Analysis Overview
SHA256
7c858818283adb703aaf14b12690192c66e00a5a7f5c85de9abf416c276cf87d
Threat Level: No (potentially) malicious behavior was detected
The file a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:16
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:16
Reported
2024-06-13 13:19
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff488146f8,0x7fff48814708,0x7fff48814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1717431742300333372,9722395007084649521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4276 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s95.cnzz.com | udp |
| US | 8.8.8.8:53 | cpro.baidustatic.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2544_EJWIZSDVJFTWEYQL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8db38bde23e48020f9e0cfa5df84b73f |
| SHA1 | 4fd1bc10696bc0ee97c5df05f5385923e6f61d73 |
| SHA256 | 6822129be5597792b1cbec1b434451bfde0831790f923c36675984bebbf2d0fb |
| SHA512 | 4aa6f658b793ffe9c1a7206e5077abf10835a24f0ca95df2afac354e9d8322ace60dd353643809763ae81561a37b44baa81aa99c8a69ed8deeca3f93711fb0e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 90653c2a5afe6ba034a83b219c8a25bd |
| SHA1 | 0a629e5554b8fa18167c069119b1738a4673d0f5 |
| SHA256 | 4335987ed3bb750fe517d6bcf5929b528906671824e43a6969490e12fc36cbf3 |
| SHA512 | e431bbaabfca945b35093193a34494fa58a1dbd49ef807fa522656eb218ae3391e2859784390a4544825549488d782a3f05ad331370fb4886b301fc16f9eb3a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 08961b286dd920f7f2c66eb79f763891 |
| SHA1 | 3a22f61b1af231ac891bf9d4f2c1eb087546e333 |
| SHA256 | 09e10468da77afa0ce650b9e6e5a6f739031173a17f4bd8b360616da052245c6 |
| SHA512 | e1907f33a0b59bd46b04326d12535166e4452d18484bb3fdc542206fbb78f41a2898a3abd7460741db5ad31d465c3d9ad6f44cc69d6a29dc1f23a8468ec05e80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:16
Reported
2024-06-13 13:19
Platform
win7-20240611-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000007772f78b01049894bb6acd20d623896b515ffe11fca11fa60929d10fbd386fd0000000000e800000000200002000000020355a04eff6a2b84df24c086ca22cc94b69b1d6e203e6b5ea2d95be2c445acf90000000dcae33e8a82895bd1493173c08f023428488b96a398b39c06872ed441af1c5bd3b6b5bf2f00ad770675181d12aa8bac24eee0ad493403ef4b5798d838179823c4fd0aa0e9b292131d09f31d62c3d43042e6904f4c0e1e48bb98e6c1d445138b3d4211d41f9fd7a364bfd336c4960982176895dd072f716b05820cf4e5a90b4681e64584b367660c110da3bc6861aae2e4000000014b55faf90609742b215a8e0ff50befcd80672e5ff104a7172e486420b71e0dcfbe832ae6f8e2e4c22ced87e223baadf1e9b71579bf46a34ba6c97b93701f825 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c004f51c94bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EC73E21-2987-11EF-9302-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a941609ff6270329f1a3d3c584bce7eb6b97aff334df332128be9990edbc2fe9000000000e80000000020000200000005b43e3e5cca9630ce457fb001957e31068a216d6dea81ffb2874e0853840125f200000005778d031fdbf78fd304d4bca3c6f81382f50655c3e745040ab95f1067f4641054000000096cbdc13dc07501467c1f2f344dcb00560c18bf2e982e17847fe38911c9a02d85b4963fbd6d27fa67b3b163644df2298719a2e4be14a28a8cdb53f1f5dd718a9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 1724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 1724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 1724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 1724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s95.cnzz.com | udp |
| US | 8.8.8.8:53 | cpro.baidustatic.com | udp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| CN | 220.169.152.35:80 | cpro.baidustatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD828.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD8E7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5c0cca398ffe0682f63f7a0a29fe4f1 |
| SHA1 | 5b869ef0bcf89e02ffabd726a265bfdd43739880 |
| SHA256 | aac75bf91b8d5bac82e292786c6809b899b9091f593ee6d8396f41c5c32ca182 |
| SHA512 | 85330c297c0bc1fb42051b597a664969728b9a0e508f74aa638e61eb1426a554ed039b8e737560730e2700784c92c7ed04620b74e683d10283ba56e209c1e51b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09776c945cad9d2cb5faad07b31b6db9 |
| SHA1 | 760d4f9362c1f523938426fa7bd3813c85e86250 |
| SHA256 | a903713b10a5daa31251e4e56e7e3bcf19f34fa72247837bfdce857a29411fb7 |
| SHA512 | 4702676843377abf9e5fcf3ddd5e8bb58235f46483d4b02299875feaed210bf3d451e45e1680f2d539d8df2cdf226409700b9f68e62d084eb2a2e2f7e5f64198 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71af28d16f3d17afa708060474caa45d |
| SHA1 | 3463105ff8e34953059590220a8bd18a754101d0 |
| SHA256 | 625a4345e632f78e9c62a6590f1f98e5ea2e5e3709d87fdccdcb366fcc1f1d2e |
| SHA512 | c0eee19f06256ef6921eacd492c9914c3acb1a285b5643f12953859cc34d9ab832d67540a78374defd5b7f6c47e6cad9fdb8dc99d5657455a5748c6d6d38c294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a0abf561f4c31152674a0b196d0613a |
| SHA1 | 9461b0077e697d46656e33bcbee90e43eec17780 |
| SHA256 | f8f1f6c10561e7b89dc10f295897eff6743781896eedc1e176d651c6139c82e3 |
| SHA512 | cbd80b7b584ee7b9bd33b746ce423b8aa208c32b0431e9c82cce796ff5d97814d64d385487cc26166601f320621410e60402964d0e82cc3914b7e322d62ad012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6334fa17faddd462a46c55edbedc1526 |
| SHA1 | 9029de897f5d9edc1cd12016ec9077892f5b2e9f |
| SHA256 | d290f03156606e061246db4d93dd166e9473cb105078861de2c25397f4eed632 |
| SHA512 | 9b37b085439f842685b0cfd1b63048d9acef829d95691e923bc073901fddfd27c835d0815aedb6c8fa864b03d6ddebd7357658f005aa77831a9bd2a017eac26e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2364ebba853025ee4d8c7643ac69cd6f |
| SHA1 | 281d32455e7bc85b51d20f4ba321ef1f51ff47e1 |
| SHA256 | 3e1be6a6e4369aa7593d4172147aacc8cecdbfd549267a99d76e7710c214b661 |
| SHA512 | 4870dbecab5357d24bc9ea09408acc49a7fadb9cfb91bb242af10d6300a3ffee8556fd268a8c15dda59e235641a073b8b60cfeb8619ea2acf3675e41ac05cd29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf0456f806d516230302d7d4550439a3 |
| SHA1 | 7e4c6655a5a209afc012d33a220c8a9555a83dff |
| SHA256 | d61102e86d72aad3c30bd790288a0c699ff913c6adaa5d4cca02bd444346539c |
| SHA512 | 30034a30620580c04f2adbb496a00f804501e81cdf7122653c4204ac8cdce3e9e407eefac8de222005d7d59c6b960d221fbc75b6e443383e4542a93a61fc56ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3730f3567f35d181401d82d35103ec80 |
| SHA1 | 91065fdb436183cfa552584f01211f4baffbac54 |
| SHA256 | 059282f0cd58d129ece877c43f1a93d526986c62c3ffa8ec7cbc3950c075107a |
| SHA512 | 3df12ff7a631bc4f349d53c3e65856f4b7b6715966bf19b29e9284d636097bcfceadb83a81abc3784003794c005c788ed890c1826498a5e6a33ce99bc3647deb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d23ba01bac5e10133496f8533e86ba98 |
| SHA1 | 54e00df73e7b51f52b44db6d8789a58801b3b602 |
| SHA256 | 201cc36df9954e9bffb8d8ff00a594d50728c76d8997bc646a6efee37a58d4fb |
| SHA512 | 0891ceff59500a0cc5e8f9a6ad9e308f5e8af9f933fa3ff4c385dff8b84963607f04de1c7536646c905759d3a417724aaa69f744f68ffe0a267b803946380afc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e27c867ea009ab3a0458afa3698d38e |
| SHA1 | e775c789c3305472c16a3c68f9016b221b4a3872 |
| SHA256 | 81811c485a64a5d6ec0d7ec6db2c56920cbac5e6e4ab416c6477760bede7450e |
| SHA512 | 2786c1fdc2e0e39261a917136e8e73770a318d627d2682fb54d3a1af6cd555d066c7bc4794027911e0d03774ddcf0c0e480ceec8a24dad7fa78b44eb8c54003b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0c5bf4b6752705e174664e3e638f002 |
| SHA1 | eba642953619cf898ccb475c5501db9be03a7488 |
| SHA256 | 2cb0fc294c6fbe8f9eccad9fd08874ad40347bc15d797ce96500da16253d3343 |
| SHA512 | e822f704bc5733482ffb16b40a923d0ab43684cdc392a45ff78f41f68873349d1cd4e89b4744df4496dd6e53e3fef35e473e0a92082ea3f5a94c2d3b3e9a09c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b5fa28281b18835094b9e821da2ebe4 |
| SHA1 | e78ebf1e598d436ef22c1ac0fde9d63d483594d9 |
| SHA256 | 137fb141cec70c06110f802cfd9c1842ad3496f36549a182c19ab66ed1aba224 |
| SHA512 | f4b1203c0e4b91ce382149704ccb8b3c2f349214487080045472c167aee37a62170dcb4cc9823313848f9ba97439bcf16ce79e263a72c413461775ec8d6048e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3beb9b9dca4fa6b1fdd4e0b397d9cfec |
| SHA1 | 2392c20ad4567bc5117c26598dcee3036d15c15e |
| SHA256 | 38167231c346e924c3bc20474a1c8907c031a3e68181a315b27101a99a28c86e |
| SHA512 | f8d0fc1491b78b7a9047e8b293a8b908c2a15eb7947a49dafa696aa7cf981c00ffb260a9f1f3d092006676e2d88db8af5361dd45a9dc4474e98711bb5a30a45b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bb2732b7f3bca48c4c170b7d54f574c |
| SHA1 | 566d831beee0affd51ab78265bf180bcb349af7c |
| SHA256 | 8b27433a2798077df5a0fc884481dc9346acdd131811f6d11d4e641d6d2f188b |
| SHA512 | 9b513f8025c3c352b5e33a78e6d6fabeb8b95d327210ea7d14d123dc12de1604fe576f1b6b08763918bfafdefe4bf77fce3395158984b5cc82e6dfe0d1de3022 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 995ce8e63d3a844d61cf068dde333c0c |
| SHA1 | 8586b3bee2a55baae3f5691ee5e1bc4b09d41577 |
| SHA256 | a4d7abda785e3cf6cc3069e27335f63dca4e038553e9fbcc71723d93cf4f025b |
| SHA512 | 7886d34b2935142295a8c8c043388b25046a0889193f014884a8ebdfb4abda1e1ab4692d3641fbccccf8655fc247e0b1661619f1ce588ae6332ec8ab8746f95d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7e556f59f1de2f3cfd7755e0cba1951 |
| SHA1 | bca540749ddbeddb63058d4586ced38d6bab7b42 |
| SHA256 | 372bc9418c74989a04948db34addc6ae21e4c44717fba29a1d79e456cf82e271 |
| SHA512 | 4c5680df24c112d462b4b4407544ab0bc5bb2f233e9084526a22a54db79583d8aabdadc388b53646eb7cd33e772e2b2d39aaee05ea24a9bec08e95f05129fff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6efdbe267a5ca3b086dee21e94c8e7f7 |
| SHA1 | 85b55e1b69c47ab50112dfdffd29de0c65be7167 |
| SHA256 | 3a9c1a97ba5696d5fd9cb167cbfd06262c6ab613e4ec343c3c1c4485908ab6ae |
| SHA512 | 1da142760927c19cfee92d7afafa707c3a628c11dad7aa2b61459bfb3e5bd448efcd2834af413ff51b8430571203fe9f3dc446dd05e52820c31996980bab5463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a47dc2493e9638d1afde015ef5963625 |
| SHA1 | 7473394dd762684bd07f791a1ae81a2930b7ac95 |
| SHA256 | 276b4992154b5e252b0203ceb2d967b3f367ce31ef5ba1997c6b8205b3725d1e |
| SHA512 | 7d7771445723741283f078b8aa828ef9d11a49200599e433ea3cccc0909d4ebf8a9e499450f15127c5a64766979adfceb5241ed40b0cd38b96ffc4488dd43167 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25863e24d8306c6fb259dc80dfc03f36 |
| SHA1 | 169aae2650156066a03916102378367f275193c5 |
| SHA256 | 45766887d5fbaa4975e5aaf3360a3e2fa1718c9feb020a4c7fcb4781a088106e |
| SHA512 | d8c4364736d5d49e9dc2668669e1de2ba0b3123bf8cb9aa7431bbb79b4994266dfffc47711589c28c7974016db0a48fa5d9c74099ec45155cf04b4bda6bf5d45 |