Analysis Overview
SHA256
0012b29e990639b15b9e10ffc681912bee2d6264b39ba35498cc1d9073b86292
Threat Level: No (potentially) malicious behavior was detected
The file a476ee58e025e328c9f94b5dbbe10cac_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:39
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a476ee58e025e328c9f94b5dbbe10cac_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd7e046f8,0x7fffd7e04708,0x7fffd7e04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5599050531566845959,3522699297852089378,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_1856_CBFLAPJHSUPBUEIE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2e9fd1438bcddb0ff942bbfbf76f75f |
| SHA1 | a4dd32ae4efbf49c56782b34b907a2b3c196ef99 |
| SHA256 | 1010775731461af0b29bee18cf70a33be5054c9ad97d96c7e7caf985095ec2a1 |
| SHA512 | 5568ef55a581302d84d52b192c8463fbb94deee7b41fffa67507d9c5a4f47e151b914733cfedd22780e472eea76c6753fe06f26f5a91253c398ac1f89e6ec4ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e5fc444e55045468297337bb7a0a3653 |
| SHA1 | fab1a8a8596d25d4ba0c331c878fc687e64df1df |
| SHA256 | bd1cd3974cea04de2f2dfe6d1e449e603247fe3d1b15d9c6753f76d1321171da |
| SHA512 | 4da8bdbee48dadef2baa0d23ce011204a411fbf5a623256c8c731af3f6e051572888974702bf6e933d812a0ddf96e97cc8483c2915872e10870efc5f9bb5105e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1983d095b8fa0017567e1ebdf5230652 |
| SHA1 | df1ef2c54589fbfac8bbe8ea3fe270dcf0122033 |
| SHA256 | ff6cf3a0b8cc9b0976ad479bda340d923dcdd196983a7503f99b403ce5bb3529 |
| SHA512 | 1c1c08fd5dbba1a981abe4c3e14ffd14fc65676bdeb27788f8748f0732e163cdd8f2ea5398372b788d8860b5e13dfc468c99cc2266d771b5a6fe0d4ce6a15f2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win7-20240221-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d520e364bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ce0696e3445af645876514c44a278d95000000000200000000001066000000010000200000001872c6a5f31a6e270260a43eca742a8c209a279a08984ed0f9426abfdab19639000000000e800000000200002000000064d661ef788e111de74d76006e697523154580a5932a77f85cc43a9e3e07cc5c90000000d074e97084f08408f4d35767b421a70c89b81020448e6b2e44be809752d249d736d1282358eba5218d79a7f851748a97b4cd0d6f575b2d5cf366ede81974a1cca39ea9731f5cb52e25bced39987b931d326fe51cf9e633b2d6eb8859550d89f7c7713a331d083fd507de66d6d6331d5acb99aff18930127c667e41dbdef41cd4ba97331e1bb3686229c263ed08c642ca400000009f7caa11b8c55a602e0afe81a0a601acf5f37e9cb7e34b8b01c7fd7c6021ced7a78f3f94b99bef00a09af933aeb058487cf3cfc4c4925fbd45ca077b0711ee90 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ce0696e3445af645876514c44a278d9500000000020000000000106600000001000020000000e45dbbf1daa3168c731376fdc913eadd08faaacb199fa715ec91c7bc46497ff2000000000e80000000020000200000005f01c74bea7205e403e92e4205432fd341140ade639e3f5f065abe26c1798ef12000000005e6aba7574ba75391d73e149c94c3510cf31c7854662cc9314c5e38cd1e792340000000b57a8ce4a6a6a0c3db8dce224b39bcf5045ba5fa5aa45271935b10a4f969fa524b523fd5f3a4c1396bc7235bb89b63f9ab754fb0e6cb62cf694ec8ea7097a30b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426226" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A922EE1-2958-11EF-8FBA-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1876 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a476ee58e025e328c9f94b5dbbe10cac_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab44CE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab459D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar45B2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f02fa15442efd9a8f7130252728fa74f |
| SHA1 | 3e12d26d5999d5168b029d1653cb1cc6c34ea12c |
| SHA256 | 5fa2af63dabc19da25236076299b45faf27d9ac7e5619057ca6e134ea1085d2b |
| SHA512 | d5bd5473a880e2d7b57c5f93bc38824583271b9b2da431c7d5706d7e5aa3a119c39b960a34b32a171f0218afedf60a3875d132d4514c55d88a65092e7900e510 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab77d39a74937ca4752763761acf3c9b |
| SHA1 | 55a5050a66667302bdff810304402ff15dd98051 |
| SHA256 | 58d5c71f2bef5b243f2a96d5ddc4974dd36f4751a84baf09a5894354e05ad062 |
| SHA512 | 87e5aa7e2b14269f9bdb1fd9551c882abab43b18625317172db75b42a0330a2a2b1b2f492f3712b528d763471064ec2fcddec5b2e61acaa2c55fc3712de32f8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e412f31e3c5414f7b51e2b83a44ec4a |
| SHA1 | 2d1a66f9e0e8d8491c61cec80e5b8b385fa93d1b |
| SHA256 | 1bcb895b7b8912fe7c5401a4dc5c46903a95d701678d1c39a076a3b499229274 |
| SHA512 | 312e6e645955babe4015254949b017f68fbb86b094774381efe2686edd68c7d16b053ba4df7f3ef375ec5e97c7d04d0c1fd3eac50f9979dcd10c3fb7f9fec09e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f88ca94ed834eab6186f296a30828720 |
| SHA1 | 38ac922d6042fa00eeb6bbbca4e26bfce3928dcf |
| SHA256 | 09df936bf1f6509d2ed026a2eddc65ef2ae9eed0086abcb25119ec148d536df0 |
| SHA512 | f50f89e73f6bcdcf63a8a4831b66fd574680e7fbc8055bd3a589e365e200f18ae48084576d1ff845c6d13c0e34993551f05cff46d7f43feff8b712b5eb0ad713 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8163c23f406039858184017c80a6d1a6 |
| SHA1 | fe0264a9acd1e940fc0e4c89ef0f9d5edda9c16e |
| SHA256 | 3d323b75c86f10ae4f480fa4b19504cde6b453a934a4f1893f4ba441c2595c0e |
| SHA512 | 3421da1f345a29e3b5a8cadd27edce20328697fc932e26d9e0f1c73c3fe5df33443a7742726090827338ef2430397cb409e264d09a213a75a95ffcf487ab6b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7aac35448c8479ccbbf2331b7f972ad |
| SHA1 | 2b9f46966cd3865aa89754a6d25bb7d3f5b909e8 |
| SHA256 | 2cd13f4d4750b4e2e755982333a5408a9162312f6275e08d8c2b22ffab2c5b14 |
| SHA512 | c1b4551ede48ed387949f4a06d91936b38821c4e2e8e0ec938d933d7e2ebc369cfde16701367400a3f4b96dcd86d124a8b809526d1f149083948c488c7991ed1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8bc9013ffbf34355652ae524c9ef92d |
| SHA1 | 6c1d2bcd260b2a84426b5cd968905e801cd9702f |
| SHA256 | 162eab846e4cf22d44cbf0d16e0fefb5bc392e0723c573200c524ac38ed0c2a3 |
| SHA512 | b6192ba587dd653d9eb4274b3c452a7eb9f5da7f7a69d00122463b6e70c506695a812845a42c4caa98ad826593584138d08b1e14cee92586459abbdb5ad840a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b9e372d948d017145efa176655b6a9a |
| SHA1 | 7005a85549845d0ab07b2011cc65f0affe1b7465 |
| SHA256 | 00b943067bda30427947868209acba7d6548705cef1d06535c5277dab2d59da3 |
| SHA512 | ae045af2b67aae56aed0360e6a17a63bf19ef2995ff0813ae9b19850bf6c1fd5241645196f5570bad1ed1f981db8af38561ce2fe2e06c6a6dda3a2040baedd26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf91cf260bfc0cc34d79429cbc43e9af |
| SHA1 | 6894f0bd2067b9fa2a94ae2cc456afd0eb672ed7 |
| SHA256 | 07151a603705f42a3323e87fd1c9549d656d28c1e97f0b9b23dddb919229fee7 |
| SHA512 | 9252bee0bb1e422a99f8db21e658c5fc780f6f8a0289d25f4d7bce0381d332d7ba1d25af43f5babf29b17c4aea37ee9f20ce9ef8c5ddee257c556c731ed7b96d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8007814dc62176182f206a967182e72a |
| SHA1 | 4b0bfe6609fb9644fa032223f03d1a0a5f41d2cf |
| SHA256 | 584dedd9bb34805829111d344d56c0990b14cd396654fbc5c33ede1d5c991c6c |
| SHA512 | f59dfecbdae46585327d08beda1163f05acd48bf0d6efbd6f17e2a454e4d338030db48fff68ad3e76c73e86c1e1d64f052996ed46a60ea6a83168d78c8995c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c07e6933badd174a64a2ad0e7c719be5 |
| SHA1 | a5b7742043c4e900fe22b1ea904ca22a8bc01550 |
| SHA256 | 47645d1ca1a665c7f42cbc0bd890b623fd0af6223b528ff36bbf1bc80f364b3c |
| SHA512 | 0c30026db19c1933a0529917d02a91bf8e6567cd34630e806264dee596e2fe04596de061a5ecdb933b7a193199ea6be39d824812dacd1c8c96334da458e05817 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec9e5c7d6370aa2524a888eb58f44665 |
| SHA1 | 1ba8a330908c4c6e5bfc36809c7c68171e6ef565 |
| SHA256 | d3160bfa4307b26fb0594707ad4c3fa7cfa56102e4e84ca7e8446db144258a7a |
| SHA512 | 69e640ff6630b137efe027bb3e764ca6a95c71a9ba84da97a4c0c62f43432ce80043ecd32602e9bf9b82f2d2ccec7994cfe7978810caacf05191624d54d43be6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf26522ee8db2beea0f99e9e712908b5 |
| SHA1 | 33b6c7cde91525a074003e1b865f238ff230f6b1 |
| SHA256 | 32a06d2bb30f0465bdbc1599ef48a0de8f7d4a21e9d870c05887360cfd56a5d8 |
| SHA512 | 56bedfce08fabf7fd05438954f74a43e647e6bbf42594cafed24bb330703bd1692d76e0707a9d685981cec41cd5d5365f65a424d2955a757edb97887f626d589 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94d902ab551e828f7e16e2c127fecd1b |
| SHA1 | 637127ef1cb979b3d349c4766db15c6e7815edf3 |
| SHA256 | f9bbb8e3cc0418232bcc74cb67618fbdaa88e51a5930c0ee747e5c346fe35a65 |
| SHA512 | bf423a36efad6c864affd2afcdd8e0119691616fac866173fb8deeaec02d68319a3724dfea8bf97b0421fe3b8b124989ec9b928f69f7e350c502b3e5bdad6821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f114721a6c49553e9e7410b51126f827 |
| SHA1 | f89da407f4af216452a8d44ffcaef936e552f5e3 |
| SHA256 | e668440d889559a82223618e3a6aad9c7c8cc2af08fb0c2340c8322f587d36a6 |
| SHA512 | e432dc8d83e7679509ddc5c1bd33043c61c8a8f91ead9c1330d4327f20a069c1cb3585263d032fa2cbc133b4de0f1feebab3b440ae0b748096e3282b0e5fb531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b4b1b28f7e754a53218b9a4124dd4ea |
| SHA1 | b609ccebdb67bd2539d83b992fad8c9b7e6f16b5 |
| SHA256 | 1d8069ae7044fc5b074ad2b4dbf221a02ae6b86bc7dcbeed24bd3cef325153a2 |
| SHA512 | 266b6126c9fd53a96115b96e419e58c18170de6cf90293b1fe91df9ae75ecaf03d2a1059df1ac5e0d16a6a8098cb92427db671f59384754eb260512b2545d0c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eca8825e014a404b3315313164362509 |
| SHA1 | 4e4c49fa895a34e83fe9d66a8b2b2e150eaddd14 |
| SHA256 | 7ad93290057800434418a7a2f9d5e8c6f090a6c964e698e460143f133da48fd4 |
| SHA512 | eac2e0f10f65719e15bb009819c60d3c0ceec7f7e1cc185cb8efce217e9af03379b102e13df3b2424c2b35f4fd30ce0d52bae7f9fbcfe68ee6d4a818df3e1288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eb91853995d94f732e3f5abe07b4a69 |
| SHA1 | 2e4fa61762ff2a2da0c96830f508ee7de50256e1 |
| SHA256 | 3b16ed817fc623209193ebea6ae1c9a0e8cfff15f64af10e37a586d79d283842 |
| SHA512 | a0700aa2b7722fcafb286111b8cf5ba293a03c01706545f8dc93701b0b883185e1d223745188c48c7e622a616449e8bacab36ee5eac004438c1a0093aa0665db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d48cecc2bd90f1a9efebe942b067579 |
| SHA1 | 5c7426c3369573f77c15c93cc7438dddac017f7b |
| SHA256 | 39b6908c83576276b16e4ecd76feba892c76f86e9c0bf85148697c7a03301651 |
| SHA512 | 728ef524a0bdd4d43b33add8deb78305ef6d651228dc8025d06f9ed2e5a2c5615df2dbdcec2a648f52c5948103551f40505f6404901cc6764a045352c8973268 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff2288adc5c98175a9aee5d02d9c6ca0 |
| SHA1 | 5914a586fe82adee3fc253cb35006d24fcda5af5 |
| SHA256 | eeeb219c81f2f825230d7c7091e676c2b3cc96c9671bb754c67ce78429cfb72c |
| SHA512 | a35508d60c88c56f4608375feddc95eeac0295ec6677b4115e8f04beeaef2f6f41b713f5cad4b9db87cb5b33345a0f2e1cd4598dd4939ac28e67528215ac83d3 |