Analysis Overview
SHA256
b531f3c9596196045b1a409fe46077bca38c986fb8f9106d3defacfa4ca828a7
Threat Level: No (potentially) malicious behavior was detected
The file a5090f8e9dbfd0f7b46f1c6be7b595d0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:16
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:18
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5090f8e9dbfd0f7b46f1c6be7b595d0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b4b46f8,0x7ffb0b4b4708,0x7ffb0b4b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,1033190657595362357,8473724100653198328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_4736_BFDBQTCHUGBVYQOU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0fc7038b8c4220e539a0cd7c6ae63713 |
| SHA1 | 2bc2c788cf3e58a49f6be1390d3f80d8c2b37eec |
| SHA256 | 30bdd7f7a3051d2e289b5a1c02908a3aaa35f874701b960df3c538e0852e0e08 |
| SHA512 | 7bf434705ea7cf2c2da754be4a1ee5c9980883f73198b727ac8c8133a37f2351ee824bb34c790be7536c410b5037641635ac5a9a12d266f02817ab888b301208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 77d3f7ae8660bcd150c07b4b0848457e |
| SHA1 | a4d9d7124cce28f8e5bf47112cd3e9b914468e7e |
| SHA256 | 0462d1fabf1cc5a9d326bcb1e7e4075052f7143a5a56abc2a201280b941eea49 |
| SHA512 | 5121dee26e920a7aece826ff21938348546459d6b24cd4815f88f9017b7a46085e52d8ad280a8812a3bb9d31e6d6f9074be6e214246a455d53cb99469ddd8235 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:18
Platform
win7-20240221-en
Max time kernel
122s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 006745d07abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003314c83d76e2bc4085494b90c8c6d4e400000000020000000000106600000001000020000000e8bcb752a2d173cabd522f0f7cf6215ebd17f9ab73ab32b83c46b01b10141f47000000000e8000000002000020000000c246af58ee1dff3c6a57e83e4239ca096b24956e594cdc5fa7910f763d199e9490000000bf28b7378d658aa13801475dd2776796ee25c7f7c26bbae4d931ac2fa670880aa0ad9edc635e918af34dc35fcd71c3279e602ce281b9670c14d2df42e39d4274a6f513f4679cc190b6bbd16ff6f138b3be1d3a62bde28b13de691845ef049127e80fb81bcb8c7f7b299b2f9351a87ce23bc653f719747dd56580c9315908e5c57886b877c03e91009383e92a3a21990b40000000ea1eccc57fa1aad423922c4b9dee6947f6de9ebc09a3510ee9172b3e49fb9f91602977ac5efc6852438844fbd2429084044c6276dba2e807cda947e6be7665c3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003314c83d76e2bc4085494b90c8c6d4e400000000020000000000106600000001000020000000fe9e53c5bf22dd79e5f7049bad03fd07451be6b23eef1f41d5727b7ee1c0707c000000000e800000000200002000000081a107569d972892b409cef5bfd0feaf2b929da11acc5a6ae8d5b2a3cab02f332000000048045fe407305d19d0db700a89c1477d4272fc090b2cdee849b2ea993fe3cab440000000e24b528ae84947f1c6d4f51e88d143d2c7d1d39e822d025ff92c21cf3fc6c0d67f1d3204a9c029104be5b552c4b61d1d9d74ac623500e4541176d6d6c41725bf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBCC5871-296D-11EF-9988-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435650" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1888 wrote to memory of 2496 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 2496 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 2496 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 2496 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5090f8e9dbfd0f7b46f1c6be7b595d0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4BA3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11619eb65d72e8870d91c7a71191fbf8 |
| SHA1 | 0db5e37427df1245bc175c518368df3927f5d9bf |
| SHA256 | 3dc4a88034777ea0a18731e648b554ee0a31666aa4c54e0e0539cabb5819872e |
| SHA512 | d9647b2a5db104b31993b5843fc7bb31d4d0ef7a36105716083e9364faacd487ead9eda173f077cac17412166701f63317e0db257685b596ee239aec3c240039 |
C:\Users\Admin\AppData\Local\Temp\Tar4C56.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f5fa69216c256e7d203569ee760808f |
| SHA1 | 97ffe49704291eebde486749ab761164c4291d03 |
| SHA256 | ee263366d1ac681b486285df49305639570bf0e6f727d63556286111f398fae2 |
| SHA512 | b8d71a3a89890414fafcd85a6d8d6555e984df783b85576c0745baa8c98c2217e81f007dff30e02699d8b2b9b0f34a0b04cdac3ea6a2d89c9dacc6192d12947e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1850f6f1591785b7d96b49c17aa7e848 |
| SHA1 | f945e07be943e14382450b693139d62b5c6515d4 |
| SHA256 | 029e354d991aebf1e3eeef2ba118c49b1b270c88612b5adad04dda89a82786d6 |
| SHA512 | 7a3fb33bf7b343dfa300b5c837e0b6f6e124a01e7675c65002562b0799a76dbdd9444cffc80c149edd67fa591c8e6c7aa2e7027f642c7fd62e3220fb6d9dabb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cc668e8f31d2f5aa4e50eef731576f1 |
| SHA1 | 6ba6e50008f1a8c2115708a40000ffeed2c225be |
| SHA256 | af635e5fa28357787bec1bdacf32a14d9e5945fb7745616ead889762b1d5837c |
| SHA512 | a1554ab87d21bc65051e467bfe472dae04523474acab110f58801484110cb51643a12d43ac35e0db9926cf1f0594ce60a0c2ebe546278dede95764b3429508ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ccb5fed4c1412beeb1c88ec169042a4 |
| SHA1 | e9462cba37b359334a2acb0666d34e0ae714bb58 |
| SHA256 | e3537497e4f37b6f1a2a7c4d16b1c54f4053225377f861880710fcba7f48a0ef |
| SHA512 | a659887e7018b6db943c4c67ba7c483bad06639e26245b01b1d4e0f144ffe24765816d20259885d7c5debf55aa8fad986a8d9e4dda21c8b9812cd57d7d29271a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f028b72e45c6b2a9f7f43f2d29cca05d |
| SHA1 | 15990bf4b14c6a0f198b19e324b666587916ef1a |
| SHA256 | e784eb7a7c91903144e08eb71a031be8327ad29d4cf6ec6f895c6653434e0ad1 |
| SHA512 | 1ca18c9b878a4a2a5548feb19a5c7787c5293fa9e53add1af84cbf320b209ac0ad0ae874e5e989cb0011066e9ec6f8744dad73001e1b156f0826c57ae430ef48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ab55143cafa065b0d34d9d0386fc66f |
| SHA1 | 018af0bd956b1291c10781134359ac0e97460017 |
| SHA256 | 85d869b9527be8a97217edde4b3d04def1e77eee5bcbb50979c110113796a118 |
| SHA512 | def0434d3e854287b44a041b93a67147421251129bdc4677facb1e0fa7f40a48d125960a74a3bfc128f857d71e814e3fc009a8725358194ca0e876fceb1fa854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 451af5200a8cad1cc0bd9eec92394e45 |
| SHA1 | 7b5721ec33c0f8349492e2b4aae813b2ff3537d1 |
| SHA256 | 98c651aa477dc4885c4ba88277f990f0528f4363beacaae7a0a89ddb18ad14c5 |
| SHA512 | a9691e5f4cbbfcb76e5b281e4b97279e7cca241b5ccedabee1adb65f8af9aa8bc437d9154ec5a36fbd3487434fa22d975d67fd43a3ceed76ec013fdcb4978390 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01d6bbb73fbb280e8f9749791f78e1f9 |
| SHA1 | 076ca19198648a6867523e8e051cedc54bda3f4a |
| SHA256 | 76eb20b0046ce8c6af1b9b8acb0e57c8d3b91421b52b1a55ca9174f5c520e044 |
| SHA512 | 589a44353e2f8cc7ca4e6dc702aee7be3fd0a50e4930b4a34156c2480ad64d2ce0a2f3af18f23b0622da20a660d9ce5b174d5ec96ae4d0adb30456657e14a167 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d37dfc07f5c906813063805671cda5f |
| SHA1 | e452eb1143f3c058f765ace19f208f285c61e062 |
| SHA256 | c1224a9fc528fc7f50f24ccdac723adfa1e422c6a18c490c18c9f157e4671a62 |
| SHA512 | d3c2d2a10d72da1909e8ea1c25c3cec41934cc0396dce37a139bae2ee017bfb2f592d08d2c1f7a21fece95814becb04f32c488ecd2967f4eb2008dd5eda88feb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c744be0ccdb53f2cf75359ed3042516c |
| SHA1 | d63317807c7628ab308bdc4a1a74f3e5311a1fb5 |
| SHA256 | 94a4ab67153035f243905dbd58a7f18dc151926c3b40fe7b6c885dcd9fb42880 |
| SHA512 | e80b5d7169902957c24d3672ab3e79906c2e633cc993f59fba7eef105cbe117f405d053b55af7df6eac0dc22b496b3a25f10094c1cef5a172ff026bab692e4cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad6c53fca421a46d9dfb0bdb1f481f73 |
| SHA1 | 4a4f20c8265df3e60b56bbd759c9e8c976799e91 |
| SHA256 | 71873e915acfc0f70d2dd6d1e650edd458e698074b0139faf5125aecdfc57924 |
| SHA512 | 9ff5df4d1fc3b74cd2e7c2f4d3a8ac0e6265fb523e529fcf3a75cd77c7145c5919c1fa6c9be1335949f8e4dd43c3daf9d2f89404fe4f89b3f62b3c02e28deca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 307234239abe993a9355750bd70b6c41 |
| SHA1 | f828e236c71ae0fd72236098e2a93a6f2664e1d3 |
| SHA256 | 5d195827417d36dad85cac50240ebd021fe4d0207d75965c0c45acbda3eeaa81 |
| SHA512 | 67354fb0f9a84a91af0590f45ca995736229e68e470fc272e59a9b49b8b11f1ded3cdc21e2a332cf9abd93e472cb340d2d7012bb1da518758ae21afa5b2c07c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1706b739f896a28c299904bca8d204d5 |
| SHA1 | 8548eb2eaafc9d4f2083ea6d5a51a348a01574e8 |
| SHA256 | 0a99aefd5332d2d38770b6208eb4e1103f79774fc0254da293435e3e5ff783d8 |
| SHA512 | 0fafba52f0bd1a5801b32ba8bf62573fc7ff3a20091ee137f87a24b4400fd917b4526bde6f39a4bc49e2cadc322dfa58cd5acb7dbd96fa5be1735346e7157b0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b54446bf4eb0b1c35446b0377577381 |
| SHA1 | 561c8881c34d3f34831333097ac33f0af6097e03 |
| SHA256 | 25d20def5e413b1f62d4bc78215341b7bbb0d1dc12467bd8fd9032334f47acc3 |
| SHA512 | 26be37d9b1ed41a71670bc18d4a521fe86d26a93709cc6e91e5c044b91805c8a093c4458865706f95bdd2d0dd5864b2402df6fcf3bfe6469d28f115c3e2bb704 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf0053340b79e587207b907d947d6e98 |
| SHA1 | 280702786cf0b3e976d73eaededc1e92248438f1 |
| SHA256 | 6e6a8a67323dc4b8722c07cf20df20f30a87e9d832db6d45ac5010faa5afeb29 |
| SHA512 | 28aacaa12b5f66a1e71335f3edb23036fea298337b2e09ae7ecf9ac72d44e635f6d80e375fc8aedbb56a3c66cf6aff20c7708c76c35b9c2c9b877e232bb951bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 798023d80ffe04e30e7a1ee8c2f42140 |
| SHA1 | f68800fd5235ba1c13e99d8d4dce68dd449ae5f6 |
| SHA256 | da0052c10ed5b0e736f084bf2c7c2600ea8e7efeee3fb268bd718b608d0c52de |
| SHA512 | 9370bf0d94c84d4641202f03fbfa5bb55222086b9e01bf955c0e603da04f4cd3fe6d7ab7e167bfcff72c22dedd1f3c67632f66edd9dcffac3086df331f44b609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b0f48340027f7f1a253f94397f70ff9 |
| SHA1 | 9ccdcfd49e038ced77affd028f79c326fc5038a6 |
| SHA256 | 017f5278984e123e4bb4ffb972497bcacea852fabf9e55008416e3c7707a6767 |
| SHA512 | 7e52b8c4396ce8c8d35103520d1289f7b7f098f739c16e3d713af2e417f857c5aa8dc62d15137f2aff2fff72bad15a9012e87d1ee6bf33b44b5f2d323e099bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52ed52637315b85437bf3d8a15b2945d |
| SHA1 | dff8c31c436e155556990973ab97a93c2f7ad343 |
| SHA256 | a248e2564de1aab4026a201d5e3d24ec843a2c2664392cd82c8e1f4855887c98 |
| SHA512 | 628c21201791bb7d57badd72d0ae1613fd372e7670e87515f5f677712f76e28c52c08331bc745dade804332683d59247c0a4849b221353440e43a4284a0cecaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 762b2a83b2ebb708206f04ff1e9c6ff7 |
| SHA1 | c93fb1a57da7c650fca476c7089a21a2b5e37cea |
| SHA256 | 38753020f0edc5dfc48b5484e1601a1dd5c180c895318d95e39b050e807a1564 |
| SHA512 | d670451f295b7be298b991c0df5ddf119eee767a7de9655fae7f01f3bab02e03f5e194e8ab63465f7e6cd5e32d6875acff165d921c1481003121ff64bf1d9757 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 676b8bf080352cc049c15288c74cb9df |
| SHA1 | 88bb8ac56fdc3317b164171d788b2651ef777442 |
| SHA256 | 715a92cb728086913966d66139514e7e940113cf0dd61b79e6fb7e305dbb7f34 |
| SHA512 | 5396e6a2fb49b9007c69db287a41a682e7e7532f5aa38f0c993a6b8fc5df06ccc9fb3ce6846eb8b04b9461b6db371a774b4248c1d878f42faa394b283d208232 |