Analysis Overview
SHA256
56ba3f9a1405b93f03991a5a2913295cc58edfe5bb705ea68d74b13cb19bb476
Threat Level: No (potentially) malicious behavior was detected
The file a5ebdf830b468dd64b50b82eb558fa0c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:02
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:02
Reported
2024-06-13 14:05
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ebdf830b468dd64b50b82eb558fa0c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd179146f8,0x7ffd17914708,0x7ffd17914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11950082989282536761,6409166872593275302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
\??\pipe\LOCAL\crashpad_2624_EIRHJGEFLPPUCPYI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f245ea863224a3bc9b3a5092accc344 |
| SHA1 | a2465c6d466830ecd94cb0cfe86762b09c4aeb87 |
| SHA256 | 53f733fe6a5af3b3b50ca2c6cd93d5b193bd915c899e3cf0aabe8b4eaf7c954d |
| SHA512 | 85f9062c02becb1af50f200d3e049b625fcb8f65c85a6865cbe87aeaa7f0705da0aeac6179f29244ff2f6774a62cfdbfac50cbde7819757deba7752260c8a08e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e0ae2b476fcba23530a9ed9054e55c7 |
| SHA1 | b6d9646a42a163d5830ce0bb59e758e5d7e74ff6 |
| SHA256 | 927cc641fb9ae963919f48a9d7a89aabeef44eee272129c938234978c9b1d3ed |
| SHA512 | b2e0807f6927e8d368528d578879c12fe000d82dc80336cf724843feb9b0590107fbd6c8defdda792d7f817928acacb039c7c0fc66adc9fbac57c0af31d999df |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:02
Reported
2024-06-13 14:05
Platform
win7-20240611-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000002b6c8b3e3777cf01651aafe9046a6673c86adb174300f8642e69dda94c947fb4000000000e80000000020000200000009bf685a02f9d3a18442d38b405f37356becd84cba93a9ff030ceee3e58936eb320000000148bd2b5db1ace074b7b73c1e94704bb3f1bc4afd55a574033af6c6ada97356840000000cf62560f4bb94d4e6ca263b3eb18f7c5d4db4fc0a3b698930d45b5c60e71f5b539f2688d3a76d6cdaf95cc7641f74282345c199bb244cbf71a65018c9b1a025b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A12B5591-298D-11EF-820E-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449242" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d8c6759abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a2c558024c711d36e1834ae6fdce88ead0283bbd6bf9b1fc097b1aa1e496b389000000000e80000000020000200000004451a9a4072ee2239414770e87b8f4f30d8b4867e13c9c34ef69a4e2f2e426e790000000213b9339ad1e76541e1bdb3f61f6faf56767d445d3d4dceec74c0f96ba308e9935496591ccf439c91bed61168158533a518c347ee4c370e7a0019bbcc2b8f25d127a660e5427a61ada494ca452844cb0ed9e5e72ced7f138ada21c38f667b613fdad98adc4a7a39cd21d86627dfc0a7cad0ce22b3ad37b5ccf4cdf4064480a3f72a4394019f0584f4656319684c4e44940000000106cb91ef74b9a45877fccbe9503ef158bc71bfce80bcae0f19b01812ef3989b1401fc0c0d908c86993c7fb99dadd47a329db61bb07b4423fad158c7f61810ba | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1244 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1244 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ebdf830b468dd64b50b82eb558fa0c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab29E0.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f94aadae467f5ef7ed3dc9648fb4045 |
| SHA1 | f4c90cf100aa2a2060023c86e1698399a37a4237 |
| SHA256 | 5830aa989a48a9a0cd2e67988a9083f6f940522c4a4c4ca6ac7e5e5389dda35b |
| SHA512 | 3038766767f163a0f8b38402f9457303d3bfa7d3d0c0820e593ba619afe1c0e4cb77319af515cea05b22c9832db8ede9a88f1f5879fa20e5598f6a9140b8816f |
C:\Users\Admin\AppData\Local\Temp\Tar2AB3.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 188ea58f388b077a41f7267f0b40410c |
| SHA1 | a3d924b7e330e0e87f49ff38cf1fb73232aaa5d6 |
| SHA256 | f64b9a6f88ac56e7eda0931f8fa9172f210b44258b8bf8cf7dcc09d06db30a69 |
| SHA512 | 9930b53cf0f725bc2ea80b5ecd4a54763e80012f5c9b3206f9dcc27b1cde0ecbfd92b34cef41e39375ae08a8888c5ce2804db96c5c7daf3b843f596265f92a5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71c8d9f7cd9b923b4e5f6c282c3b0767 |
| SHA1 | b57c8c47e290e06a128bdb74436749632eaa9e75 |
| SHA256 | 4ca2178333f9f49e4a109f90bb53901614c8cf4c8d11f5924a82ff848ac2f669 |
| SHA512 | 17135142060dc01494ed7e6088fa18a929f200665a9f2243ffd0a3ba195516f467bb81e03acd130dfbc7e91f7a5fedffa3da51762e4f7284452920a289b0b3fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 241fc53987b98a6be084b9f3082b93fe |
| SHA1 | ca34e064e662d2cc53b8221abacf7ed9d0bc1890 |
| SHA256 | 75bff52f08c750802e65a91ae8d29cd184e3124d81cc6b7cf0fec43b38066374 |
| SHA512 | 9b0ceca56ca0c56fd9b98f5b777a082488c528ac721d40a8e8ab5e3bc3965072d4ea038e1f5605aa429bf7c51f48f5214d2619306c3b6a235974f7748746f576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c1b2b2a57e1a92c226e29e9cf6f3ae2 |
| SHA1 | f42d66545adf3b1ec3bc02d6808be3c3c7b8236c |
| SHA256 | e62f9db1638121318ccd09ddd8023c4d9193e0f039e3f2f465ef0b544be11cf0 |
| SHA512 | b07c2100cb849e8751764998de8f7ed7b643e6c606b8b6d7480e2fc8e4a73dfca03053b3ce9ac0df72cd367f7d1f16561c8eb73a5d86f814cf1d627858741da3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4c2ed30c652e5e835fa31af312890db |
| SHA1 | 4a415aeb09a3c54405b1ff96fd4478e707aa68e3 |
| SHA256 | 1fc2fced63ea561d9c58386df250a27579c87ab42a4e5859c8d7c42422e65c16 |
| SHA512 | 8d334af9dbd4bb4394a4e37736b615c246fbb831acecd18f4b161e9f7524868e946f2fb6ef26a6821336757032d6a061921e09569a6cbba3be77d47686f17b73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d608835931576f40b505a496644f4523 |
| SHA1 | c8768fa7b149912e466883155fced22c15deb759 |
| SHA256 | bcf221c75e58e231b0579d11de5ee8e9c1231d8f879669370d89c2b774a27801 |
| SHA512 | 0467faf85da7f2e072fed7285aaf747231f257ba9e6c53268a5659bd34aa869fdcb73e5d2352417f5278329f2f62b81a0af9f63624e1e2c3863f263fd8474e03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba55e09349cdbb513ef6d27e82be9bdc |
| SHA1 | 7e313dd9a70cc87f8881fa2a5fd4a8ac9efeb25e |
| SHA256 | 6c58f3595a09bedfb0781311bece3945ed354f7b4d5169eafaa41422ff23cbd3 |
| SHA512 | e2571f0b63e300f238772cff385d4e8d01e4b3f06da6bafafc6b9e9178883448ed08974c8e93206a3c667dd57e68547e566a450e55efcfa1027adcf128b4fae8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a20b5b78f5a5fb3a3ff540a47e105e2 |
| SHA1 | 0934ac38b0665dd96adcabada23008892d4d464f |
| SHA256 | 78de59200f7d55f88632574fa9d9f020d4fa8e7e5143ccf84c75e851350e1f48 |
| SHA512 | d5cc7482987996caaa8855fe2cd111a36f9e14fe1d8998e98d02c6dcc90194f2c88fd0b53b13503b505522766f53047ac8d6bb178dff62cc68c10f91326c82b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab77ed0df21dd6880dcac5e0e43a9815 |
| SHA1 | 634d16e0c636a236ffb05a27b748fdc4636f6fe2 |
| SHA256 | 812ad13e3274b560eec32b86f26ae5857c04ae2e03456b2b6cdc316773d752ea |
| SHA512 | f65bb80c6cb9aa8af1f263e939ee98ded442b423595736f8f93ff43565d246cce4e5cd8e06ad650a7c2ce82adbdad99423c92f5972b6a7f2db71ae3843fe9cd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df000ee1a0a77caf95ee0111fe2399bb |
| SHA1 | 935e798b056ab0a6f9897d1bdedeece38abc66e1 |
| SHA256 | 7407499b333ef753ced50aee2f01988604821f766e1c701eeccae8f58a881f5c |
| SHA512 | f2081854fad642a702d86b173f598d2cecc67bc5573a3815229951ebfbfaf024dd595e1312d6e08e79c247629fa6d87a00ebfa81192c9b5b7b26dfb06e85983a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41fd953db336030490a1c2f063c6f7d4 |
| SHA1 | 5adc54e19b8d7f7a21fefd38206eda8e1a721b31 |
| SHA256 | 496ab4fca6a983444ab624254d6c50ba138a651a61fce291498644997f27cbb7 |
| SHA512 | 94657ed9c38da00183c7fb0c119dbdd9a6a03177094b37777d780d962cba1a6bf13074e1ab7d9389eba134997963ec73060b9c192819f68b11e12b17a862ba3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05b115776a905bd7136bde8c0922276f |
| SHA1 | 2677d5b991245cd03bacf60ae867e71f3d1b7ba3 |
| SHA256 | dd4323c2b38489b88c27943df5483d09b4094a20994495e302940bf568429260 |
| SHA512 | 485ad06bfcb416d5bac34fa4cf8f4fbe1c0f2e3ead1331a45d778f7cb67cc2d61d2c9379e71ca84e2ce8eaab98f332ebde0e661d6b64f8bce41a27fd48671932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e835483bba4640747fe8e414190f7b3f |
| SHA1 | 2eec431c177c1f68ee9bcb573a11ce5dfef9583c |
| SHA256 | f50bd5a79f6f95ff3b0883fc908971700f3a78528d3165b6312e1cb2952f99d5 |
| SHA512 | 549335f3ab6c809692a88d72f3518735251f28a132e9b5f34dcc419d12893f03832f580b519a79e902209dda60e3a2f93ca3cbd50e3833f21cce5ea585bd2d85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d51cd56cdaa2c3d70dcde990827f2c1b |
| SHA1 | 05a7868ccc1cfe7749bb3a9d93e88ed196712d4e |
| SHA256 | 5c04ec26b073821f81209cd26f51a4db96291149b6544b4b532e378cba0efc28 |
| SHA512 | 7b151a803f9ee287900c60909072309c0ee04b44a5de7125ef75cf17cc79fdaef9726ab7c1429c731041141944d490ce587a12a132259d835abeadf45df5760c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a494ca5a394008358a9ea84080279e15 |
| SHA1 | 6ba762a0d4849158565376132489ba22bd53ebf6 |
| SHA256 | 9ccc0276dba6469341a8ca4b86025ac0f05fdfaa33b99a4f87b55aa52ae0b41d |
| SHA512 | 8ff47581c9d4ab9368af42275b1993e39709ddf4c856190deaed581af0b1e9f50f9bf4c2ae9355cf2b71f464ec7ce3827ab33892616612c628c08276666dcda1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0a23ab147f6a117a59ed95e777e4a46 |
| SHA1 | 71f4426554959db814eab418df2ac80f65da2a58 |
| SHA256 | d98a90711571776cf6cd37215a7751800b53410c83f0a7725ceae241e05efcad |
| SHA512 | 8d11c8446c1eaba92dea81e378f434778c42cafdc8096f82963bd216477dc51a57e7d7f78c20ab385bd8daacc402093665abb11b75145370180fbc4e4120c6ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 317e576c584871ba847d4c693f028643 |
| SHA1 | 9d9e5fb9f2837c29a26860c2371661c311b7a42f |
| SHA256 | 43fd17ff1d0ded543f1f2a25f0b363a6303c861110a42995e48c244e97e4dfdf |
| SHA512 | 06ad05ec667a70e22f121872123dea7d424c848fa2ce3b69b87b97708dadb20d44b193642b7508e56816a5255594ec6fee2f86e99035d2c3fa66d7a02292f349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 229bf56839b1a783a04300f9880c2344 |
| SHA1 | e9483247809d477d5b4d2170038408970f54eddd |
| SHA256 | f1d869f503d9027143d7936829dc3db3cab55196151933ece85daff412dbdf96 |
| SHA512 | 738e8b541e14efaf7b94be821aa17c9f172103b75cf8f20da4b630649c59bf0599846a63c8a9bdde82b01cdde6f4e1b9523b0bcb4642b553ba9a5c025496e41a |