9b1f4645e7f30d273a9f45e56edcf2c9a0f9ecb6 |
| SHA256 | 0c3cf015fbd83ee729a273751e207b1892a2cf17121d5298caf0014720ae6e84 |
| SHA512 | a71cf3240ae0cd71ff2aee3e883e4008391a74e1d85769be7362bca1020c5f00597d4082a32e6f781420963cb2c8c9c67169ec105f36788d1c854eee9177d681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01da79229dbcfc6725bfe3f18935af2c |
| SHA1 | 57d20fbef288236235db1065f8006d2b9db05fb0 |
| SHA256 | f80391edaf2bf3dd14bfb4ccf0a82b851496c471903eab9f2b0a79efc3446c9f |
| SHA512 | 4ea90ad30d5415ca34b5cffe2339783ddee638dc6517e2fafb5a91e9f4bd8faed305951fc1b3e7b9affb0d26f025c9743f4ebdd3aebdd9a052e64242f833403e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7acb3a6dc5e6b9e0ddb027a362083e75 |
| SHA1 | ce83736cb9847643e55b6f5b0be094e0015fa46a |
| SHA256 | 49f19258edb1238f212353dede0cf8887aa8aacca545f9e5169c2947d34c1528 |
| SHA512 | 5bd90202dad90befe57f3c9d06049dc9649e9c6bba0447b95c35a7259a1ac4ff4cd0c6750aeb997dc01329faa098a6e4f1a2290579851d13be2849bd501b95ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0587bad50d4d6453abd5326af1623bc |
| SHA1 | 93cde3936879e90915031391018bcfd3e7b93441 |
| SHA256 | 33a4c3b725c6464cc6da5970328c5c1159dfbef3f2a9c594872b3b30fdfb3ad8 |
| SHA512 | dd4a8b69fc5012c949af98280ef7afb9c8394e6deaa4c9a073ff200e32b57dc3cf7dba5d4278ee295334c9d6413b740b7fc10cc9bb888cd6d05d6bb6bb34b917 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5803233e785df73c9ae68d7b8f1ff0ce |
| SHA1 | c38c9809427104afe409808efddf0168929e93c2 |
| SHA256 | 98ddf8fad6510d4aec71188aa81d1960033734bad8427b49ae31f4946dc54eb6 |
| SHA512 | a02262ed8c7196d30c8c7366a27025953727e703b8cadda1763a6ddbf822ac505bfacf45b6d5bc63b558a8677cac66337f13c0fff0b6cdea0c18bb1f2f635e52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3180e089dbc462fbc8f0e335bfbf1ad3 |
| SHA1 | 93df93fb9b952ecd6704fa08f2b98ea9f211ce0f |
| SHA256 | 8636e948792458af698336d39810952d9f5fdddc02f8de92ebd89422e67c85b1 |
| SHA512 | f97baf6378ffb04aeacf5f7b6b31e69230961ca93fb67a0acde92edde18b85cd3662fb5c59d7a8781ba037aabd9d6b977c8af15a29ec50174ec4b6493a1830b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0768eda185012eb20c405691049a47f |
| SHA1 | e885873311037f228230e26c418f9d09c99179b7 |
| SHA256 | b4fec12eb3e3162001dbaf8f1ce0137856e20d599736c0a4dde2d8997c27422f |
| SHA512 | a17ff940edc68cee600fcae66a605345fe1c3feb22aa94f2af824d11265dea75c5364028b535128a7c89065047e65d7af7f24aa741bd983f95a0abcfb11f83b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d26b00b7d85189c69193241f04485ca3 |
| SHA1 | 0841368d649d14ee9d61b18d757030b444c3cffc |
| SHA256 | bc202474c0d44f7e3f6ffa042ae5359e8f0bc6ecebbe51406a1ae142a2da2ab9 |
| SHA512 | c647a7375b02926c3d3feb52ec9e169257a62ba02a222cdaec01583b2a45dd8a8ec99e4a5790296fbb1733087002a2c9971f609ccde68fd298c8ebc2e38b1ff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe6e71838681832877b54fb9eb15560 |
| SHA1 | 8abcc0feea056759f3fb7b305067957455e97ed6 |
| SHA256 | 6e40111e853a6465a584f92be74441be1bdc2ccb7e426832d5154984f50abe68 |
| SHA512 | 692a12e5bb19765a26bfbfd94dfe372fc7eaa0c658e9e2901c45d7469d30619820a7eca33f659e610fafd2e8779a0fb2522906904e8b83e1c9b24f87dd53c33b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67f4efaa5504dcc4f639bf192c3f2f4f |
| SHA1 | f16dca15ac9aa3756d58fd4f05f8e1737760ae72 |
| SHA256 | 5abc51a8e09120a65a9a36b30c204194ac09b95a29741f9ca176006efd07ebef |
| SHA512 | 390558ae48e5183c7b66f7b01a9ca27a1e0e27f2779493eee2e951d1241fd96f88e4ef44be52b0207fd22bca18edf76a9960ef257045147c7d318bcbeed00c94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6168e9d1ab8c6c64ec8702e0177344aa |
| SHA1 | 8b1fd5d5683c17bae0730be0affcc95b1f4aca47 |
| SHA256 | 4bd444c22dd31c052e7a10dde46a6af2abd994216698e9a001a99375f5b00a72 |
| SHA512 | 8124adf1adb9c4b2dbca48489b1c259d069d9ed96d755ccad97244e866e2d6b36c4a9d6e03550bcd685e17d4b3cfb8138c471353f04cedd96b7bb84bab36a6c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71540a34b638ed88a1f5d250993ac4aa |
| SHA1 | 63180d21362e4f9de55961d71f27c93dbb6ec265 |
| SHA256 | 1ee132a8d9d767aa6a5709aa9e9532572d254f4458b6e72b4186aadbc434324b |
| SHA512 | 5c628a93971b709b6fc59b3fdcaf38753e2f50b3bb69dfcafd86788c2c4350052a069ab72647c2c38ad441d71f55b36f4dd71043a8faeebdf670396541e9ddf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acb15b8398db0e26aeb1e6e682037131 |
| SHA1 | c5343a87b56a7041b4c285e54ae543c6ffea14a8 |
| SHA256 | 1a0db58da4d4acbc688749995c0f51729e4d7071ecc2650b8e45edcc4eba8bf4 |
| SHA512 | 13d88d64335bf84e4cb907e49d1d1689dc1c1bdee5bf90cfe087ec7d7b14d70cf6716550c06b74060dcae8f9721da5ffd417e8fa53d2c9313d820d9b8d47cbe1 |