Analysis Overview
SHA256
bce6aebc1f5aa53077e40f99c2206bb4bcacd3bdd67c2e3f182328fd08530985
Threat Level: Likely benign
The file a9044ed64d415f41fa9604c66c1c9635_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected phishing page
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 09:41
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 09:41
Reported
2024-06-14 09:44
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9044ed64d415f41fa9604c66c1c9635_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4332,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=1600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3412,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5296,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5360,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5332,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5900,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6260,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5788,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | brewerlloydblog.com | udp |
| US | 8.8.8.8:53 | brewerlloydblog.com | udp |
| US | 8.8.8.8:53 | platform.tumblr.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | brewerlloydblog.com | udp |
| US | 8.8.8.8:53 | brewerlloydblog.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | brewerlloydblog.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 09:41
Reported
2024-06-14 09:44
Platform
win7-20240611-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Detected phishing page
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424519986" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57EB0471-2A32-11EF-A13C-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00425f2f3fbeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e52795ae50d66c9d49fe7fd0fc7dfc66cbafee6a352040ff678c5d72cd52bccc000000000e80000000020000200000009c9c4b616fcf0dd3576324a870639c3bb3276d3dec525d285162ddb9355c20ad90000000e39455d027021859cd3e543ebd3a8837a970a480f356a3f524def744bf98d5b995b308610b1e8756ea6d00489490a870d705d635f0a0be246c7e77e6b6e99543eb7c6387d3b25c2e60e12aa86215d5d860178f461bbaee1a9dd94ccb523f8bc0c32e7b66f9399ba28b9e5f1dca2cd8fac04019707ef9879a7d707061f237999df92f864abac42ba7a4da88036c2f2ad94000000068693377c8def0caaea232514993585646366080c43d4c9499f69cb054f174ff4c5d639a156342f2d108775d2f130a18132bd05e62b81389415eb48cd6a90ada | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008e931f5961d80c64c5743f397947d480e97bf7cd9a1dc5545f3d106024af10eb000000000e8000000002000020000000847d71ee780df2197de75fd9d831db805793dee7aa886dcc66ae09be17bcba692000000073c532fae95ac6587a35408fd9d35944398dec5ae7859ea29a5d66a4da11544140000000f91fb5abc7b33115bb3e7414a95840b056afe8838fc97dec13938232d5efd08afe9dd95db074195d6a77a0642f962f2b7038fe3a4ddbab6041e1df5011e98c06 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1856 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1856 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1856 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1856 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a9044ed64d415f41fa9604c66c1c9635_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | brewerlloydblog.com | udp |
| US | 8.8.8.8:53 | www.brewerlloyd.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:443 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 3.142.81.216:80 | www.brewerlloyd.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1B9E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1BC0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cdac32a3b4b1c1047dfecbf4c520921 |
| SHA1 | a4329967190520d563e36aaf06392371d9c7ca6b |
| SHA256 | a70b102bfac7bff82b0c51c30eef47c5a30e7d7d384c35edaf6c0ead37665662 |
| SHA512 | 4ba2de9d7fde4b8b28cc05a4f9479dae2cd2f9ba9c4784a5dd65648189988b6ce484d81f6f679eb7406c442ce1debcdad3a335ed94db87561920ef67e8742e2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d96751345414bdbe37819495fe4cfb84 |
| SHA1 | 07c6eea715212900c837af2a0c2a7e020c4b4926 |
| SHA256 | 5bb4bcbc11705184c27c6ed608f709622e431821cd30453cd80adeb6a7754670 |
| SHA512 | 56d90420bb512726b1530ea7f57122e739455df9fef6ec28fd555c6b1a5c5af366e87e7743583281f56c4f7de6c56abac2d7cf49a655649d86803c32f08248e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fac2884894df8643d4bc6985b9bb966 |
| SHA1 | 4e43127e67007ed8c735ff7485878d44ae1cd5c5 |
| SHA256 | eba3be6cb03642166e72876fd0489ec3e30495c7f7b0dbce2606aeb62ce65e30 |
| SHA512 | 4429eef4e89f892c0183b6b1a4cdd7237fee6edf65463bddcd8a17d5d2b1d9199205f4fa36d6ac53d2b1c49ff5d0abfa897f5dc1a1d72e4ec09d31ab0eedf365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9090049e2d8bdd2d7b38639ab2d11894 |
| SHA1 | 67a7118479b887dc35aed2152ada9ceb6af879d7 |
| SHA256 | c2421b27f3545d8461ac78314d6484f0986977c45ae98968ce5b9bd575bfec80 |
| SHA512 | d782ceaffd1b7a64b73a0786ad0c844b68b796aa641cad8f4f3665b51160daae4931b414169106ae910cafb4b345c77bf19d8c4cafeb7c4730ebc51915f42cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba82ebb8bf9564fbe6fdd2a8807163f8 |
| SHA1 | f077404a692bea8864976944b9700de3021535c2 |
| SHA256 | 137770080fa4923d8337a352f04f68ff5eec59e5e9c78f39d86b0c4f0ecae450 |
| SHA512 | 4cc117a535ea2ea8d1aca42250f0f08b4a156ee123765d04a517502e36fedecca1cd7c88bf8bda76ec805b7ba210a4b4c92759d28d4137b8b96fb397e0569258 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3258bb23adf6580088b47143bfdcb84 |
| SHA1 | 9fc232920cbfc5566cd4270670033c173e18838e |
| SHA256 | 7eb3cf13fd6bbd237fa84a6d32aa581c30a6596c1c26b8800766a87454220f7d |
| SHA512 | 0785e278290d11ce5da991e99d31cb144083d29f6fdc0d382640093bc2866b9dce7a7e42b45f434b3a55c86fa8185cf105fd9a8fe338d8e84d03eed66cf6166f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8de3aec70e95384a8d08f4dda1b6606d |
| SHA1 | 8f2b389f9083dd632d49ff9a8436ec2391d827d4 |
| SHA256 | 22f981d9869edac3e15950b6c12179e6dd7d76445126818a6b765dd2aee774fe |
| SHA512 | ae413d7ad492d3b3459ad131dc94611c6b5e8d0f4a5fa1cecf71e9088f70a0b48bd27604ac33f9de9b1154450a49185c1a969e2f0572167b2a6d6a2119412c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8756d2925029dcfcb0af120287a5c1eb |
| SHA1 | ca26c555121313814463422629f93c611f0fd09e |
| SHA256 | 62c907f4f6ac36ec3eda2f5be452390f42ecf36bbbfd457c742bd618191c14b6 |
| SHA512 | 64e5cca2633a1bcf41b11e33121bba5afa20a59ff303511cf3c89e3c34c5e5c04ffdbde4cd47a55df850d4721e81bee33ab8aa6c0de816c2f1e3c633b14bf95d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a1a70bbf9b2221fff506cf17cd2aace |
| SHA1 | d58e3df2c93d3044d80a65a0466d86f463bc0746 |
| SHA256 | 71bc48f86b4f8d0c726c2bfd64f5dd15499b7cc40ac4197c0e40bee676171106 |
| SHA512 | ea9200ddc218ce63000d52a3dc6ddb6624394556dc64b3ef585b6fc2913421179d2172218905bfc870b3af0470602ac0db936e64daa023c01eac18fe1a1603d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 386dd362bf5cf06eee257eab3a191c4a |
| SHA1 | 9708853ef4597806c8cb0d78aaefc7f590d70143 |
| SHA256 | c137cd86c21743f25ddcbc4f22cd9a0a84d6ab3cbeae7ddbe173204f6df301a6 |
| SHA512 | 4ccd5b2d9e23783c010347928caef9f97ed8754892f543ee273eefe6732248c3a4e17fdba3f3b8518754ae1ba3c4aabd11fdf5a2832b78c3680ad9fd721c3940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa37c796fb526d11832c8e82e2b31e4b |
| SHA1 | e262e93b2a7593615b67d56f5f4512612f1081f3 |
| SHA256 | 4829734c2c96ebdf69cf3bb61bebda84a40f5de89cdfe9b603b40f2203edad93 |
| SHA512 | 91429b960f748b1180720f4b40fd34b4982b394e8969724d5a1fad1c4a9c56ca1f1c9e877651557792bf03d1a5cff5b76c3b0b36b8ec6500b04af8e833b65bd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2058a41369e744071a2826f68dcad240 |
| SHA1 | 4aa1628161bda9bdfb3a33dbfbc79990b1d7d819 |
| SHA256 | d3180ff23993c95ecf3aede94e4b662113107a30d8c5019d0551f990da4e0083 |
| SHA512 | 36cbc817985bb4f0bcf9ddbff9eff01bb16ca6062dcdf91ccc0cb2a3357a5f2e1fe5236b88c8cc1c2951482403ac57d34c244fd4dfe78278d24d5c249dff5c24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73698bdca1385751f9c08de8ab64b0ed |
| SHA1 | 909a75a4fd6720052207812afaaa6f4fdc8361f7 |
| SHA256 | 24d98e678b553d64a353abd594bb062d6524342540188593c91f4d5ba67fc36e |
| SHA512 | 963e33a984775111bac0afcfb1dcc80b6151512ef7ed87e19b5f176ed76da71d9593602d391866f9670253da4d31eaa089c575fb16b0096b5c1c90b990dcdf5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 583f47f641ed350bf09d68d05cfd0206 |
| SHA1 | 0e79cd25c20f229f1ff77ad406ca47e8e24695f9 |
| SHA256 | d7a5fa33480f2b6808ed67871989c8cd93c85880f61d60cca972745e2c0dca41 |
| SHA512 | 13c23875877bad3a3387eab7315d0a2f91a5d23fce2b131e008ed945ab12a2b333f0369f07023ca005d1f3ce35e25c5612ae5ee78d4a72b60e8b9eafeeafaac7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c562229e2910c8862771860a5b03eb6e |
| SHA1 | fcca617684bf79f1ff165eb43bedf99383e32778 |
| SHA256 | 889ad4350c5b47730208bf9345fdda840ac816a8b7d9b626674fbfe829bda9cf |
| SHA512 | 01d1e22d7dfa646ed3943e32d0ea249f9a9388c63ad5a095ffd7ef4e8a23aa33ae33790f9296c2f1bf6f3a731cd1bf21afc0409f84700d08937bc7ba20c028cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5f5a84e430e50db950491569f520006 |
| SHA1 | c5b82afa8dfd1a8d215ac0c3cb3b1a59a8630c75 |
| SHA256 | 3383452be62fef47c7cbb9bee0eb8dce548fbcbd29c422eb4a25d9e20ddf154e |
| SHA512 | e508251efbe7001fc40342528e927c95979a2168e90b4215c9966dd947c8aa4f0ea0f09403123a328fa6a4f84ad301ca99a6b36d33abca5dd23266945e9d9781 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92b5d093315bf7efe406035ecfcbe96a |
| SHA1 | 2e14abf8f0fe38b3dc6aa372b70c8a46ec7b0fd1 |
| SHA256 | 5a0557bbfde4babc263a0f3ac63c537c9725cbe4e24d4661e4181a297dcde43d |
| SHA512 | 73248207daf0bd768abddb81f5dffab8930adb5314ddb2ebaf915a01ddd5545b04f9f16d87dbadc27ad82d40ce7bc74605f9f6719b17b9580f0ff0c244482719 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a27e8f2cc8a6d9a58b23848cc1ccc216 |
| SHA1 | bfff57050fe5ee0cb7f588ca267fce7b16ad1f5d |
| SHA256 | 0030e3901bef29c2052337a2fef90943a8679222c729cc45846b37988685fc0c |
| SHA512 | e5876ea459027fb1ae681bebde32d8ef36a5b86d0475b03bdf4ae2260183dffcf8dac5dc07acaf27a538b94e451223ab8f8f00f4be6bf9e9fa8acbb19f63aefd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caad559668e1fc27877f1025f412e1b3 |
| SHA1 | 1d991afbfa01bfa5433ec996c75815fbfa0557be |
| SHA256 | 4713c8ff67525117476127db98c3f62e2c8e1e0896971cc52b4876a03f84f065 |
| SHA512 | 9613d6fb643665eba6d78f4bdef747ee3ae1d877fd828b1027c4fe17d3d3d45bfe45d4ec0babbc87521e94edfe07753a832e1534ec882cac908957cdedf8085f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc2986d1d9d7a13fa07b96bd5a07caa6 |
| SHA1 | dbcc5207555534a635fc0f386ae74888b7b9f5d8 |
| SHA256 | 0c1bc20882a3a5588882f0744856bd7fccc7a42e5bfa0790fde63acb8d756ed8 |
| SHA512 | 9a32a7e536f650395998a03c11f4ea969d16d014e88f1b89b91b2915aeda0332bd2fc2aa5dc321be6cf29f42940625df90873aa1d23451851a800df5959de01c |