Analysis Overview
SHA256
2e3999f05cb635c6e655c4e08c48431b2e76c52019a6400caf8c40f93153bf34
Threat Level: No (potentially) malicious behavior was detected
The file a5051343419dfb2c1ee48b9ad8a4a6e5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:11
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:11
Reported
2024-06-13 10:13
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5051343419dfb2c1ee48b9ad8a4a6e5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa5cae46f8,0x7ffa5cae4708,0x7ffa5cae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2404 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,8729897886038439661,18197366568868130048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdd.net.ua | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
\??\pipe\LOCAL\crashpad_2388_UKNBBWABJFHWDWYZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd3da602e9749e7e1858a6d8d41c35f7 |
| SHA1 | d00481190b08ae94bc3255c3fac8b8c6e490586a |
| SHA256 | 794a44a66be9a820d7de7ed41aea117fdc7afb7633fb51155151405f9599ec6b |
| SHA512 | 6048a6058f25163f785e65ba12de0f9eb8df859d9a69d0b234cf876e8b6c0ffb0a5ca2e6d34b925fa1e489b5e06703187a644dcd53b956ae5dbf054050575f53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f6da9edb85f8c40d0f66af51e41df519 |
| SHA1 | c60d559b55038086bc8af71176cb01ef6aacd6d0 |
| SHA256 | 10986c1c08889f75a72456ed556d9a4bf55cc7d1378d548db18b630db64ea138 |
| SHA512 | fcf55d4e19802660bdc42260330c3e3a39642ab5db907cf5cd7b664166015dd9b9aa990f5c8107bc49422a0d0a860b23650d3e3c1fc2caa91f27f2a6c98115c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7487a6006e35357b64674f8f3b440fa5 |
| SHA1 | 8a5b5d0ce0c2e6c9eac8a5024b27d8723f311637 |
| SHA256 | 3760fd19b268abcfd0366afc22b9e0fc9d2c0a72d2c381b2685a00ec75327490 |
| SHA512 | 4f62d2044e41cbc6b7a0f127d43b996888906602e385a73f53a748ae10182d55a2afeeba7273ad6692e7a87296dee2146335266d77d6504622f8d11c038e8c20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 252aa3a63cab51ab6aa580aa1dcbe05b |
| SHA1 | a372a81be33c04420bf3fff4fd1702327b5f885c |
| SHA256 | 30158199b2eb98db6a7da9cb89e0bab8cddd498471eff326d783e07298f6b405 |
| SHA512 | e58bf03583fc959eac0f1b95ac102c71130495a7376cf100789db02f5b89dfa48deb718eeee64c8cac08a701d8bf4d7c4f6beb7086946d5245842cf482aae202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:11
Reported
2024-06-13 10:13
Platform
win7-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435338" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{412C6FA1-296D-11EF-A5E3-C299D158824A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2736 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5051343419dfb2c1ee48b9ad8a4a6e5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdd.net.ua | udp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
| PL | 89.184.88.6:80 | cdd.net.ua | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab23E7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2496.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9c5b07050d40005286424134008672c |
| SHA1 | 50bf75c08a32f3b153a0c898a950b7b329f64edb |
| SHA256 | 50e19adea88adffa5a9d6bfdfdb5126f8ca491a1adfba1d32bb810a104ebae66 |
| SHA512 | 03b69917748f7d4de6ad308961af3cdbf8767e041a3f079fdc6f0c18d7e8f29273a7f720e4fa4e7364c112a41079cd387981c7a4b2aaef0df73052edf8180650 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07e4bb419eb01b639d161d5fd66640ef |
| SHA1 | 8a6cb92427a368c118d720ecb5112cb751744b5d |
| SHA256 | d6800a5417c3de9c454acd8e4a9b95ea2b5a2ee08642467179f5fb683d1740f6 |
| SHA512 | d54ef8219b3938d6f3aca28f2bf7d03fe9454528f9188a5b629807075b65d006894db520043e298cd0521391a85fed9b1ce6a8d1f39de28bf5d699a64f18fcc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c44155a73c5c26ebcd3224ff99e7c073 |
| SHA1 | 2f369a43a1b22315b5cdd3859001e0365cd2ee31 |
| SHA256 | 99b77bb29163a7ba3b637e21293569f1f96cdf11aab589cf078956d6e2a77af4 |
| SHA512 | 3d36206920af8c264eaa8057acbadfae89ab55c4e2410d64f8424c8cf76eb533568f088cd337e363be7586c83e52172d1a81688bd7470628e7e60cf933525e3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5e922545b56921d5b1ad97c7aad9452 |
| SHA1 | 79144c7c42b2b4fe233c4049c410dbaada659000 |
| SHA256 | 4f6c4b120394057d02d751536691bb9a656db2e0c1bad46c0d3491c95b14bbc3 |
| SHA512 | b97797c12d777a961707b3c115674108d06bf828cd9317412644feee022ef577a9a069f8bcf3ded318eea5cccacb0d3b70b16f90ed14cb85da3cfaa1568be91f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17f7f4f4ceaac9169ad06727447fdce1 |
| SHA1 | 67b8ffecf188f60b3d81ced443c1bfe96dbfa091 |
| SHA256 | 261a9ac1798ebd5552105f15bfa501002584a2855473620d35970557f0d75958 |
| SHA512 | b7565841fef3f14329c8dea71024c7e1ec388d408dec9412ffc060eebe187e71347088da907fdeacf8d63edd06b24446b55bd6da96aabe02d4b41734c91cdf89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9bed78e3d08624daa05c3e80e1113a6 |
| SHA1 | 7c7849284245ec5bfb8bb0e31fc120c2c6ff4c8d |
| SHA256 | 65f148e93acf0209d4790f615d62c28b4cca87f663efbe1166fa38a2dafe1b89 |
| SHA512 | 2d5f1235895266520273635cccb3b34d1cae1f3237ae27373d2d0ccfcafe408e14e7383102af272c50e85c83f551df67396873f026c9fffb3c3a8bb0f6250c63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ad0784f3d4a431d98ba753c6e139bac |
| SHA1 | e080f84dc85a7ddcd5c0f196eabf3f201fe3f2aa |
| SHA256 | 34ed067ba2e1966a91e93d45e17632756d05ae4ec5997a1a16d48f6cb5120ae8 |
| SHA512 | 72edef667694c6be2c2a28777a7085f3b518df4604c027f1ac028356a85d6b980c98a4cac01de24511496d352a29b43eeb27e12b68039c9268e5e042537a6823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddfb870569b1312c406f5c20fbaf807c |
| SHA1 | 312891c59bd3ef74ac96f003a8235418188533a0 |
| SHA256 | 87688c7d0924f5d42dd4b94f1895b364f3db6e20d4598692d1ee1991f19bd484 |
| SHA512 | f832169073ff9cd304838e1f421e496ae034b461a4c0d9e55840725794004bd57b12d9f0e1549d6ab0499590bf716f6ea19720af0da0f80d14888b829c28ffa5 |