Analysis Overview
SHA256
2f79ea30bcbe58da215d9bda9ceea6d5603ce5efefdf003a56f629e0ae7ae441
Threat Level: No (potentially) malicious behavior was detected
The file a4736320b4ecc01edd5cde8f6cc605d8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:35
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:35
Reported
2024-06-13 07:37
Platform
win10v2004-20240611-en
Max time kernel
132s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4736320b4ecc01edd5cde8f6cc605d8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4080,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1040,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5256,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5320,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5872,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5940,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6200,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6228,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=3628,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6452,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5424,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6448,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 7.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| NL | 23.62.61.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 104.61.62.23.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:35
Reported
2024-06-13 07:37
Platform
win7-20240611-en
Max time kernel
118s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425982" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008663ec8b19b3098c3f5b0475f1e2a467b8011ec88da60d2ee2e76c4a8ddcfc0d000000000e80000000020000200000005b3a2bd9d65b11f8cd39e3dec652d8b58f77e681b16b2dbdb6d617f71c24cae390000000807a4f629485bd2dc0d04cff86c847837a7632b8036f9a91c43731cf4a269c245bf7bf54f9af8c1b24748d1c82a4924cad5c1b5055aa172cfc30f1eeae59be1d17a9a72a707860dd76aee2c654b4a8c68553f61f60b6b5ca83dc2a8bc345c4a541626246e0d10e984dc9e15b46479b526e509dcde00c65ac341c8f945aac90df263b8a77ae434997401b806583dbf3ef40000000fb8360bd1f20ee3a4b788278c102f82c5cea41b9762720837ec5bcf8e3f29cbc0e5987a7056e561c33149b8df3829c96cb25d7efdf276c4c0aee0532d3568508 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77D28691-2957-11EF-AC4C-424EC277AA72} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003bd09c115a1592c77f5f5bf2e3ed9be6d8af71d6cb841a1c691322a6f57e9621000000000e80000000020000200000001daa93819ee2fda12bda360b1982a0f87420d849e32915350f57da2fbc2fec8f20000000ba4d443017089f714facbfc9ea4e9ec4545291efaf34d01fed160e4f4b15a74e400000003f70364122c1a2d062ff84974dcafa041a88296f416f3e987dec791e1169102d752fac0bd399b0c83fac59de76aacba65dd618e9273d20a19be1fc34a086ab00 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a5de4c64bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2228 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4736320b4ecc01edd5cde8f6cc605d8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ava-group.us | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8336.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar83C6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fa1753dff8f888e1e7d72de7a5991ff |
| SHA1 | 0913fb80c30db06025f6d5e82fc0df83b7230184 |
| SHA256 | 26ea8e3362d7b95685c1aa2b19072a74c5d7030ee75647edad7ec9ed4857b559 |
| SHA512 | 77182f91ec1c2003e101ec3ed97bc03e58a1d4ec0963b6854c9340320a1c2d6caa187234ca908a2d8a9e2a4f3f38bc79419824b653681e4eed5231753a6cef81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e67041880d69a32d385015a4eb31f6e |
| SHA1 | 960ac8685022c1a3cf2e904da7412c74b15278f5 |
| SHA256 | 3412228b066e1783b61d760997966f9b39d685bc44cfab1a696e74fa150b066d |
| SHA512 | 498eece4d7fead4b75d41ab126a691b8575266c35849e5e594ca2c054dc645d24404e03cfb09678bda3daa44b7b2fb87595c25c2a11223ed7bb8d61c9fc7f705 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8cf12c009da9b93c7d7028c610e531f |
| SHA1 | 0fae62438236968c1216bb0edafaf97667f1393d |
| SHA256 | 28d6582ddd88f632e86b7336f728099abf582c4867c63cf85b404dc1287c70bc |
| SHA512 | 9782eae639476a0ffb09f13195805594120bfb253fc5e0d37005597c11f740baba1d40c1d06d9970904a29a63a04b2f7c1eb7b06d11f74c634c18f3663cffec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b302382d372e51aac1cfa4fbab99f69 |
| SHA1 | 716544376460fa3582687589df20f4031495a88a |
| SHA256 | 1a820d4ab7a0ad6ac858e4291cef7d862eea6d942237b0ac8334d36430f55241 |
| SHA512 | 50e6677e3a9460cda2ca2a799ee4623273c815993c478a68247bdb77a8fdcd4fe1f75c2716dc92aa637aed8b85f0bd491016366e9ffbd64834ab32a26c9c9f21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ca022af91c52513283fb23f61dc6752 |
| SHA1 | 4072611474cf2f4c024eb8599c3585d17de171f5 |
| SHA256 | 79f9486048d0163ff97e5f2f71154814d1af6b3410a6191e05145dc7e75bf01e |
| SHA512 | 94b5814ea9426476e69cb7c2fea27e0e7196275e2c3978fd1fc68336a70d8ec7b7c3e4e8df8afd5de152609be8046c4c1ceb93a5aa79c9b57e57403d7f671450 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26fb0e2f498c2cca5092f2555162517c |
| SHA1 | 6176990e4dfe2da18dd1653e3f737b044f707a7c |
| SHA256 | a18ebc0fb1c0caba78c794d8acad1e669c7fd264f116b8f2ae5395846d74be4a |
| SHA512 | 3324a9c74aa6f6099feca6277b64c3c5ee1259ce61d3bdef0f52584418b8b197bb7b6908ba5085ff56b347a90259a5c7b30cc13fad781c7b163c7d9b9ce68f54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ed27c98c3b55387e40970e4954059d6 |
| SHA1 | 3ab0c9476c55ba6bb6c9c125a2af789c19fa2390 |
| SHA256 | cb6b6e267ad1da4c6845bcc7ab91e8a21ec518fff5baf67ce43c98ce1c5ec556 |
| SHA512 | e191f48a32dae21495c17c377fc5c05be4b5d45bd8efb35b4a8c4df63bedae43a625367267a017f667f7ab89a73a90f73ce5bfab5417585b6f6f89b23adef1ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b9e7b88b896a8ec820e3d5e14cd41bf |
| SHA1 | 5ef8891705471d7937caf1017b2e88d846cdae89 |
| SHA256 | 5221816be7faf8a43ccabf2907b807a160040c406bbbbcc073f51aea6a60b211 |
| SHA512 | a338b219ce84cbc409edbe98ce0569066dc58ad7badeeaa21ea35ddeae1c3b68319941083b07460f8234f75300aa70daf80f03fc31b2ec172d75241c00513df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 501de87d063c5f531ea6ce96fae024fc |
| SHA1 | f32342df507917a37a7edb259b59f92891073b7b |
| SHA256 | b8be739c928567ba22ec7db2b3402665f0616ad027a569d65ee3b3e70cdd8b50 |
| SHA512 | 752b9857f9c12bd64fbf0aacbc516c3985cb446aceb3365e1252948f8b63ffa0441a8c384e1843d87a6e10ae4eca171c8285df883d1e36fcd0be781f5779b008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9df5656153e27545af89d6c380a3b6a7 |
| SHA1 | a5c22581b7986fd3f6e70101da4f1105d79b9e1f |
| SHA256 | b080e465081086d54fcc76c4a5132c70795de2e81b1250eb123eed027f3d0c16 |
| SHA512 | ef33ed7357c128df5d8a3c2927d0b248f97fe5a3171e3d3a9e28c943c09c5d9268852a69bef8ac2383d6e4c242edffffdf7805ba5bffa0d0a6636cd13973d604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7c2d7ff1051efbe018b1ce5c6e3f0cb |
| SHA1 | cc2cb45e234c051e033d056de6f3c88428c91eaa |
| SHA256 | 7bf1fa6d14efbd70bd2aade59607818fef7bcdf9391acfe99c5ae6104f4f7377 |
| SHA512 | c14a36aed88a69a01ead22a911e93dc6340e17b190dc56ab881f4c57778021730c6af1e6e5c0692399b3128ebfcc0457023d7479fbf4529db5139b2fac16dc29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02862e2566be0639693100227cbf0b84 |
| SHA1 | 4151716e194bf9f799108a1cdc88dda7218f078f |
| SHA256 | 509576c79599208e05cfebc03620eb61e7ab7a21678a0fd2215679e1b64974fe |
| SHA512 | cebb23eb0b91a3039bf1b48ac0c8cde060ee3ce7905a260de20061a3d13ec0abaa8bca6b492b8f0d53b63143f3030ef27b1f58a27fe652f8f0b98d74ba5cd735 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e71f23f86eececc77a2987cc2cdb2cb5 |
| SHA1 | 2298debc7156a8a6c7bd46c931eddcac5b5ef9bd |
| SHA256 | 394a0db1dc00c4b2e552d46ca4df0f0e1d0f12e252172f3992d98db34004810c |
| SHA512 | b44e3fa268ba5a017930b2995339c48cd37208b7ae0c6c05cf693fe5b56c810f2d5566457004d2460ba87ff79d3f11e1682f8dcc36479c596cafa657aeeb42cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c3372c5d3eec4ddde5ad0962b805edd |
| SHA1 | d59ab9c8458bf272207c6705eff2bd4272eb35e2 |
| SHA256 | 90c6e79e8dbfdb92f2af78ba8e729416120d8c5a57297d53369b3890a9d91161 |
| SHA512 | c22737992138fe3e5e44ad4a0d187992c54460d8cb15eec765e5f9079cb60eb57734224c2da7966d212826d7bda295997a084552312f881a64aa703d7818f6eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69903f5b7caadcfe37d734488ab921aa |
| SHA1 | ff87f56f84a55cd06739efe736ec8dfa04364f92 |
| SHA256 | ccc631acdac6319c06c06ba3636235b6c5f27e925b967171544e86fd2ce3c1e6 |
| SHA512 | 7dc70535ef72ad863c3b699e24f7becb45a0128b5c80b0b562a212be39633c78e1adbeb3561be775aa8efab1464c967dd5e0feffde988f42f728278785ab376b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55a3298336eaa6feaf38a54a5da6a340 |
| SHA1 | 4f122611a9d866c6d45e674b302a3816da70df7e |
| SHA256 | f6134743859c6ee6553af9d4de015c6d1649b94d8b73475eaa66cad1f0828de6 |
| SHA512 | 91811f5b5e6c7233966a07970582b18689f2bfb5d51f682f6fe29487cf28f8e54ec1c6cee7863e71976467a00e63db3da3fef655b8c62afba6a51887130adf6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b27718d0b3709282b92204a5d67b830 |
| SHA1 | 4f16fdfd76ecd18be083f5fbaedfb1791bfb7622 |
| SHA256 | 39a55cc68b47af507341687ce00be26b73ae869a5c19214407c80f99bf7ed06d |
| SHA512 | 3470107be0743fe11353e27cd529d3e9e496c3743f368e01fa381a24effe4526298ec1dd8cb0379c1ad1932b756a67dde7b142750de2c44444f40aef18c6aa1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3132529d5a56bde53e6462af5628a29 |
| SHA1 | 78bd84af129b72845b874e20d4fd2b913117903e |
| SHA256 | 6d6dd40f2566691901b4b076d6d09d9ca55805df7bc0d46d0bfbfdf7e1b25e98 |
| SHA512 | 2326fd4b85b9a78add9e8f0c9950df10f64ab2b60408fbd098b6783aa5acf0d505173c01dfecb69cf8ae39240b001605c80736abb666a48e29b3ea36ba58a1bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eee50694db61272a3324e886dd0cbcb |
| SHA1 | 1a549218f7d8491091fa9c155e632d21db37098a |
| SHA256 | 91e6fed1abfe8bbd9a68214b42a3d94951f71b1238b86eed2066d715b97dc8d0 |
| SHA512 | fa24d2c460357f649f11db195201d0d5fe474ed73ed1040ee04957e5837059da0d2d681e7a4d5f45cde32ad497aad62146968cc7cf71a84cc146ed50935b3c3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca5a6935753ff14fc587e1f340a0d71d |
| SHA1 | 3b023c9c8d7faeb3ccfa2ac2b10deda4404ae203 |
| SHA256 | ab9c75bfcc53da77910e39a1c01226f9b2af2f1a5fd50a03a289a6a4e5f028a9 |
| SHA512 | 56589094bf61da3245893f3729152c9b5e58d15259d575bccc69109c47a27a93d3420bacaf622fafee7f1a330d230b422be126e92031d596a50fe0a2000c215a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e5f8bd06108d6f10b411d79de21560 |
| SHA1 | e2d85eb03e3c67c68035da9a517ff7615f72aece |
| SHA256 | 8d1d7ac3f2f8782b12f4b110c32939ad564cb5571be9ca7853337d434125f329 |
| SHA512 | daeb51f3078569f8a5afb6ed4e99ecf787f69c7e4b924e5d18a0bb3f30122aae39fc98ef835c72240ddfea05ba6591445eaff4ad15eec05b7594ccc79525d5f4 |