Analysis Overview
SHA256
e71bef15a48db2167441f16615b1a598655574c63eaecc7bd003807ad3eef9ea
Threat Level: No (potentially) malicious behavior was detected
The file a4d9cce03aeff3ea23641adbf3ad2c43_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:28
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaf146f8,0x7ffcaaf14708,0x7ffcaaf14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6101548427510296606,6265889838944940903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3048_DODRTQRJSPKVQYAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95863ea76b60c6d28f506a4e0a020a29 |
| SHA1 | 73a0b84257e49f9b193d8d94c685434a2c9e1b5d |
| SHA256 | aefc40eb54bb192332d0815e74d205a7f49406b3e999513ebeb6e607f7968ed1 |
| SHA512 | 69bc5054ea2bc7f4e41899c7afd0d9de128f9bb7264acdc1a1178bc629a1d157d315521657f542cd622afdcf8e2f501d9a06169ec1fec77ada8ebe0c0d2af268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ead3dd9ee6612bb07530d7bd0d45c1a |
| SHA1 | 05230c58b89437e41239c51e9b1473806b207b83 |
| SHA256 | d48a5affadd10f661dae400ede3fcfabb955962f41014163c5d16aa33ba71b88 |
| SHA512 | b9c0122bafc28126dc47a0634f8638365757d163e4e0ef641a88efeb6c11d937a4110570caf2c9d8cd858c16f83a1c4381f1ee3142a7e5c5f29a9e23ff0e0075 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b922d09aa55639cc297f94c1c6de367 |
| SHA1 | fa595d43e76185bf771064a2953daf3e368c2ffa |
| SHA256 | d4423d72df70f059476d1bdb4e5eeab496a47becab1a6f5d8a856dec86062183 |
| SHA512 | f0f816257d925f2c5e9958a310549efb46372002a5bf5175e7a1a4c3856b5220934c2ad02b8f9e847dfce74aae928c154f7d610227f25f2d6a5aaa59d00378d8 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win7-20240611-en
Max time kernel
136s
Max time network
118s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432786" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000580be8451eb3e3774d5562c806f2138da95876eac11d083053eb8772d96b8eb3000000000e8000000002000020000000d7f17c2698c4d47f8f2c6bf132dcb218270018917dbc1f52b7bb9f9dc87bc9bf2000000079a4e6839580ab352d6a2f46e58b4a95a23b19b3f5a952e13a98230c27322d8740000000440a7785e64c6ce401e7739bb4884c318b7ce97204d66b2367b353a9657bd80ede84ef53d1a92d6068122b0d93deeafae33dc57979ae2d3357871ac658aa3ea6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508c016474bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50A1AD71-2967-11EF-A490-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000224d85875a8c87e598d55f610a7b8b4d170bacc10859593dac0d3a2d028314bb000000000e8000000002000020000000bb758b413557c6e1bbf1fe6f1b47e11cbef4d3c6a0e4d6c4668b0dc9ff4eaaac900000001ae2cf45c8a903b7c18e0a6c1a2ddbda03307e6c22f403d54b7488ab654d5eeb6da83e0d52ec8f391c96cc40691c8a50322e7a5d0d4bb4ef2b3e8765c55c4c2f51aba7b9f7fd7c0cca3c74bdf7b86f61c42c2d8c388921e0091cd916ffeb6e787ffb9b02306ac90536758953d6b2d34e03f027df4604b876174493975d40d162f0529a632f53c652ff2a71d44a1cbfe44000000059bfd3cb744044f426f2c5e1aaea7917f6202f7d499dd5c6c4687898b6a3ea8487559fe31c97761d4042fd974fa49b20bf302d8e3a19b06377059d80922d9430 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC41.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCF1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 139c4492c7fd6fadfcf038201b3b2478 |
| SHA1 | fe0339b683596519a8c6ebbf35e59590c8d2e02f |
| SHA256 | 3c4585d98a468de9041c9fa4821a6dc44e608c42acde2199e48418cdd9f74d87 |
| SHA512 | ac947a46e4cd38de91908de44e477e753342da13c907256e17fc3c555decaef61a1ebe3992f828707d04d13db39d2db6b21550c418b1ab0eb5b5fb1c0c629409 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66b79eaa35626f1e79585db634aebf74 |
| SHA1 | aa581c690e3efa772d3a497123be1cfd8be2cb9f |
| SHA256 | 18d64bbaebc4bcc32d59db0a811b29a58a50abbaa53a6e0b1bba17cd666f8e17 |
| SHA512 | 00f76932b1c6c2764569ba182f4610c65c3d16e201ddf8f1b4e47dfd96b9c73a78ae4995448096807e03e22bed092edfab4cfbd8b40445d99e27209a4dc34405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56bfad6495ba01c327e4d5643511791e |
| SHA1 | 963c45c6e072f2d1d766f6d4f1f52846764c673c |
| SHA256 | 8b363a2eb3dd41cb0cc5cb3941bedcdda7e6c1251f5915199c1e7b1ccf43ce76 |
| SHA512 | 5ca8d933f7e0615a2be62852685226ac12d781971ed4d24315e0a8112392291eb2f4513b711cbd44293aa49a67a0a76af543b7b78d1496c8ab4c25e9539d446c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82985e5a503d00c42a6fbdeeea169905 |
| SHA1 | 7e201295b668ff01554f7303113b37e75e9b5c5e |
| SHA256 | bcda994883882f4f49ec699df9e5106b9eaf1f9e9ea0a953a97a66a2ff3b5537 |
| SHA512 | 50fd179798e73a4e9b021f72728b8cbe84ae11eab260ec7df6276c0eba01dc63f9209908fd4a3bd7b40235ebe7f3e343dd8ba0c576cb924357ed8c3b278e3e52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 579128544d1a360cdc603495c5cff206 |
| SHA1 | 6d8852ea3401ee4cce07f252114cd8f3db17c22f |
| SHA256 | a0151d8097edcc877248231d76b371cf25153192c2a1dbd062c0897c7157c1d6 |
| SHA512 | 3a6dc0e2984b3eb9cf9a7359241a6e4e93c9ac47d2d226246d38af2a6a30c11e3ccc375263910d1025b332d42260bbecd8984440ca3afbf0ed815bcca551040e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83d7d944ba5eafe49b34ce784fbb9f47 |
| SHA1 | 55e0fb141c036d3db894b65c318ab3bb37c7caa9 |
| SHA256 | 824c98d9f45672118c1835ee1bdd7949cbf2ae53fcf405c00d29f7286543f56b |
| SHA512 | bf654e560c33cbb84411b451d56c4ec4a11aef3e74cb95980527ccb90d401b58afe4a1486a03573e1674e91d4ead5b63e6d65848f5793efd90cb5123f3975d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87308652301bfecdf7f6ef924b92155b |
| SHA1 | 0731c8b423fc2629a1d0b41b85424498662ad7c4 |
| SHA256 | 89a5bbc7a24fe374fbbefcd13950205b51dd18e6933fde7c2d3414e8367c2446 |
| SHA512 | dcce1ab4f4f64091e9d3b985b121b8258090a3d1a5398e09ea49ce2cd5982c42f3d64c83d43f4e994a4a0f9ea65e75135ba595116a84c81bcf6ac23a699d139a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d251544dd506d682a0e196786cdf613d |
| SHA1 | cac8aa205c3a4211222eec03e9ed8997564ae2ec |
| SHA256 | 15b0751b0740e388396c6cd9ff6d3b902d013878d09afa43cdcdee2276752011 |
| SHA512 | 708cc23804db5e1b43e45eb29b17b097c8f64a0c94d96f788323406602a9ffb50f60a96f97b713b7985293d066d9556e7fa32b89ad8baab66e38420592ef40fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e98b82122dfd71c35f7099679fa314ad |
| SHA1 | d035c527f9c5c35d20710f8c04366152c691d66a |
| SHA256 | dc166f47b5c3d55b1929d1434faa61c2715a60bdbfc1ee2b3c5ca074aba99670 |
| SHA512 | 51a8fb7ca2de16c1f68f0fd4773009e2e89b7043f05e49cdb8c2cc1f248ecc62612a2433d4d2d1ed287804c3da970b189c1d3b4740d82d0725fdc1d13f89af0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c99ee4a204b86cee324435777670d334 |
| SHA1 | abde9ee7eeba0c1a46dd203fa0b9623ecd1a739d |
| SHA256 | 55a44a077aed501c91eadb572d9b6e8992fed0da3a884c4c04959b67a075c1ed |
| SHA512 | 52fc7049720d11b9c7bd5891d7f0c68160c6ffb3abb0f458da38134d817100556b50240dd5ccdea3fd516f475bf77abd6207662e765278524856f2bbce8984ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a23014591b71ceabe51353abbe549e9 |
| SHA1 | dbac0696464eb00150255bb55a83379d1a2eaa97 |
| SHA256 | 3f90a36ac8d99a36d271ef445609d4d3c31c4781610160feb226bb8195083602 |
| SHA512 | 62f50f832dd1874c62006459d03a96745fbeaa10ed8aa30ee2342fb3d7c300bd77dd7e4d72e2b6435cb32ab551b5de2ca2c789e52e557a543eae293ee6a07495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 375452e367c72f70783fbc641c70e155 |
| SHA1 | c6c08990df7cd151a0c648e330ea325b13dd932e |
| SHA256 | f037d3588467dab78610d9928933260f241720681e1a18dbd3ef55062c1c3e8f |
| SHA512 | 03704f83f17b571221ca22b7a224ae01e0a7c77e761aa54d14298d8bc520bfb20ad4cd919bc452b35253c7fc41991be1e7dfe690f04b200893e3742bd0047d4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19d16c0dfa68a7f3201c5335214c704d |
| SHA1 | 562f3d1cc19f1151905000ed88b7620e718cb46a |
| SHA256 | 1ca88164aac0c573ed8939ca02c6c599ecd6c1ac6445c89baf415a817e445d63 |
| SHA512 | 7f9bfcc1340be8c135a97da446c691629b8889861caf1b0df38a2e8b0b0ad1bb0961de4099d46dc16c7437b6cb47080264f754bba56f5af4b73291763f6f12cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d94784fd2ec3b56004115d0b4247cf |
| SHA1 | 32ecb1d53c4dd5ec60dcebeaf2535bf364a67fb4 |
| SHA256 | f2e29b629fa8dd354af65d0c21f15a6f11c566f32eaff2a1153327f3f2516723 |
| SHA512 | 947f3d9b835e70eba50a73b1248cf90c291cd4bbe5800c3193eeed8666f958519937001ab48891e4cba60e078d84b2c8111f7a8c0955606c696b469aa0cbf8ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0da02020b239994a258fec0820da62f |
| SHA1 | db1608501b8f9fcb3746554befbc071d513b7533 |
| SHA256 | 7aa1fb25b9456b9552d276b5acf5174b7d94d28e37638c821ef60b763f7a53bd |
| SHA512 | 1c8c40ea1fd28f41f52545a980ccdb67b9e5bc1e021ceac69fc024f204f79f5c0d23f48df0af4d99f968cf587b44d9fd3f8edb3a2af4fcd7a584dad7bdd30608 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63193a338cf11e5cc9dc675fafda9f1e |
| SHA1 | 0671bc6d74238b62c456e281cf1801a235831864 |
| SHA256 | f252fead6fa63e4de20df3b67dc20bbb3161c8bb8ee981a7b51d087c04eab89f |
| SHA512 | fc321137212c455949868c0cc6c408412e4f72dd4104bbc53ed597c3873349d0f0162022b54ecbaa885d78c6e1ede8f284e567a31ab7e239599b17a125a46d88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66766d8145fdde8e9b8cd67e48ac275f |
| SHA1 | d580f0398d99757efcf5d5a5a3e05fbe56a9f6db |
| SHA256 | 6eca8f638dce49916bc1052acc1502f60199ba2d7c84df7fc16b6c103eb5011f |
| SHA512 | c369a8d6aeda791f1f80e9dc9c1464f708a1888f67e1d5610b492ba9e748823a6d061456b4e13d6aaf644a7e10a636c717f49fa5df12b25d3c829588bcc967f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc564cf5679628af3239d17234e0580e |
| SHA1 | 92963b1719d4b479fd4c369981fc4ee28a0771f8 |
| SHA256 | f5f0f0d22e44ca26feaa2897198bc3fc6a24aaa4974f0139738ff2f793210285 |
| SHA512 | 80243933a7a2736fe100b94dc1c66e7205ba6b4262defa7909d904ae0ffe04b00ca4b034bc29abe686547629fa37b971ae4e9b1adb6ba0e49022c2709f3862d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c88ed313b668ed31e24b8f542e1ffc2 |
| SHA1 | e7cbfc965a603be7ec6cf21266ea3b8c42e678e1 |
| SHA256 | 8efe460c80d1aee927b9f1902df518bc3c292d61c2252afd981a09236df22340 |
| SHA512 | 8221c244964570f98dad4843acb7ee315bfdc68db523a7f85deb084a9f7394e38cb746103e19b122037650a5bf58b1843a796840b34a553a6d510326ce31f3e6 |