Analysis Overview
SHA256
9fa0ddb7c1201db0c1f6c6bb0303b74746749f5a0c2e0319ebab7c47bd9d1bc1
Threat Level: No (potentially) malicious behavior was detected
The file a4d55732939a5f5acfb6ebff98b35947_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:23
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d55732939a5f5acfb6ebff98b35947_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18332691050591289065,13174668032341278188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.hostingcloud.science | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogolink.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_744_VWGMAUWBSTIHFPNO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0baa041389a770b30d41ed1e6c602e8 |
| SHA1 | 18fce21910029f87d72823253cb8ed3dc8534319 |
| SHA256 | bfbd79e8928acb9b366b79c127e79b131145230cbd677d4b56c9dd18149b2086 |
| SHA512 | 45d49e689e6d1d5aef29856544a8510dce12b10cd1731a6fbb534c9d9f2bc5cc867080516547969f58123b29139c93f6a15ad5936c6033761cea43aad08db2aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37036504bb8045419ddb6144e150c712 |
| SHA1 | 748a9c8cd235ff34123d79ba0b8ba950c83e46b0 |
| SHA256 | cd9aa39efc8814fbfcdb33f4a4ccc816e6a2e1cb985f5898ed120c300c66e9d6 |
| SHA512 | 1e162f26ab450f1f44a85e6fb628b5f618bf4a6c95361339f3c49d50c25d958f541c4fa945b8052cf43323c111fa35ca26e9f6f289bdf44efd4854dc5958db7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c2ba01ba5542a7f8e3c1195fe142bd9 |
| SHA1 | ed04e94ca878a5dcb4ce66dbb8f95e02c6bd6995 |
| SHA256 | 071aa923cfa8d1f54843b77a30639f680ddbd29105b60a9af703f2ec3eca146f |
| SHA512 | 56cbeb2f2260b3ec7de8e026b30652ae84a4a34a0244f98a70b83471e16279899208a31fd5488fe68bd6fe8d85b962b28aa8dff549698b06451bbe8a8f9d57e3 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win7-20240221-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d043ea7b73bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7588CC1-2966-11EF-A304-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000261fc0c39ff174429314bddebde59eba000000000200000000001066000000010000200000004acced435ba83c22f0cb6abc6ea6fa5d2c3b1af429c06bf1b57d5e750e0feb4a000000000e8000000002000020000000ba95b05416494f1c824339b3a84efbe2bc646ff8009eec8afa7153d91461efc6200000000be4432cd3fb871d88be90ed59f408f069b4e3e9024669f87d19437be57bb0644000000020a923aedc7963585ae10e1deafc6f8051f25b93b2547493fc1df16f6dba79adefc83ac209d945030ca02e32e485b80b9fa95cf8e6d6fdcf4365ec99cac3624b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000261fc0c39ff174429314bddebde59eba000000000200000000001066000000010000200000005f76e8b676b23b12982dd1c24069848ba02cb86c6734f4aab3e0d5c38e285c6d000000000e80000000020000200000008106625af958e4191c065fa028673b6deb6a98c7e52b2a70b146a5a29a11eda090000000f50fabd00bfb6001cbe4f036156c532a0800ef94c045b5ff08e50237056a51ef5f5113051c6b0abe178cd28615f2ca8ebf729f3670011aeb42047d62753c211f47771be9863b0631527d5550b5e54c7f1f3aafb7dc917c35a1d3b04374d034b483923034441e1e1f14eba0cd2743bd0818af7d0e558d45238b7c2a019569e91747d881a4cced17b726b51dfcce996856400000006621c9dba6865c4b5633423422e201b78d468824db09b6d978fe8f2f407271ab2cfedbd6a4f5246c75a07334cdbb4b7f2f4c512edf627846e24f46cc9cd51960 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432501" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2320 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2320 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2320 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2320 wrote to memory of 1700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d55732939a5f5acfb6ebff98b35947_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.hostingcloud.science | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2B75.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab2C43.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2C58.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c48457ba407eff5847ddea2d09ea508d |
| SHA1 | a396ce4c110947ae1b1afa84dc8ddd7b89b3dc6c |
| SHA256 | df0c0ead589a6c33ab5d4f874beed90139d6071df3da54dcb8af0a297bdccf9d |
| SHA512 | 824e5e571a09b9922af2a98675682d916e75762202f928fe71060ae1a5c793fbeb381845e31b867e6fae8bd0616c9f65bdc35813fc1df859d8845f3bc3d727d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a0d50892cf5434686a2159d355f8d47 |
| SHA1 | 646861dd4574cc2bd4025bd387c705e33cd53474 |
| SHA256 | f95ab6e9db7944b8daf8f194041c1463c68d70e1b8cd7ee3bb634b333e593e9b |
| SHA512 | 65c6d7b3c048e6e751a439a75c6449216fd3d284779d35c4a1503431ad6991629ff8687c064d473223ac88acb0beb8475d2a2ab56b83f9393ee66236075761fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71f2885fc87770768456f2be7d1456ef |
| SHA1 | 72e6fdbbb8f751468f7f13d89b056b491cbeae56 |
| SHA256 | eefd0d1a3cc32a51f53621d6514b956e08a70b3488f46608bed394f21ed5fa87 |
| SHA512 | 97a091cd0c88bb4150404a319c473262c3bc4d37c5cfddf239464336ca7ce237ce0525a3181af203240bfcba195b86b0480bef68b7977ac50467bb16bc3c4ff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf6ad997e7ae490315efa8df7505559f |
| SHA1 | 81eeac90072c0ab1c4a94c64ea887fe855d54c3a |
| SHA256 | b6a5d7fd4a23ccf8e8023282a3c59aa652f3e8662857b79f3fea10119cc4aa00 |
| SHA512 | 4c4cc41fda54694ffe62d581da5726cce13424f269804f839c2dbffd63e9f99d708d4c4ba26e70618ccd0a91541238dedc1e85e9f5121fee4ad3abbd982ebd34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6e05ce7277a3d60e17d660a061fabda |
| SHA1 | 364dccfcaf7a397506ee5bce0c2ff624afaeecb1 |
| SHA256 | 33930fdc1a1692f907bba78fac1b079572c132985b7d49f8223b205078c8cad4 |
| SHA512 | 2955d27d17c9830ecedc2919fdc54310fe204f376f95bd88badb9ec331b07c1e438dfbee377ec53d4881ea0e77ca55a2c2d5018340be655e03a8107c1704845b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebeb7b9678ea6140f2e42625669d73af |
| SHA1 | 647a394a672f3d88d34ab1984938824089e264a9 |
| SHA256 | 3053d7e1865ab92dae1f0acafc8acddee342088ff31a7f840c58e8db64f8f5db |
| SHA512 | 91ce3c7c0d61db37c1563f655e0a9e085905a65fc66f08f69ead25d7a039db921f9d1d66d46494dbadea1327d965dfde713e3484b0530eba0eb6cf847ec42456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d92eefa7ac94250d1d28e2cf31766ade |
| SHA1 | 9838122f50099516a2c60e5fa7b07f91dba81dcd |
| SHA256 | 1b4129934fb042d17c52a3000d7da14bfb0350c531420452a49b58a3db9bc9a7 |
| SHA512 | eec8089988e8f579aa87933afef0732d06bc2be7ba3252d98b11620adc9b16ccc4ba10a57a696fb07db55401096ae37d008bef5b91875eaa2d04564826df6fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31ab9c3c2383dbac66a238fb662cc4d2 |
| SHA1 | b39a242dafaac3ebe227766b944b157af62cea2d |
| SHA256 | b196cc49b89d6eee4b45412ff3eef7bc9828dab7b41c06d9435de8c70a0de897 |
| SHA512 | 1bce6ad9e38cafb2a5919ab5b250cae866e2d5227b4ec171add15f0f4b707d297c08ce54ea09c6250f26d6851632cd6e3463e3db63a16a4a3dedc5ae4e80731a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fd9d4afef09ac5faa8c648ce3d8740b |
| SHA1 | 4600137348a34a4e9a1e0cb39afb713cc3bb34e4 |
| SHA256 | 1c71fc0095b0cd636937940f680437f7b761abf76e3708f493e37a08534221e9 |
| SHA512 | fed106476df702e637e45a31e277e0dbe104a8e75cc52207a12ce60220ba0cb7b320ad0a490103fa6430a9c1a70d23ab8f856807fac01487758f7a8b44f8fb0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4238c2228e526d66caf6adba7e1dd2b |
| SHA1 | 8af10a048313ac9a0c359473a9cb612c71d88bd3 |
| SHA256 | 937a8e5edf9fc407e3a0a2503b31b6b06f77e9466e0476e03a87374fe6f435d8 |
| SHA512 | c0acb2d4926790dc2d04a55a718e5ee1a5c585551f05d707fbaad8ffc887e501be07202d3498eb1dae9bdc5ecd0eb4f619c10de3cd5976022a40fdb959c192b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76d5600550783b1f547a7eec9599b2c9 |
| SHA1 | 876918ad063735b4d4dc51071949dcb56273a68b |
| SHA256 | 32948d3a6e657a54a81a2001dc57143f01cf772c56e7bcfbaa958995f7f2ffb1 |
| SHA512 | 0e23d668ae8cf359c099130f1a4b2090bda5b08bcb187c63feb402649b77d103efc28bc19db0275ab6bf7f2217c51bcd2afbf545115eb1545d14cbb843437986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7f2dc0548c9c8b14215456e0ffdacf5 |
| SHA1 | 62d375c6c99372791dd7a48eb14118dc12bb0527 |
| SHA256 | 27a8f6bcd5b652cd900eaa31cdbcfdf28bf1568d30a2e654f1897c5c242ef957 |
| SHA512 | a11206eb4fb526e7b0ead3fed58ff01c491ae5c94f5e3fcf664f09f630df6d6bb910cf9203281ca3144347475cf06bb5383e1ca4bd381d7dbadc6ce0c6cd7178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd94f5b3e95bfc9f8c9b974e3161c3f9 |
| SHA1 | 148e6157630fedecb24ecca01eadd22167b92698 |
| SHA256 | 15a688095e10b0fa6baecd1ca550055e67fa245308ebc78779700e61f1e5ad03 |
| SHA512 | 7140c4c3efa41f28f66ee1068ef7062f182c941a85a18778cd5269a93d209ba9673ae6737d79bb21c52dc3c8ec00875cca6b62a0a6a3cb75ef408c1ce34fb2e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398d3c684c746b2043a8382f02f15741 |
| SHA1 | b438f48741fc524289b7e4d4bcc0f398163c89a4 |
| SHA256 | ddd387321d66af399b16f5ba7b426a7d6b04dec3ff6a387d1aa85cd6456b1ecc |
| SHA512 | 7a441c7fa339bbc5d9cc592116e1153d534f7f30ce8d2738b5209f774ec0939f91d9be7566bea94b28cbb94685c8d6128e3c40bd049e5a8540b977eaffd6f1d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e73d5f86b6639c1a9fc1d0d63a323108 |
| SHA1 | a27671f1706224367053a68a0035eb935c077988 |
| SHA256 | d84c94465dbf65a81a7c2e05536a0e84460053c626d0a67d0942ecf53dd73ad0 |
| SHA512 | fcf2b0b3363dddcca0878ae15a1be3298701da5c69e61ee71d7a39e434e0a8209584c412ae7b3a153b517ff1ffc81b9db081046fde4ba4c13d5197c8de8ab35c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b81a30e4bf81ed37cae54aeb2f71322 |
| SHA1 | 1271cf8bf7c0926b27af233cd6af5f32d14a9dda |
| SHA256 | bde7c60b4ac3c9e832a22baf1b9ee111b82bc8523ae4d07afb2e8d2d11f179ca |
| SHA512 | 1ba04437e34681c41f2b6f4e14230da0c762c90f7caa9e7656716580b24632198714d1b2fbc49222819ef7bcb033e58328aed82f9226fa2d9fc20a83d7954a5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fa97b3efb57092f00d884ef4a455571 |
| SHA1 | 003861e4bc4585bb360638b9a0e22b7cf8d36a03 |
| SHA256 | f5a82a25d23dc7ff41b075c69c16401a73bc8a91bdb1a789fbc1e4f63e87eaba |
| SHA512 | 5f1df934d3bcccc4ae9760f2346e9f1c221da13349cf54dccb18b0b3e9e9ff3cbedf51f90e78de9d8e7114912c086f8f129bf7ebcd418f117826afe853f0dd12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f99fc586774046207cf35b94efe5f6a8 |
| SHA1 | 4d32ec7880e2a0f5bbe60626ad38f57e63e371e4 |
| SHA256 | d755815662c16ede6073b4ea97250ade3162d54a8b7d01de3621bd49d8ed1b08 |
| SHA512 | ecb0162c402421be5a243d0a975a62f9508fa2fce70b1483157e3c6a40a30f8f323be97edce78c7f194cce6f8f9fb97ddf596c2861e4c0e1116bb3beb0d24e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de35f26b1db83082cc7cf07c482232ad |
| SHA1 | 9191f38d7f9c44da216d5d11ac17ed5d1e18630f |
| SHA256 | 0050c2adda201ea505d7b1e5930f11087322b35b8cf834ec3c7870333d44dcc6 |
| SHA512 | 96b12c40d99fff20d31017aefb7487749d9ef5a6cf9cb5438575063580e1e294bbc19b4fb283a6b622c420a625bcd8c27389f62826e7a55d48975327325f5dd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35fa5fe80910179ad58c458944b8b91f |
| SHA1 | ca7b2e26c7701fcfeaf3623486bd42bfbda8d688 |
| SHA256 | 9da7ac586eb1be522c5740a89c991ccecf812dc44d2152339971712b96d81797 |
| SHA512 | d21d47dd8b045a175cbdced113349afbc2d5a63fd4e43e49c536050326b80627605f092927aa4947decb44856eaaaccdc066d3d49985293d90c425f9fef3a2ae |