Analysis Overview
SHA256
a63848c40ad8d8e25e35724ddcc7351e180abb7f25b0346dadb93bc9c6e0ae74
Threat Level: No (potentially) malicious behavior was detected
The file a5d15a29f4ae187dab500ff300a67ae2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:35
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:35
Reported
2024-06-13 13:38
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d15a29f4ae187dab500ff300a67ae2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6f0146f8,0x7ffc6f014708,0x7ffc6f014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8538094574808366863,14024258582246353407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tratancuongthainguyen.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.tratancuongthainguyen.com | udp |
| US | 8.8.8.8:53 | www.tratancuongthainguyen.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2708_SVZYXEJBAADACVAJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9060dfd1a858f5078026a5a53391aff3 |
| SHA1 | af01cb8bad679370cba2dc294aa2081def89622f |
| SHA256 | 67d496b734355fa3d095cad8bfbb3512d60c32a9748b06e1c38aeac3fbaff475 |
| SHA512 | ecb60f3363e6dca7d3de3bd21e0e19b309e8281b53a0ef0492d77899dcc4efeffca9b70153109f0d21451910bf56e5cd4822c41d8937454b7aa4497a01316258 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 903527b417742999d1ba5cadcdc9b90d |
| SHA1 | 18c9e4d0bb6d845a39127bb85abd0cd55c96af9c |
| SHA256 | 4b6d132bad153ddb2b6d4f5436e54fbb028d86a4ca8f7c0ff5f831f72b9312c4 |
| SHA512 | bee288ade9c7bf2d4d39a66ce1acbe2f95746301a2e30ec2795d9460239c165dada04543e9010e21558ee0aacef9152672319bf7bbe9b638800f97762c6ce2fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbd32d6e31ec5499a043e817a0a15add |
| SHA1 | f5b5472f9d6859787bad1bd7314c46f363c2f073 |
| SHA256 | 85ee2933816396bfd4f7af307c59d0fe035ee3d17f6ad9f6e1794bdbe81175f6 |
| SHA512 | f209137cf6fdcc29db90b9f6231d296e4486b4785a468c43abf3e689c31d1547597be643e342b245aadcae0120cbff4ebdf86d6ebb2ee8dc2202bf517c73ce9e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:35
Reported
2024-06-13 13:38
Platform
win7-20240611-en
Max time kernel
141s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000c3f43f8882140581a96e9b4715cda0c688273bc9f8c75aaed0680d742204b883000000000e8000000002000020000000c27e17760966a56e8b46fadd299ed9561e249055e26a7093494c1b98051530cf20000000a794c87e715b8f2c367a511fe0165863ce333ee6b1da27b3b2ad748a521aaeec400000008c7612a2cb8e07a1a9203b1408ea9e632be0d50a3e65b243e6ff7342e201e02b02b1c9ba97bc930336f02c577b46555c871f7f9c730d76865ad1bc879b375b3e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000007a2691a10f3149a6755658a6d99c34e18db9e4d0901d584a5d481cee1da790d4000000000e8000000002000020000000ffefdd20a732640314928de9f3224e481bcc6fb63679827a6dd6595ee52309f2900000005d3487680404c344de70172762fe4ae0e54405a6e0cbd36c17ba77fc823e27a17d3609f9fe2563119affeb431e5c760af33a93177784826f136616fce4f77b6fdf7b21159c1b2563f673249b8f929b17bde1f96d4fb5d56fadefdd731133328c1b6ec425d14578567081900100d22cb3fe8efe8d0482cf049a14bbcaf5d6f9abd64a96cca4946620b94fc9f911bae7a840000000ea16709f8490edfa8d426ceaf639fe8863796fa62ec23682baa755b856b0b5415b4e69013cb7c1ba796d87c997be2b1d17708704d477d80b7c432980b8637bd3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5A27961-2989-11EF-AAA1-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10808eb596bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447612" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d15a29f4ae187dab500ff300a67ae2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tratancuongthainguyen.com | udp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | www.tratancuongthainguyen.com | tcp |
| US | 8.8.8.8:53 | tratancuongthainguyen.com | udp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| VN | 103.97.124.167:80 | tratancuongthainguyen.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6F68.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 600aec8159f4e26d20b9a6bd797bc61c |
| SHA1 | 6335f3b0bf714f7ba6aedda425588f60a0b2af63 |
| SHA256 | 6b1b9a515507f418f46e622a1912878f0dd0e9ecc49fb974ac024a8199710acc |
| SHA512 | b7c9dde25a1513cc76f62ab4544544e58becf4dbf345386e4bef7d8c37bb4e19f2b9ca54294c643472007fc3132ab203a180d82224b9edbe5cfafb5c591d1ee5 |
C:\Users\Admin\AppData\Local\Temp\Tar703B.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7724b1712ad1a0db878d536a6187a7e |
| SHA1 | fc07ccfaa3d1daa80cd269be7de1590d4ed8e45b |
| SHA256 | 689805f66bc22b4a8382013c84a4dfa8f1dbf3f4b6139048d72c5dd01fc12a61 |
| SHA512 | 51c216c561eb7393d516e0ad46302bae0f0671b25f6bf725765dffe5da0b2f28a69dda46261f3b62b28947fb8d1315128df3dd3ce157eb0b5a0a5643170bb49b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7b50071db8d69097478d0011ad2ab21 |
| SHA1 | 9981b00f17cbf5765e3b3519a0234845689caec2 |
| SHA256 | 822bee44d1ce8f5e9c5abe8a56d077da4534c72b5d6cd6263724e3048fd52e89 |
| SHA512 | 80d485ceb070033b7f3a6fc9fc3af859a96b49586b7214868f9a5621377d7e9a0a400ed2a8bbc33460714fc51fb3db6f314b65b4ce18143b56f1ea5ac8f98607 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e515fdbab88d1345904e9f543736775 |
| SHA1 | cd7b490269edd7c190a874d8c34b83e6b050a89c |
| SHA256 | 3a52db11536345e749916a8cc5b2bcabbffcae2bb9e7205639e7797b961b770e |
| SHA512 | 062ff076c30521320968b77292db012b30cad3f2cfd6e375faab0302d8ba4db466db6229f344a8eea3fb57868682c613936351efd0b4be61a65ff295886ae453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d0ea9bd18319be0b21b84a72186242d |
| SHA1 | 9a8426f6624313841f8d18e0fa30f5c0850adceb |
| SHA256 | d575f7c0a3ded1d67bf1c521d94f4f0c10b087302a1c99d7c9a2fb6b1f9fb969 |
| SHA512 | f6e30c1364b1e333c9be392500be3b8bd5ea6edb5a7d9443f9d15a881cdddb6a80cd3e2a655752f6306fae8ab1125c39dfc3cc62f04c8efba40e2463568c4ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 934dafd91778143b512c2a8f25298348 |
| SHA1 | 73b85423683be548d216ced4b2cb0cfc51be6a34 |
| SHA256 | f044749df0790ec73dd612a5dafe766f2037d37c89500c6c8c81dfd29cf90432 |
| SHA512 | 9a264c96f6a5a5e7674aec1c0b2290f7500aabcff68d4b0f60542d6df6fbff2677d1265b1eaa114f99b164b207c89879d9087940636a661a448e7b9a001d33b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d4cbad6e70221653e514ce278e292df |
| SHA1 | d3e4ce4173efcfdef49e82388e859a6f50a9f6f8 |
| SHA256 | a85fa68991b3fc1e07d71efcecb29df60e6dd5d7f9131fbac9f2fa941797e6cf |
| SHA512 | 8901666665b9589a9a1d239e2cf143769f6027d507475e80247b3f4083f374be8310df23486cec87e946dd8aa512412f7429b225a4562a2eea56a193f4587558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10f845c5befd49933680166922938bc0 |
| SHA1 | a825d71c2821bec896a51aca2bd3875375391cba |
| SHA256 | 68d3df5ff2df974b6706793be885e875b0ab7a7db2b592d59b11ff4d31dd298d |
| SHA512 | 599b13b9705b4a9f2c00b66d474df98881e5925f73bd4be07cf26dee768ef72d46993bd9a6b778f73a66a5a81ea127edf43515aef3b22716cfdc0d95c713d52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7635ccae31c77b94e546aeeff5957745 |
| SHA1 | 57dd72089ca82d9d2fd92531df3599c1f863127d |
| SHA256 | 7a9478dde73aa241fbfd88e31c50a6fcde0721f4a52f25b24ab388556f02c4d3 |
| SHA512 | 0e8d31c208349d878ee0936f5f1b6f0524f5c5a98e9f3dbde3762529857d2a55e4fbc489f208036d66fed538aacfe0a4abdc68f59f892e465ce5e733a67e0941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c01e1f811a8d353e201ff9dcb4938aab |
| SHA1 | 8697bef60faa544d7084d18ee41793c618218d52 |
| SHA256 | 435eff2989354fa26f89698c2105b2cee1f82ed5470997b04e4b5f9032e92cae |
| SHA512 | a476f6e57f2c5ea243d188c2d04cfe0b5bdb79d3068bf71bc5f0ebd691a0273b975ac104eb830d7b98812fc12239cc8288db88d062bf666fca14e20f5f787a54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a326396f1060d07edaf88b794bd228 |
| SHA1 | d9b86f2593b14487a6cc9a925ae9c38c329b879a |
| SHA256 | 52483e3cbd7065760be3be13142c49d95fffa27c33b772b1142f12dad1c6dfd0 |
| SHA512 | b5b90f8b7b4ba05cccdbef57a663609426ec2872eec560995a6a90317085e74e937456ed3254ae49384d2183d8abaa2cf91f62a4d19969f0a8db7c08d4330e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a78c92b8cc7596c5575d3ed8bafc4ed |
| SHA1 | f6aed512d13e570a63669a2938332eb5f4644cfa |
| SHA256 | 5a8a7325f73a5d2900f221d7b0ab8c62bd6f74379460ab181b1e20cb825eb4ff |
| SHA512 | 4b6ac874c852cde822968e7d89fe1c06dfa0cc195ddf84e5d38c33f192498239af55e1305bb1ffe67261fc305d46b8d8086e844cc7f5ebba4ae9512a5e103487 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ada8338336a83a8dcbacf0d40eb9f56 |
| SHA1 | 55eaae4383e8549d3817cd4655e081cc04fe4d1c |
| SHA256 | 42189cce097b79e8ba42d12382073e527c732239c446dc93bacd8daf35b81171 |
| SHA512 | e5501c17fc588fc041e5aeef9bd64004f93a66ce8cecde20b14e333c5cd9b3c9d686cd0b3a9649e8fb033b7dd0f1b9efb04bd419844277c82de3cc43f15bf086 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c7a11aabc7e5c0eecc411376d5fac5c |
| SHA1 | 47faec7b56c99acc4101f858edbe7e92c686dc24 |
| SHA256 | a3e847f0f1d1b3f4b0446922945a243adf849bddc910d719b37d6767d9b7baf8 |
| SHA512 | 8db9095d2609841e47f72976879c3123b52b971bf433a0ebfde875bb566c30df623763a2798b75a4e3c73b0b2e12ee560b4e99584320530521ee3d7fc53bb7ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 632dafa4876623e6636c19e0ef3a6889 |
| SHA1 | 4e7cbb5297220e799d46ab4b5f675982aee3c7d1 |
| SHA256 | 20718bf17fd86e376565ad9f391d0e477d05233a5cfca00555d534ecb40cc415 |
| SHA512 | b4a60d40ce52425a13db1e0a715ae6a456acdbf137a8dfd4593e22543858da12d4522d77d8c8a76e8ae731cc5ae0639aabb806398cb6bc836c569e4e54f4c688 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3989776cf5310b98322491fd0d44745f |
| SHA1 | ccd9b6c42e2aad667253fcb1691c608ed0937369 |
| SHA256 | b8cd7e5c71feb486d04af043adf9d2941032f8451abbb468b76394e970fa1237 |
| SHA512 | 1fe4414891917a23a45bf00996e37b9ae134cabd888edf21cc964784099333ebec40339590ae7cc4336ff59976eaff875e19ff35b0533dbab56f64b681ffc1a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3405fd902e8777c544ac4e6b925ad69e |
| SHA1 | e008f518787c69e1411699ceb439f2fd86bdab34 |
| SHA256 | b8642e9fb5eda36e8436651d90f76530ec87aa7cb9541449d3ebcea0ece54daa |
| SHA512 | 1b90e0fc12f60da0301b86aa781a826dccae7173d12aa5a90ecbe641dc32623cbe80f55afce3553d3cb808540355f66e41bf456d0b6fc68eee2f86c8be404168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e20e41ba55c120b2741b21449930348 |
| SHA1 | 8582023ec4e198ab77c9d2791a671401feb1b50a |
| SHA256 | da3de45c179de4e7a05431c233b37389198a7e772e958f043bf2f7f832fe5583 |
| SHA512 | 34cb5a480cdefee000c6318bbbe573d61b170ed32c2335ca48e6ffe4036b2b519310feddc33153dc8b78dddd4ed42c531a0919de4b006ab520085c7b77993dec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8214e93464009dd4dca1d5480d5eb374 |
| SHA1 | 3ebfce3a9fbd2b28201cda0bb65c5bdf6dba938f |
| SHA256 | 3fbb25ce679f29d93305734193bab536c8e22c263894134907f28daf86b135c4 |
| SHA512 | a1bef8ea88c63a3b00620afd3204155d9ecc4b1c27d4c6c7320c62cc67358d45dd94b48d116a423ed7c7a3e66ab8d83943715684c3ace5fce99617c3df306647 |