Analysis Overview
SHA256
147955bf35f351aef5c9b318d545f32b203c3af36e3ea86139af2ed228b982d8
Threat Level: No (potentially) malicious behavior was detected
The file a4e81d669f6b7f67f5c1ab91a3fa67d1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:43
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:43
Reported
2024-06-13 09:46
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e81d669f6b7f67f5c1ab91a3fa67d1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa292946f8,0x7ffa29294708,0x7ffa29294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16789275447728088179,17092382152247592963,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4904_NHDPSCUQZAJUUNPC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d541355c5f2f9e8c63f1146dc6c08462 |
| SHA1 | f7b32916c0078ac6d123b3906df0745b8e460ea6 |
| SHA256 | 3909c4f71d69b5b235608cc492a352f1a2a2328f15144d51ac988a24e291b9c5 |
| SHA512 | 072e021770a998c6b232c5e54e6b9d871e21cec6ebe7388b0e53cebed7ef78f58bc321f85c838952b9afb7bdcd90f342f252afd87254d560b79c91f546b43a63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20aad74f3becb4d3e261ab9403bccbaa |
| SHA1 | 99cf6fe9594098358377c3f0428ffab107af5652 |
| SHA256 | d7391523804656bcea8018b51c73a1eae618d0bf72dac15461288fa8dc98f4b5 |
| SHA512 | 9d253e8f7f3d2d40d1dcd9760a6da4f3fa8cdc775cbc5e216cce491dfaee6df4a9f428d987ac1cc1d618dc8ee50c41aa07d43517b5077a8f602f58c082036846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8b994ec54904db71ea468e2bd2c6d1c |
| SHA1 | 2d26b437b5d74e25c3f55d4d0671e280bc6f7f0a |
| SHA256 | 1a3512f49ca7bca7b0da162a532575b547de9d6b72e745169ae2876d4f565f5e |
| SHA512 | 5108c0f9621274355c8f1ca38c56ace9ae58a834e1b8d05820f0a1a0ffdac22a4aee8a3f5161c8cb113a1382da3285c1acfedfed4572410d9a78ca868bb4305f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:43
Reported
2024-06-13 09:46
Platform
win7-20240611-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C10CD01-2969-11EF-A326-424EC277AA72} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008da1ca48ede0af4d23c86e2f7cc8e58c57077be992edf876d150a9e11c7dffd9000000000e80000000020000200000008f3130be8d77af8f0a3d26c5d48d3e135bc7a32442614ebb2430dbfe6c19c5109000000073aadb040e412f9cc0ace90ccc28ca27f1e0058d1a9ca948cb31e65eb57cef43e680191721a3510898200ed399568d1f824a4feefa3f72d090529db4fb29e1ef8e9cfae1eea81c2773519b806332c62d4969ce04d44b12a68a632274db2e7ae51a61103ca47024f89462d170de271e3fc50f2c545c859cea2a70f4a8e9174f6bd98e8b8a3b5b849d0b9793c77424ba8c400000002fb3240d24bed8041c39f39707981b8a9f8216068813fd33013b11534c2c0db27def9db31394c10e4fd24df3c72dfeff1fa100c06edddc3dce9eb7f4595f8e36 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703bd24476bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433691" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000004adf94802ae4ea893b5fead839553d020924244a7a30bdd1f0c65c26f64c3408000000000e80000000020000200000006a468e90aec99898a2cc00a9a8d8b49a810b03dffdebc2a615cf7dd77e61f4a32000000092f13a9a56e7d3a7b9b6a74b12c30a1e4495776b9de7e79b0c3466c31bdbb22a40000000ac784a0c4a73ed0f1e2fd8e26ec01acad22a4cbdf472968192744330957e792c4b3be619d7f1bd3b7a7f1263c71cfdeb26beca088b2c02ea76389cb22660f355 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1788 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1788 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1788 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1788 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e81d669f6b7f67f5c1ab91a3fa67d1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab453D.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar45F0.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b72387e6e8e565bce4a0749edac6553a |
| SHA1 | 1ab35da15ad17403d749a1fcc8434f3978373e0e |
| SHA256 | e9be294d606e65468282cb1bf6908813a9c17c3c0caeaf6f4e5c5ee3edf0e391 |
| SHA512 | e1db9565c8f3a5c903c2a13688b10d583dd3adbd6a60953d61ba58bff830d48db923d23917fad95da55e222be4021cc68760f13ff4af73520fcc04cde02a6eea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a34b5d15cb967c130f94c31c65b9ac18 |
| SHA1 | 4451eb9ef4b9b66387c37bbecf02e30b0d0c96c7 |
| SHA256 | bc214e77f3334a6b4b8aecbae23e722400972853ec9d84c64a2163860f9a8184 |
| SHA512 | 39e042745fbab5e275e821a4c2feb1e3a3e7b35a79785a6c04e6f7eff4ec06689a68ab0e04d0695fdba735e7cbf5cc4d69248f9bd45d08db43efcc1de018066c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f18a702e98d15a1ac09a6ab3b427b77 |
| SHA1 | 4319dec942403389291b5b434db6a8fe6afbf200 |
| SHA256 | be3bd20d0b72c32a182e22f4a56562609256801b9703d819d2f298eb1b744561 |
| SHA512 | f3e7e48effae1bbded0bc3079a7b774df63011be5d1a0c1fc26b9e7dc80dca94c44ad1fbba9828da21bc9b4bb0510ac0f754dcc5ea98f7b0278e827ccf672335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dfe083805cee784fc611e1962cb9a19 |
| SHA1 | 8382489a33ee95a979405ad0315307be3351c208 |
| SHA256 | c4c09ef9a0adfb79d2b06d405bd48e95cb4c41de228a3cbc4451bcdad6544df6 |
| SHA512 | c55a61f6cdfe580977eb184e95b2826093fcefe86d262a750964ab3ff69e577472ab67061fad595df4a3669ad56ff26fb19335411f78a0e960e24645d7bb32b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a05952dd23499ef1caea497e3be90b0 |
| SHA1 | c1730ee4bcf762fff8a7406f552a541e986d9f05 |
| SHA256 | 707f8977312ed67d8e6068adba3bb19110cc619a6d3b4d96a921bb1dfa76b70f |
| SHA512 | 90d9d023b3c92db935efbe23fbbfe0f79e503abdb50b648ea028668c9c50ea854445e777b2f9a39538cf31aa809a1bc3fa87ad688c2dd3f67f04a6a5977c1ab3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c44ab78699abedcba61f3c841197a5a7 |
| SHA1 | 1bc7ef494008af0f9da051ff129cf2d700ed5720 |
| SHA256 | cd358c7ddb5ea59145d5411fb114b4accc7b91ece1a1a2a6cb4e98691ef79532 |
| SHA512 | 99978c7b1fccc549e7056d731f20d270faca8c76a777fa7fd0ae2f4389e2350f216e6bef92bcbc6f8213526411509934916c4ce329ad91aeb37b7fc36173ebc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a473200206a98264a8706ce9b722f26 |
| SHA1 | 512d33d01e2cd95704c746aaef0b30cc18ff6e8e |
| SHA256 | 0b413bd4666cd76fc5569f7f3724a1e92839f06061f9252e748afc3ef5026387 |
| SHA512 | c20de8feee4a92d817a00cdaba933311d73b9fc1fe317b7d6c7c7363673382390116ce06d94aac2f648fa094935f6de4c2273fa135691f826bfb9c3dc40aa5b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3077bc309cf70d27d12a6f91ed222878 |
| SHA1 | 1b948af73634b562203948fc56b07f4256b0758c |
| SHA256 | 2cb706b2dcaf7c4b49bf7f74d0a4a251381d67ef23c2f0b2bff7bf08fb907b5b |
| SHA512 | a74118248099744487d4db6a60cbf681004b085c4f396833d497f1aaf9f6f0874edc1417f791bb9c4cb67757b6237ed29238b26298d67ffee98106a34b9538c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f2fe85008d1dd54b47ed9285f5b9baf |
| SHA1 | 525d233bb43a42fae9a8e3d0a984eab9a5f348cc |
| SHA256 | 83c3a6bb01ba5d550000e1b228ce6c0b0d36502fd419f33e71310a600315cc4f |
| SHA512 | 1b9a82aefbde57999d980f48de27e88890ac60767f68c3ab57567f0470d39e182866f767bbc4fe8e5353a5ed2e996982cc8dbafc963b730e38ce748afc282f37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd11695d9a4dba7395b1cfe6e1751d4e |
| SHA1 | afc1810733f865d00c50c6ca49563ab4c101c3e2 |
| SHA256 | 1351bf5f998a21aa3f88f4097b3d5960993774655d18040bcc80c6ebd79ff225 |
| SHA512 | 25a6db89042339d09f85f4edc4a87e79f2c584b54c0964d10582380980a9497af19d879932c85f6449a3a4dc9723217fe2b43e29b25b5acb035cecefe2ba553a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bb5cd2d04abc7a20aa17bb4afdce55e |
| SHA1 | 3b18c41493a455a413eda1950f9beed6eb3037a7 |
| SHA256 | b4d205a5174e5e6994d394b054ff9dc45b27c44af3e8f6448c845d5fbc7bb6b7 |
| SHA512 | 49d165952aac3b82ebbc9964d37a05834dedf3ce050f34bd7cb327886c7cae83bd9e91146d2a54a5c971b90fc172316f8341f22bf166fe8afa745c67bbd211a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ae51d251cf19ee22a10b6cf582e9dd1 |
| SHA1 | 723ed2298e9254cf73acc4ec671278506677f016 |
| SHA256 | bd88a809b1ee6f644713b19cabe81190ba2990842eaec2e1e64bcff29ec8ac3b |
| SHA512 | 8bf7bb8f9349103d59dd138bf88559889eb02bf8d300c33e2730ae640f456de7204324621de4e7bbcc8bd2fb871cfc405fadaa3e606b0e1358624a9b84591fd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d90ed2885cdee0c409397ba90557e1c |
| SHA1 | f4786a7fe19bbe815660e7f4c35d20f575fd9a47 |
| SHA256 | 90b5a1c6416005cfb038ee3f9639b7a85e820e700f47bb1fba7bea9d93cb07d6 |
| SHA512 | ee1528e8c69720bc61ac8fab720b1897861304f49d1fd00b882f7c3e86c9ac319f577c24a9ea3a4ab241166e23b0e16d59822cf0535fd0f26af0d13db2d2046c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99ffb8774aa5ba4e89c4dda3c11c70c7 |
| SHA1 | 499156b55ea1b14dbd78755df57d6c509be9c5c8 |
| SHA256 | b49b26cdc4b4b788f40baac4fd305aafbb871104bfa692883cd348182b041375 |
| SHA512 | c99934690ea91ea3305111b289eebcf49f8199576e90ef2bd856b04eb548d09dd6024929c069fcaee68c121696cef061f4e8cfbf657b6d8d50b73f313f1530c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 169d851785024c1ec3ec8e3c22f49509 |
| SHA1 | 3613c6cb87cfb3794a9a104f8a53e43470c34e66 |
| SHA256 | f7592d4f4530681517b36e45d837b274ff9a992f64894d6b3446acc697d3a401 |
| SHA512 | 0ce30cccc041618cad96c18116e005283120d2c205ac0408644ed5d9adda27e77f2bcca3496c06e6a77fd11a8df1807372208948d1a84f0c4a3db331b77ae470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e43cd6c9f1379b506756cc54a6a7c7f3 |
| SHA1 | e70a13d22bfc2f1b1fba9c5bb669a7159e3a95c4 |
| SHA256 | 67332b59889b02a274bf7eaf87912a669aa1cbfd806ca8a84f38b843035c039a |
| SHA512 | cd1224c7f9bb4ff502fc5f590d340e1f5ea85d58a1e5b46813a170420f3afb297cd22a08c62d258b9fef8e9a7dc7de57e2493ee0df2313d690c870e4f595a9bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2d6551656f30c6ecc80439fd737bf98 |
| SHA1 | 97685f36ac3b2ed40bdcf25debc5b86c1c0e8557 |
| SHA256 | e727bea5c3d3497b46ae2c6e836c3dd5857b382c29a38e4655173c86e2a83c4b |
| SHA512 | fdae8468841fc8763e966fc973d18ee9f77a2638d1e84bb95ddb7dae9d287da7dd441e00f6ba12273d5fc9a1529581ab5ce44383a8bc9e82e4c717afd80e1251 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea63723b965136866ed35c96bd1ae77b |
| SHA1 | 7130aedb93f36f0244bd612357b4b781bc814905 |
| SHA256 | 71c731a894dc433da62ceee4265cd0e53657354b67083fdaca095c45fb464a78 |
| SHA512 | c9e32794c23ec6226afe8735724d6023bd53e84d0fa70a21d4f12fb7a3ea49bf13f4dee3117518283e0333dc8549ec7b3bd8d6cb01bdf5d35c8229c4f2bf599c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dea4daa8bc7888038175100fb438eb1 |
| SHA1 | 9dadd9dacbba84d03f43deb92623a03f1bd9a827 |
| SHA256 | 97f3b5292d5ad9e719a1db2889d24dc7d1f68babc474dba470fb8fecdc4f3c79 |
| SHA512 | 4c942dd665a57543224202a91228413701a1307e6897433e7d1199020e61c1aac7ae795acbe897007b17f5dcfdf8ddc260b98c22700b3e2d7149c21b51788459 |