Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 08:51
Static task
static1
Behavioral task
behavioral1
Sample
b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html
-
Size
865KB
-
MD5
b2a74bba7f14c6b0d76c8b98c09b0378
-
SHA1
198d3b01ad13a6a3717d167cc7d06bf44cd362ce
-
SHA256
796fdb5393abde674ea897d31432e7e903e653e6426290530da1c37100378ebb
-
SHA512
5f41bc21942e6e5e798f6d714e2ad2844c436f1c4890811ea01ba08e7cf5f42fb4ceafe72ee5ef80148b305c72fdbbdd805e380b69293907d14b227ad83b9c2d
-
SSDEEP
12288:mf59nLYWAVZQ+9nLYWAVZQw49nLYWAVZQZ9nLYWAVZQtO:k9LYWAB9LYWAV49LYWAg9LYWA9
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
Processes:
svchost.exesvchost.exesvchost.exesvchost.exepid process 2736 svchost.exe 2704 svchost.exe 2856 svchost.exe 2376 svchost.exe -
Loads dropped DLL 8 IoCs
Processes:
IEXPLORE.EXEpid process 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE -
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\svchost.exe upx behavioral1/memory/2736-12-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2736-9-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2736-14-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2704-24-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2704-23-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2704-28-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2376-48-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2736-49-0x0000000000400000-0x000000000045B000-memory.dmp upx -
Processes:
iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000081e12e21188c694faf5a0996e4e1b47d1c2180acf0dd56d5cc3bc4b4d715d3d5000000000e8000000002000020000000d91adb6ed000ecaf397b5d5ad7b5bd8068a00edd40f3ff420efa8f915b92986c900000000812337f530338b9a70c875a2aaa99330acfb165abf0b8791f9d0a79a374a8d696369ef236f5d9717c5d5c19b5bd9c865e1067e4905cc4d0eb3222c19d1f2c540ef86c2ccbe30fae06dc68444debc02e544dbc8f7b438e743cdf0682c533f8fde646264c1e098559ff35d09cc2be9364ec12dadf2c4dbc8a7189c4e06bdec220882ab8f00647d51a0da6626185e3e1524000000061926ca54d451cfbd3c62564a082957c0496f3abbd08e8be84e546e8f39d38b70f1c24008e23d017bc738f058c98c022cbdafac6439c29959b5f49c7c077ec5c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff19000000190000009f0400007e020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30539166cabfda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000009328ca2ba4b7da242cd890e7bb6f007d35f06e2e018097a8a1572724a587d537000000000e80000000020000200000004ba8b61f3f9d25e24b7af7b1d5d5777c75b57d1503582cb9bfb17bfda61d570f2000000013eb08dfc09dbe8a26353bbdff5d6d0f14cde3f0d03eb10a63352e2b3676054f400000004c65b348f0dc3b2bcae5f1d5656c263443b05a589f5e39eb154ba4260660c928478dc6e1929bca26be62a7bdb9acc2e84667007392e3a2a668df27562cbf7bad iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424689733" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{919539C1-2BBD-11EF-B9DB-4A2B752F9250} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 32 IoCs
Processes:
svchost.exesvchost.exesvchost.exesvchost.exepid process 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2704 svchost.exe 2704 svchost.exe 2704 svchost.exe 2704 svchost.exe 2704 svchost.exe 2704 svchost.exe 2704 svchost.exe 2704 svchost.exe 2856 svchost.exe 2856 svchost.exe 2856 svchost.exe 2856 svchost.exe 2856 svchost.exe 2856 svchost.exe 2856 svchost.exe 2856 svchost.exe 2376 svchost.exe 2376 svchost.exe 2376 svchost.exe 2376 svchost.exe 2376 svchost.exe 2376 svchost.exe 2376 svchost.exe 2376 svchost.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
svchost.exesvchost.exesvchost.exesvchost.exedescription pid process Token: SeDebugPrivilege 2736 svchost.exe Token: SeDebugPrivilege 2704 svchost.exe Token: SeDebugPrivilege 2856 svchost.exe Token: SeDebugPrivilege 2376 svchost.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
Processes:
iexplore.exepid process 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe -
Suspicious use of SetWindowsHookEx 38 IoCs
Processes:
iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEpid process 2020 iexplore.exe 2020 iexplore.exe 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2580 IEXPLORE.EXE 2580 IEXPLORE.EXE 2628 IEXPLORE.EXE 2628 IEXPLORE.EXE 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 2020 iexplore.exe 1992 IEXPLORE.EXE 1992 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
iexplore.exeIEXPLORE.EXEsvchost.exesvchost.exesvchost.exesvchost.exedescription pid process target process PID 2020 wrote to memory of 2100 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2100 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2100 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2100 2020 iexplore.exe IEXPLORE.EXE PID 2100 wrote to memory of 2736 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2736 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2736 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2736 2100 IEXPLORE.EXE svchost.exe PID 2736 wrote to memory of 2076 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2076 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2076 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2076 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2656 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2656 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2656 2736 svchost.exe iexplore.exe PID 2736 wrote to memory of 2656 2736 svchost.exe iexplore.exe PID 2020 wrote to memory of 2628 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2628 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2628 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2628 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2580 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2580 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2580 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2580 2020 iexplore.exe IEXPLORE.EXE PID 2100 wrote to memory of 2704 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2704 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2704 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2704 2100 IEXPLORE.EXE svchost.exe PID 2704 wrote to memory of 3032 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 3032 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 3032 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 3032 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 2268 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 2268 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 2268 2704 svchost.exe iexplore.exe PID 2704 wrote to memory of 2268 2704 svchost.exe iexplore.exe PID 2100 wrote to memory of 2856 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2856 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2856 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2856 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2376 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2376 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2376 2100 IEXPLORE.EXE svchost.exe PID 2100 wrote to memory of 2376 2100 IEXPLORE.EXE svchost.exe PID 2856 wrote to memory of 2868 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2868 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2868 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2868 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2004 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2004 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2004 2856 svchost.exe iexplore.exe PID 2856 wrote to memory of 2004 2856 svchost.exe iexplore.exe PID 2020 wrote to memory of 2052 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2052 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2052 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2052 2020 iexplore.exe IEXPLORE.EXE PID 2376 wrote to memory of 1296 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1296 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1296 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1296 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1980 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1980 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1980 2376 svchost.exe iexplore.exe PID 2376 wrote to memory of 1980 2376 svchost.exe iexplore.exe
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2076
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2656
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3032
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2868
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1296
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1980
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:734213 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2628 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:406534 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2580 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:537606 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2052 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:209934 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1992 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:1061892 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d46d39aa7308532f13fb757ac7d113dd
SHA144248696253e170b2796f637757103254596f43a
SHA25650d0db9607df8ec5f23a34214a866f0a0b4633ccaa9d67b349f086687d046c91
SHA512e2cce8c3297ea939764a11cc11d145f7a0c5a5fb3c289ca02bbf1dd112c7f4014241e3158050f123d50d31deaec67e300882a1e68a6baab0eecb00da4ad4cbc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ea3d299eed83c94f6757443e457119e
SHA1504dd036335e387322873d0ed5babc2374c3bdf3
SHA256b3bf57fa2752218deb9dd134c9e537eebf16cf26cac5cd1c154387429d026de0
SHA512a27e9afd6714cc80f36ae13dd562eab24d3465bc0329b6ce10a5d02a2c51b8db66ea403bf3f523dd1da4d993663d81433515e6cccb6f2f77daa81afaf792cd2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550441c83ab0697d2fb37429e7a3a3380
SHA18f13debda71c54d28dcde12cd23773bcfe290e4f
SHA25673f001b2296cc8fda869f1bf1e33a18c7de4c51ac77a76237ba15c0f1a82dd65
SHA512fc2260b24e4821fad50898168040cbc90753a852ac639a21ca9c71052c9fdda002ba990a2c278bf8b7de45cd4af691cdc1e246d5b651699a38f2f9cf80ebda90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5facd0181542077a8c55f7dd8c1b32146
SHA162ce23fc0e8b41acb141cdc8bfa90e5da4cd5092
SHA25639f19eed7daed2e5cc7b37c559b1a37d09cb216cf2d7077ad08235d89a11d2e6
SHA512577ee3eba3b9df7499553db0b36b9089ff6fe50e68176a1004e004fe7e46730facbf07da32b3edcce38c964affc715663f177a39a71d9c791fd4b0a470cc60b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58729b2f9defa2a142c10cfe1b86002ac
SHA19e51b60ee955eb1a1d90f04484e1b6d06893d6a6
SHA25688b033bd25badfa0cff3095b1548e0f3c7d896a4c0d4afec80b91bb034693a8e
SHA512cd38a4caa6a64978d7f88273f1476788c5fde7050f503a1ace0d62a7e169c1fc98a9db4cadc1b35c589efd89df0c7385191a02e1a4f9fa8983822a1d2578c7e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6052853c302fb0bf3a6d60e487134d1
SHA16fd0d0751e5530178843f6f1b55ab09a38990f51
SHA256b8edbd71fbded41a238baeffc2507f32d67526bda94d4cbc553da7d5dc3a6049
SHA5125df257460d17e299bba4753b1533b80b666b3ab6f4769858458bed9b196f6c8a92bf3592a8239d078b15ec1368fc582e6e3cf372a67bdb17e418fe6e2d808561
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5774da9711f91c0f7e4ebf935df51b910
SHA1ed108fd26dc40e50916f5780647310f6b69f4f32
SHA256e8505bef3f41770768c418c5e0d2078beafbe1d654239ba636f5c8d33aedd076
SHA5120251dddc8c1baef6bdab2b8092f49b22dacb833c228b55f2dd4f0d0ac3555bcf64036f3bec1a614cdd1395b1ae56fabd6db19b9b4c63f918a1ad24fa20354e69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc1c3ffddce5243caef9f3fda1400d24
SHA1a4486c4fb39444e95e6158141d0294a858a0e66c
SHA25611f1a2d209e2e56f1a21f8c517f0bd61895d498ae957c7d72b5e788cc4f67fcf
SHA51224572e08c8a87bbe9f45436b69cb6ccb8cb9294445a4b1050a741b08df10536b8d407b09e47cc4f04925fe01aa6bd1df964e2559a81375baf50f53536c9aef6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5441ee8cfa408d876c0a36c7e49d314fc
SHA1ab66817dee974dd0d368df88880962e176bea950
SHA256210e46b0fe9abb039383ddc705e60396c24d9415e32e4dedeef1d1e3d7dca80e
SHA512efa970217e259cd4c891854c32989098fc169d4bb92b30ee24a387c21970be874bf121c4451f71b4155978dbfa32ba807bf6071e2f0ba0054c3b867ba947cb25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5205f1b700ce7721cb80b71cd27117ee8
SHA116b0602d4de4a85172101e9fb2770450a5af8665
SHA2567826192ed32fa23c2708124fb77a95c81f9f5b500275e0f07f61ca2ab8d5eafd
SHA5128b22a6e4cd2be4e0a3bb16164484940d4834ce8005ca9ac55f1ab55b3efafa43f23c91924cf3f2f66d2d442eb594812f20c4adc6dc34ec1cdca3a35ad7c159b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590a74579260a6579cc47a4a709f920d5
SHA1ba5eb47d6c439926ace44fa547c61c4c23dbdd37
SHA25614fb53dd0d217412096cf406bb506883faf9cc3ad8250f5146d1fca1b8570c73
SHA512e6e08fe20d0b4aa3410da1c3b97303df7d6f1c34fd474a2842f4614c578a7924e0a1f0ba040c4af8945fbe1628c2d9297a621a10b28f38622c8b5ba4cae69014
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536f3275b60ede025cd39810c25ff7a21
SHA1261b47ca3b54a74a4c582ea04e71a315ae962d47
SHA256e7f58580ba0524145aaecf9ee2605cba3232b5cf75728683aa24fa9e5d2995a3
SHA512ffee17f9702bfe5804085c22e5e7821492bc67d2cfc0c8c41faf6e8160963c599e811ba967d6bee83409758d1dc9e3f7231057ef569caa14115f69da66379624
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582edad352cd843138ceca88886d38fe3
SHA1160f3d1ffbe1468cd346afc35ceb7800a013a85e
SHA256dc81a0cf9175670baf6b88824eb9bb3e5248d961b8f74ea1b95fb83e2c5b50f4
SHA51250d40a58da496d5d9aea89f99dea7f19047aaefe3cae2cca59bfeac32855de0ac42cc8eef71b17a33752e37858f3ae84e3d4f84d17ff08b9fcd0f612331c1168
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5124db45b12021e1cedeb647bfe506857
SHA1f1ebe9da6fb4166986dce0a0cc62d547f5512739
SHA25650bc9b154991d2320da479632e909e05a5d80e410a548d7cd84c1f1bee651a18
SHA512cc62d9c33e6f673af116f93915e15cd1d54141e783a5835ae2b5b330f7263258aa407a934ff80b75a3976fb3fce56658f968544bf578a5689fd046b4982017c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535a3c1e45c30cb60f107f9689aba5062
SHA18d457a0ce60abaf8e1a1eeff292439c75985892a
SHA25655acd101dab82d32042c31162bef3abaa0f23e522b7424c8d79e9880068e488f
SHA5125c529dfbecaaf52446ee4b286303d2ae5a295d0eab56da6019aa7c634ebb4dc3418da651331b20112468699d7d1719189ae32405922df86abc7095c2e879fce8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8d3bedeba9400f4cca26c93f5186a5c
SHA194f732bdffea6aaae027efd9b128a39f6e3280fd
SHA2560e7099310415c2d68607c298980835db4fb10953112180a7c01ebddca65fac1d
SHA512c837279695537f2221d628f102fe1b2c70aceb59df4588795fffe5e88e5a6c957030c453e768305f6dc0f78065a76257e0f937504a80da348bccca22afbf2de9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a7ccf0d1f138e1be8cd23faa33a858c
SHA1fcdcffda2bca4d7e5ecd604f1b0d6b251addff69
SHA256da94dfbda21a10d16a4f834dd04c13b062eff2d9508c09a0231181d533538bd4
SHA51238e3a10ba1a496ab39ac12af216e635442437a225fcbad20b9550c61f57581bafe2b8c3bb3fd612a2f76b38398738cda3a63985e8558444d5d57e039d965a1a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e42270bb5b5e26f201a36d963ba7b62
SHA1b04f21edf983583ef575701eff15b8f65132d2ba
SHA2562cc9b5ee428287c1b37838108a4c7352596bcd0b404a0c56505da17d256b2d84
SHA51208c8e14d6788b2fa1e0c4ac1f92c10089b692d4d08853cb39f0eaca55f2a9f5d426ec70affe5346093ba1d31a9f760ef52e1db318b03333cc8186a57dbbd0a61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5110a760b11be0ea23461c923d89f7c
SHA1a46d702d199e66d38bc2e06373019cc34f1e75d0
SHA256459172fccbe9114393e0f16e89c9e6a594cb95f975cfc926ec7f8ec86191c7cd
SHA51296107638dd09add3d4a939fd17e086dc7fff559936bc54032a06a2e8c06269179ea88483bb70f481618b50c2a7cd44e288bd678a39cd53deeeecd5872bc2cf50
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b
-
Filesize
105KB
MD5dfb5daabb95dcfad1a5faf9ab1437076
SHA14a199569a9b52911bee7fb19ab80570cc5ff9ed1
SHA25654282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0
SHA5125d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8