Analysis Overview
SHA256
ac9ab44242b43bf2df9b7f66a78ba85b3067eeed5884b368a6da57f77076722b
Threat Level: No (potentially) malicious behavior was detected
The file a50d81ae7b9cfc03306e55b5d18cdfb8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:20
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:22
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
128s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50d81ae7b9cfc03306e55b5d18cdfb8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6d46f8,0x7ffd7b6d4708,0x7ffd7b6d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2541934004691637228,977840973104919650,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
\??\pipe\LOCAL\crashpad_1064_SXTMUPLTZGYFKJPC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2a9f2ac1a2c7ce0e85cda7d59ccf82f |
| SHA1 | bbe1b5481e009185a24c35a0efb0cd4e8cb64f43 |
| SHA256 | b34ff18284520d94fcf5e9f9f8bd777ff907fd35f562b06647b2b61b0b11a431 |
| SHA512 | 31acd369591cef388d2c72006efbf946ae9154bc5b9117d5425b565943880e1aa1c749d9a6e34cff420c2a7d353622e5f323dd62134eccf36f04cb5cec6c8b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0e42c73cfd8862fa776eb34878c207db |
| SHA1 | 71e3ab6b17415caff21ce9ef40029049083823eb |
| SHA256 | 6c0864d7afb1bdb81b45de8f967e01b5620d43904e5ac54eb50ed6b1e8f43499 |
| SHA512 | 42b275dcc2a1bfbbf01e1776d15db8da3279adc2178eff0c7bc843130d7936e940d44c01617035011f81993bd089a8ab4f338ec7e94b939b964c2981701c0a6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9de4d02e35d61214546ca5c97e0751c |
| SHA1 | 124ad9d2b6bfad88de840fbdd36602d622419723 |
| SHA256 | ef3ea5bd6c843f401c982a200e8e44ae14b4f39058feaaf7ae8083591dc9f83b |
| SHA512 | b9ef97408d71318633196bf2cd930d4c55c2d33e9320ae90044e3e45f07e66dd40e2d0d3ee265de92f8ee14d1cf02bc5b218ca1273a00114a703259818602b2d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:22
Platform
win7-20240611-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8302C181-296E-11EF-BF32-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a4aa6fc4e851a60167bebff3c481c08793b3a5f2d3d3e7df5718d00d94aaa62c000000000e8000000002000020000000ac4c91dd9f078f62bb06398af494e07b9a95acee85ce66c89bf75c7879d27f0490000000fdde44a24d3307267dadf806ce6be0750790a6d3ab146f22a3068a6f82ca34f7206803a8ef33311f736be53334ff6879957617ba9da653064fb92729da94f159e9c67eb5df5b3a28a66b99fba62b3a1e311c35ee5e74b872dbcb78daac0d3422dafc03041b809f837659ab75a77ad41640d5670295d70e263c756e9b6073ba8bb3d2c093dafc84ecbe2ab50b130c6c854000000096b74cb3ae8b7891acccca79ff21bca3b9f19a64baa68a8ce3421629cfd38ac52f582d1c62d01925db924809733562540b86928084ecf6191765dff5033e25fc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000073f400dfa86ffd8e3b2d316ba821e402ad97ebc67e569ce47d976ff55d16feb3000000000e80000000020000200000006d1c8d8e631780ca2062ac8eeff1a1c3fd7136320821f861976f81229a7691e920000000e1e65cc60bdc74d939d85597082cebe4d64d0b00959ffae909b085b9bccadd2a40000000ed9ccce96de90f8aff67cb90877c2448b4e686b614bfbc3b365e818bcb0e29bbea5ce4879e35b037624decbbdd487459b6718fd04d9bd30244dc647a6b74d2aa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05d9f577bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435877" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1216 wrote to memory of 2240 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1216 wrote to memory of 2240 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1216 wrote to memory of 2240 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1216 wrote to memory of 2240 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50d81ae7b9cfc03306e55b5d18cdfb8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1216 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2E63.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2F02.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4683a48d475bde6815b4710edc9d3d4 |
| SHA1 | a7e40ab380eaa024a32be0899c30940eb2ab04b7 |
| SHA256 | 8eda84f7a5e25683886ed25614b6ed3a9fb9610703a0f92e70caeb5008675f54 |
| SHA512 | f9a03297a2edc9440d011a9d033a94c5c6d7de1ed2a972b395a3b73bbb814b48de5f4828edefe77fde317b9f55c37bdce9a8bb27e3fb460b3b9d1436dc6a9f7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9629c8e344dd964e1347869f8c0a41eb |
| SHA1 | 04515be13220967dbe3836ea96d6696462cd6f27 |
| SHA256 | 5eefce9dab9797071e09c4ba13fb738ebd87f9c4e3f7d732a28426a4afe43172 |
| SHA512 | d0b69dd9609d87083e269e6b7d2d914023b5261f3a30d5c16e65eb6d058ec56aa5172f65a8ba66a2c982fafb1f1f97021b75447b9f468ae89827da2e7ac10f0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70b2f49f443f64d23a31b4708468f1a7 |
| SHA1 | aa1a0a177434dfde5029938f7651bf7c9922b220 |
| SHA256 | b4f2ee4c6805a1c6f1d00b2887de549eee887ba95f25cdc80cc33352eb19d3ef |
| SHA512 | 99f6b351a7be9f3446f493fb71bc1e556c2d5b81674212354d605db42fe359a19521723a65a404202755446feaef68595080a86744aa79f894359ff26d964ed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4ccf5891bccf706398781f67e9218d7 |
| SHA1 | 127afb8f2a60977f7836fa2d4cc1e1249f3dd54b |
| SHA256 | c1e3b1b7111282cf1a0a360d5320582b1b5485306ef2853f2b3afa7221266924 |
| SHA512 | 48f9aa55a784830fc5e280d7e839d09204b7df049e43253eb4326f7296b3a4ceeaea4fa9af35116deb32985b5c0c9c0d122afc609e310dfd95162c16044e318c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ed92298e260d41d416c159afef5789a |
| SHA1 | eb5c500e683e45f7ca6ecbbef2f36f9645cdbbbc |
| SHA256 | 8f3b49feec266b200b44ed1ab9230e869ef89e372f016078f22529d18d117bd9 |
| SHA512 | 8d2a4bdf8afe5066eec9f8cba2704d4ffb364d3aff8e44e600472d99f816575af3a8f1783b27fcfa05eff334b7d829ac7363a3e92d740deee94af5ca9e96a2ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4a38093e8dfaa868ece378c3cc55217 |
| SHA1 | bea221a68cd728c75db48e786b2b37abe49f910e |
| SHA256 | 9f44c8ff2a476c1bcf166dd03307fdfa943fbf8fbf663eaa322a1d37c6b5c322 |
| SHA512 | c861bc389fa7ab0d428e4b7d043a7781f021f0feb72b90121d173f4e0c9bd90a4402f874b6186b94ddb1290985e3f31bc413d9c8ad04cf61d54b53d7435a5487 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b93dfadb0e7777b731a3acaae2a79c5a |
| SHA1 | 2cd47e0bd9f461bd2c843912bba829a6d759d95f |
| SHA256 | 2c8d8b77003720d6c8a69ca68b5a3ad9fedcea682ac1ff2d31491d375436c91f |
| SHA512 | 27aac92ae5bb7b5e2f7f99bf0a607ff59a7ecf19a4dadd5ac09b1703e9a681a68bb5fa0f2431d9b0f4f1749622052b25e260737e579dec40fc07443f853c29f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b7d21d92869222f6c092525c1ab38dc |
| SHA1 | 3174198b56a16917db5d89b60647f8559d311fe6 |
| SHA256 | 2cf145ee1a689f1ca91078c3b0a2f3fab19fc327e8ba08b7cf5544d87cbbb685 |
| SHA512 | fb9c8bf69f5e8937b0eea2b7ef73df4633a022b85200a74398639194a0510c97d00cd1d961dcfccf6b84e29e323ea109e9a61646d258ba27f4aa553e4d4900de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca31a66f63709fd598d6665664451f24 |
| SHA1 | 528d286aa834253246e63146424cc2c2c4b1408f |
| SHA256 | ae78b7c850063387c07d0b6eb63bf8a31141514c3b3f7f864a86787869630428 |
| SHA512 | 7ad014a4b358d72b2f500e5d91a1654cb1261140565ee0c30525ce75c370c8c2492ea6e433f93dd793fd9c9b70d15aab6f011ded047b4c8617a6f720485e260f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 839daabc44ec3ba9220358798d2e1251 |
| SHA1 | 700bd219c22be1ed68aa98b2cd1b394cefa6408f |
| SHA256 | 85cacbf02a4f5aa8908192becf4a32f7fe79206309eb661bf2ae191be4397d7b |
| SHA512 | fcf2f84b85728bc3b884ec654772b601b460a4f11611006763177a2e03342f8099d101cb64def46776b71d504d2397725c3aed21f8896c208516f6216c31187f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6e3fce51f5d24dd4dd5b063f184bc48 |
| SHA1 | d7e40acba2fc89ffcd41af7adcd3175f062ed35e |
| SHA256 | dbcdae745c9f1e203fbab6838a1e85898088f938ee71de07bbaf344d003b683e |
| SHA512 | 5c3b84e5f182dca2e7236e846e7f0ef5c62fca0503755e133feed3f30502b9494d8a8f5e8f5e24d3b81d26934a9dc7edebde391bc4ab4d7138f734363b0fb131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19fb20610d4ea625741a65945343049b |
| SHA1 | ac402d844fa7823aab4dadf56748a818b24b13ee |
| SHA256 | 5cca5baa6e8a2894876815132a9be7178e6cf7adf87d9d8babc49ff9cd44a2d6 |
| SHA512 | 7c9ac3b6054f871e41976ac17693292cf62db45c93f1f20edaca7710195b3b9911b35d8c667d1f6141fcaee4ae6e711450bb912777903b0ada1f30a13d7ff960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9768840c4d12dde96a4788b0b87bc499 |
| SHA1 | feeb61a0138caddfc0e86d3ef63d0bfac7ba3d60 |
| SHA256 | ee6cdc6660377676c6736d5d19228b4d5e32bc58d1fb2102e8ff788c2c8f1c1f |
| SHA512 | 16a5a7e6ecc2827730f1ead3b539ad0c518606cd3eff07d809bef1df9c7d3bb89800d9a9bbd927e47b5f32d082cc5d839ee91946bb02a7b8cc8373b4b1b086ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e340da22356e677fe8b458880faa0c3 |
| SHA1 | d04b874faaf9049225174bd974f4c6c4823036ca |
| SHA256 | 1a3fa6b4778f62576845b9d2fc432018c671bd6b5bad026d94d27fccfd173aa3 |
| SHA512 | 87a70c89d6e78c28822321a8cb9dda311df24ae6d80f186ddbb2ed0da52f5a45a4b32c81db321ab61311648bf7627d185e32a5f871aa55bcc2cdb0ccb84b43f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ba4f1e30f126e7cfac0a952f470c7bb |
| SHA1 | 0745049e1395cabe779f3f21ab409de1cdc0d60e |
| SHA256 | 0bed5921c532622e6d8b8a7559cb0acb1dc88136760aa61e0f39226c34d52e49 |
| SHA512 | a1884ea6390c7be004cace8e956526e7fbf1dfb98680d744724c80560959311f6f27b983630cf6921dc36827ec1ea8e65d290b5e524b3afac9ca9ac84199311a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbb2d8e30e6c9532125f700f3a54907a |
| SHA1 | e12d5151ef1104405960b08f7c746d7453e563c7 |
| SHA256 | 5fbfed4a6fc64a168b7d0f13a3a3f3438942fed54ba110a0d6ee3290a88c5a06 |
| SHA512 | eb6ba0c8e2c4be8f998508b46fdf2da372e8775222a94de0207a03d9dd3eb02a74d0d6313e9611639f9aba6962b1c1f20d42aaa58ac602177f830a29632f3024 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 715890d73d14ec658c72d1a17ef30495 |
| SHA1 | 17743e0080608092a8b6de034e7e391104f55ca2 |
| SHA256 | 81d7e66b05d294204e36bd9358ad0dae5b1fbdd7031336301b5393eff852c02d |
| SHA512 | b9d4c3285d41da04a69463e84158d3bf23c96fcfc1f17ea749a9059379daa5da4d691bdcb6d9d9aaa89ff60e0d366895169b09621d74259ccb3d76c6776e7e99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c415554b830fefc20be567292d339546 |
| SHA1 | af086e9fb570451c71dc19c3b559eae77259d59a |
| SHA256 | bccd4480666b458125cc3da5034d9f1f8d34d9084c524b877dff7537d733f26d |
| SHA512 | d1def084a416ef001c30811a0b762a41277b894d709738328e0f6c3e8c7b671e01ff55ef3098926d8abf1f624de9b63b4097a095300c6c6be9758c3cec6ea863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6f0cdd9d7144a6b4983252a8b4b786e |
| SHA1 | 28d761b80279c3269e6a32a3610745831d5a41ca |
| SHA256 | c47aa8f6c5c522d72cf1d1bad378b8980584338cd373f36c0883fb36b83c6329 |
| SHA512 | 87720a2a52005510a25a2c8dd675b81cf0319d5919dea3a0e34579125d1ac11596285e9f7a5f3989b112b2081cc8150ea5075741cac6eeefa4a6ce1daefd3ab3 |