Analysis Overview
SHA256
85bc7dd236264c16df549647e0e6c0a52f147ccffa5647dce0dcc357653a9f2e
Threat Level: No (potentially) malicious behavior was detected
The file a50a0e71090d17c5a3cfab0e990b894b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:16
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
129s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50a0e71090d17c5a3cfab0e990b894b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8554b46f8,0x7ff8554b4708,0x7ff8554b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8743917316600877883,7570986151099755771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_4552_XHOOPJUPQZQDUNFY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8789a0235cec3e1d9c2ebed54cc90499 |
| SHA1 | 18d46df1d649e2133ad5736225885441344b0333 |
| SHA256 | 475ec83843ca2fb3b13b11ebc713874b8080d4a387331b2931121529539b0be3 |
| SHA512 | 002e5c025e69b0e49289aed648c3632742f25ba89b94285c25ee46d4ff663596b347548d2717e2223414e7ba14005af36d3b16f0830b165378dd2f315920f84e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | da4252a7d9df71e199c8664c22521293 |
| SHA1 | 002cf340654008d369ba45e0053c409955568ed3 |
| SHA256 | c313be0c97995841b2c76f8932d79a0c38d6669adaf637a29e30fff1777f33c2 |
| SHA512 | b1b549602259eea2dec24c1ceba6ff479c9ce801eb6550da5b9256327e6c0cfca1ae5cfadada1ee8812a1087056d538c8a844659bbc7f02a90319343181c8f07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f0ffde1f5f4feb4976fa00fd7bdf127 |
| SHA1 | 15aa1d5f8f7dbdac2b8bc35a259684e63b021672 |
| SHA256 | e0d94984ea7a73a88ac126ad26d7a22861bad293f104a3c44a2428c262b68575 |
| SHA512 | 39d95532a7a4f33544cb4acafc4c9308672734871addb2d107293d281b6b4ad1ee72b489054aa1678b64e445ff81318113f49a911cd98a7d80c4ba76d13148f0 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win7-20240611-en
Max time kernel
135s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11955761-296E-11EF-9684-CE8752B95906} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f23fea7abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435688" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000de14b5d2ab77c947130ba8ade50af78d62a8a184a28c00a3ed7c2f6490b100a2000000000e8000000002000020000000a8ecebd4c91704db3478db0a7223f6f161f7eb5a2deab03b5bdb0ab40690051120000000b0ef1b0c58193a962e8ded35a113448a81023f16c8c923d0d062abe9062f339d400000003b67305c4a5730b3b1b0d53d1981c92aeb1fe67df4e8b2c3585d330224a769fd13ad5d88de276afa4e512a85c79b96597328e5ca1ede5ae571143d26a93f78f9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d203541f3987f47a6e037c27a57a9b89a105bc759c14073b520ae9ac6be37448000000000e8000000002000020000000d46c0db4312362087a54cd56eeaa14ca1c78f4c7249e7ec35c8acfffa1aa83849000000022a7ce06e7046363c4cb63bb195e4f834eb41790457c557ee55acf8d9550b88508ddbea0a500287d718a5d3305f191d66a484e328ffd2175c4cca0741670dde2b00f8fae7f5fd6e1ebc8fb5acc1d81d7167c98893f2ed6906d8057a317072ce50d06dc878c88b204688ff27f3b7f53dc693f93d2a5b2574442754f35ed2f189c92d770f4c450c2c98688225f49eb6dcd400000003f5eafb9cd8464f73f0c6db1f8f06e51eb91246a31f18ad844b1dd28a20c59699b163706c4d4160c8c8a57ddd76e925c28b27155805379bf29eb6b965b2f97b6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50a0e71090d17c5a3cfab0e990b894b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBFC9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC068.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c6d9e70772c530ddd6770e4d233bd0e |
| SHA1 | 9948e8c3cf1c6ef9a66fa6ef400eee005dfffc77 |
| SHA256 | bb151040718ebf16de8c46692b5f337a42dfdfa603f2f304c1d48306c587b0e7 |
| SHA512 | 3748cb786f0ef719e469ea88b730570ad8e48746b4951a2d37125d0448ecd4cf0236a77f6c3380e22085c8b45a75d8a1ea394a56cdb4bb911becaef29a8296aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bd234a5e95a579bbe573508bcbd1721 |
| SHA1 | e21e900c6653bb71db6b9af4ab372aeb99768c05 |
| SHA256 | 5db882ce1de267db75085742079077a3c7f7f1e96f33a3352acaed27c42456f9 |
| SHA512 | b336cc33c6876d8927fed6c7a695b0f87e1df3d6ec3580702883dcd88d7efcab73fd342e15e85bc0adb828bba7fe6ecb748454446e8110eea6d3b6aafb3e1d89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4744fc9b8ac28333ecf1635efe7b69a |
| SHA1 | 341af63ee6782a89558eb49c23ed35e7e8625b14 |
| SHA256 | d80062eddcde414b59ef7e03c3d4bfeb45250d20cb312881ca7396101d0fe727 |
| SHA512 | 48d6584309128efdbb76d9aa64abd2cc8a7a10acb25a3108155eccb3a744d7e30c69de09f2764c69e76ef5559d14cc29b00ccaaae781c101affc9d138fc06d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | debda994582ba22787e0c7d6baaede38 |
| SHA1 | d29ce6ca9201c0ab5fb5c37e9a21a07203b88367 |
| SHA256 | 41706cafd967e3bff2caba30869e2b838f18b275c4183e2c1b359a445f97269f |
| SHA512 | 1a8c230550955fd3b9bc285714c0bedd851ec21cef286bba33bcb3b53c4dc5080fd47e97a2ede581ffb496260c2b8ae6d3379407ed4b51cd7ecc4f15397516a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9ecbbbc483f161d758fcd925ee6fe66 |
| SHA1 | 43736957f4d810b4683796e40748c7ff0baec68d |
| SHA256 | d3689c4a702da886a55a1c66c2121ac2c9798818366a4682d85130436fb29511 |
| SHA512 | 2ed62a5e556e850f29a7d8f09de00205078bb664751d410d27e64382ffb1e2befc5312345f5fc09045f055583ba6ad839900de2eac50e933b2a1ee426d80c9e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6069f9bf6883d63730550217f7d7c548 |
| SHA1 | 0f04dc10eb28d4418681af436c04cb536b04d2b1 |
| SHA256 | f80f40e190b6c6ddf723c6b101388cf5b18ac03756fce3574fc9aca42a0e9926 |
| SHA512 | 145a56fb31c3c0ead48baa34f111c87090e994b814997aaced099003eb87e4e207911e6007d3c8a3b630ba1cb98fc81ef880e381397426adfacde8217195bf31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 639ab59b2b28a7fbd5211275d47022b4 |
| SHA1 | 077e433bc789b1be62564ed2a8721b60a4ac4b4e |
| SHA256 | 08ddef9fa2a61ef53f9b101f58da1259a2a483158f51437af6d1dda83f2e7e41 |
| SHA512 | a8b60a3e947e84b0b20f4d0582fe8e171356538ea176db6ded7ccc7b9c4d9b0e442a239a08ff7c33d03acf099a5ba75ce1dcf345dc8947ed9a78a175c475a064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ebc57d6ce51b6316106bca2f779ca52 |
| SHA1 | db1e1f4407e0f0cbf72f34fb7a7f9307e65c529b |
| SHA256 | 6441e28bd2a5b8be6740ea0e96baa482612afe27234e8536d02edb602c3cd2fa |
| SHA512 | affa1fbcac34eef05014fe45980d09d492af80ace3c6fd96cc4db074856befee66874a946c9668af525c84cb222df491353917456347e6b92e0d69bcc8251e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 863e9a4c20830fb9b4fe2224a24250dc |
| SHA1 | e3aeef1a325d8041d11bf7b9aec31f9575f7ff4e |
| SHA256 | 4b2aeb6f2aa9f1ac23ab96e653b4e12341969b388f959ae5e19c52f9b7e41fb0 |
| SHA512 | 65c725e917865cfa12b3656df7d3c39d9cbfb936ed31298699dc3dfb704bf54acb6f296c167ac75b94b2e6b855ea6611a6c97a05996d3e45d53ac3ef928d89ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 193199af9886c0539e199b5c8a43b28a |
| SHA1 | f3900dd9a99deb3b5e10dbeb4cb1dda9b5b09341 |
| SHA256 | 88dc8de7ce6bc853e6c45776470636c6cb98859ebc3aa382a9b98ea4b438af80 |
| SHA512 | dc4f6733fb1821540d47c3bee68b5e8db68fbc4437055cf681a3e5ebbf00c14fa8206655882131282b8c5ca8e51315317673e42b4f1bcc648c687638a8dc3f9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf8c0eba58a1cdb7b2ad317a7932d918 |
| SHA1 | f0d20f83b3b9d5f3aa4b4d96bc9984296217d820 |
| SHA256 | 82fddb52d1414c1c331a2cdff7b56708399b438003f4dd92e51083b4ae479aed |
| SHA512 | c6351f3e449e261d64777ea87aac1d8e3aa516f7a97dc2d2c3bb43fcfb645fd6e7c15664ddd943a952aedeb3885b2d25a7fb435cd1d640ad89fa9cd7eb95504f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1547895cf74eedb3ca42d6d66f0062db |
| SHA1 | 51ab40bf0cadb5df2ea69030a4e55c4892935d8a |
| SHA256 | c09ea74248fe537839e55ee672a345fa6fe4aaa26b6870c0cc9f4b134be50103 |
| SHA512 | 21e9b3affd77d5f72f69b862be569d7280355172a7fbc6683e6f8a6ab24d91e7466d79efe6a66d840a9bd33c08b612a203e91f305416b613616d9a4c26bb6006 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf608a8e6a922b266e8b33201103b712 |
| SHA1 | 25cb34ac438928b4b84b45affede964dd19c8e57 |
| SHA256 | 8fbb19d3c27bd815e18da5dbf7efc8969449022b1776b21ba19957f0151e533a |
| SHA512 | 9daf3fcc0157986abcfaf5ee8ea30acf63002a73a04f9f29b951c935627f1d50d8cafdda12aa50e5d417688bca93feac62849c8cee8c0e05024a880484560ea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 123a8c823a6d18141ce31d338619e4e1 |
| SHA1 | 20321f52cd60f6529766d8a29342080a4d075fa8 |
| SHA256 | 30e88482794967a89bb9f8844d9694325b27c06cfbf3315654ba25e97c4f09a3 |
| SHA512 | 2ec97fc9a0b616efede73809cfc8113a3ae1d29ef5d459877d07440df02f87fc033a8da3f4a28e3c7ad036472392ee8e57b5ee90b0b10b5e5dd1400fafab2d00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46908412dd6fb6f13f2951a791fad716 |
| SHA1 | 8c5a4307c3d6c0f6ecf33a4fd8125ee01ea9c23a |
| SHA256 | c27d1c42a68047279e9a402c928d6ac1361718024c9788c58a7f47bb3606f5fc |
| SHA512 | 236396972882c4d065cf1e16d4a401f4678b13ef9b4081b59e60553890602ba957985b7a3a0b8045b91f27b8e79d0d4021f7dff5a10c4c60296a501fa21fda36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9afbbf39f251896f9396fb351f53ffb0 |
| SHA1 | efda0f5e11ae63ccb6791db89bdd786d0c096cc8 |
| SHA256 | 2efb56cd5c4630c4688472b014cf05e60b3c9180d42b5ee2d7ee395da7ac419f |
| SHA512 | ad482f4af8725b68038fb8ea38b2375b56dc5fe9de3adb749036bacd2cedbbe2ff301c9d032cefd0252e5b7e495d7c7a0bab99ac42ef2faffcf7d37f130a0377 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6687b96833ae5ea01382059313e24d7 |
| SHA1 | 0be13a8c96a2119692ff8349c60faa3397f9a60a |
| SHA256 | 48b4a63f8e174a436f898a4e6464163c9d57db05a4d43fd5b3ea7b157b71da83 |
| SHA512 | 165d84d2eddeb401e5fdc37e99284cb48b8d640926dba67ea71ff164c76bdc688a0538b02ff5aa661d195db5fbb8976f9a50dc09b586c9ab4f8531573f5cade7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a8187b5ed759db3d73d2a5d5d6846c |
| SHA1 | 499f1f6ed2adde2f058f549e35f85e5059874d6c |
| SHA256 | ba3b95e0f35c233c816395e560b5d72a989dab31c63e7e7d40457358b7963a05 |
| SHA512 | 496551318b082dfd4d614e349dd1d4b041565fa9c37110ff27b3133a78e6e650fe817cc32423d73b2eeefb926f5e32c8112500c9cd9fc15a896fdd0c58a5df5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14ebc31600ff844ca655288161a92bf0 |
| SHA1 | 19e314fca7874b6d081b120c934ee8936ceed6d3 |
| SHA256 | be391892b143fcf7c7d811534e88cf11eeafc4b27fce5278536b33b03cea3c70 |
| SHA512 | 593a63dcccf9acce2f9315fbd7bb76103284875365544a36b5159ec166a0552a40003412ea76388a8a3b4e4e8cbc5a1f9c9901bda34162305025224fe25c9d6a |