Malware Analysis Report

2025-01-22 12:44

Sample ID 240623-b38h8aycnk
Target 04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118
SHA256 d3312b99d1dfbe22a25eca16d000350fddf0da8e7deabab791fa503f76d4bfb9
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d3312b99d1dfbe22a25eca16d000350fddf0da8e7deabab791fa503f76d4bfb9

Threat Level: Shows suspicious behavior

The file 04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-23 01:41

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 01:41

Reported

2024-06-23 01:43

Platform

win7-20240611-en

Max time kernel

148s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe"

Signatures

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\GreenBrowser.exe = "0" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.html\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\Content Type = "text/html" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\Content Type = "text/html" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.5igb.com udp
HK 154.85.61.64:80 www.5igb.com tcp
HK 154.85.61.64:80 www.5igb.com tcp
US 8.8.8.8:53 check.5igb.com udp
HK 154.85.61.64:80 check.5igb.com tcp

Files

memory/920-0-0x0000000000400000-0x000000000054E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 9fff23ec9ae1a8d6f4ec173e8f8af4c0
SHA1 7792598607845d98c5952507a9cf4d3026544183
SHA256 e58516e06aa2d4435df290550ac6d93a62f7c72b48e6f0bd7413fd8766d914ab
SHA512 978c772ca1ea550dd518227494e6571c0d3747a5c628ef091d5b41ac8a2403b82ede1377d649d5acb046146cee1bd30a621b0064612180799ddecf7196e60d0e

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 df9726ea557850cf1b7bb378a3923b99
SHA1 a314b554d5973249591f028a48d3bfb3b49eee4d
SHA256 4ce5132133b17adee5d4f1c88430d2b9b6a1372cd3e66bb2011ecf7d5c74bc7e
SHA512 966595440643c739295c42d3d5585b02d8a9ad7f9c0322c0ee6754af1dfb7d70657337e0ce2938f991bb552a472a65b9838b4dc6fc03c750142d1f723006a0f9

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 99b6802de6261b6498d8a6fa9c36831e
SHA1 588c46a2892dff9e98b266757e2d69ef1a1ec51f
SHA256 ba9f5d1ede0c880903210151460a7d35c091cdc26f2be95d49133e64c909b76d
SHA512 05c51d48241950447c90b5c1756fab87956916303f5df9d9ce5a37be8f624f028d7899c25c0bd655d8fa9fce44a6a4d61a1ad4d6e4fdf5df781d3066b15e4066

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 bf2d5fd6e174e0b5dac7a69ccca8b1ab
SHA1 3ea5e6209932039641ac88f14618667849336436
SHA256 dfffbd3e5e462a03c9d76d20a4a5a01004f04aa65a4efa5071e37aaa2aec574f
SHA512 e8becc4c647675b8e784dc57abc1cc55e752103d9caa8affd2a5c4058efaacc7840aa9a4be0e86d2c36ca9a30f595d516ff09028c6acea2c8ece723deafbd895

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 7ac48a92846857e59b105d4a2ab0d076
SHA1 ed137749090aa8f376d178881534eda9bd4099e4
SHA256 907d702c75932b49b4a1f1e1254dfbb19647732cc3f0bc199523acaf492e2ee7
SHA512 61e07797f03f6efcc7462befd9923ec11fcd7e33a27a2ef7812334674ad265a6d6b2f819e6c6cdc2da2709c4b58e5373c9c10f8a2ecaf9d922e841da06c3dd8c

memory/920-394-0x0000000000400000-0x000000000054E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 f7e652c7d5a328e56d25c37f075b9590
SHA1 078d16b574fe4478f291a88e1377e270074568dd
SHA256 58ef07ae4a636f151ffcb54d00715efb996238f151f77e0efe4f0a92bf0d4ef4
SHA512 32358274f965fe4962d93ff8f985e839e1461b97b6f4a9f891410daa76b13e342276d621f4600e8f00c7db2cad1930e1519b45939a7b152eeb7e62293c653832

memory/920-404-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-405-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-410-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-411-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-412-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-414-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-415-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-416-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-417-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-418-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-419-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-420-0x0000000000400000-0x000000000054E000-memory.dmp

memory/920-421-0x0000000000400000-0x000000000054E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 01:41

Reported

2024-06-23 01:43

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe"

Signatures

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\GreenBrowser.exe = "0" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.html\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.htm\ = "htmlfile" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\ = "GreenBrowser" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\Content Type = "text/html" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\Content Type = "text/html" C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.5igb.com udp
US 8.8.8.8:53 check.5igb.com udp
US 8.8.8.8:53 www.5igb.com udp

Files

memory/4432-0-0x0000000000400000-0x000000000054E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 9fff23ec9ae1a8d6f4ec173e8f8af4c0
SHA1 7792598607845d98c5952507a9cf4d3026544183
SHA256 e58516e06aa2d4435df290550ac6d93a62f7c72b48e6f0bd7413fd8766d914ab
SHA512 978c772ca1ea550dd518227494e6571c0d3747a5c628ef091d5b41ac8a2403b82ede1377d649d5acb046146cee1bd30a621b0064612180799ddecf7196e60d0e

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 df9726ea557850cf1b7bb378a3923b99
SHA1 a314b554d5973249591f028a48d3bfb3b49eee4d
SHA256 4ce5132133b17adee5d4f1c88430d2b9b6a1372cd3e66bb2011ecf7d5c74bc7e
SHA512 966595440643c739295c42d3d5585b02d8a9ad7f9c0322c0ee6754af1dfb7d70657337e0ce2938f991bb552a472a65b9838b4dc6fc03c750142d1f723006a0f9

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 99b6802de6261b6498d8a6fa9c36831e
SHA1 588c46a2892dff9e98b266757e2d69ef1a1ec51f
SHA256 ba9f5d1ede0c880903210151460a7d35c091cdc26f2be95d49133e64c909b76d
SHA512 05c51d48241950447c90b5c1756fab87956916303f5df9d9ce5a37be8f624f028d7899c25c0bd655d8fa9fce44a6a4d61a1ad4d6e4fdf5df781d3066b15e4066

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 bf2d5fd6e174e0b5dac7a69ccca8b1ab
SHA1 3ea5e6209932039641ac88f14618667849336436
SHA256 dfffbd3e5e462a03c9d76d20a4a5a01004f04aa65a4efa5071e37aaa2aec574f
SHA512 e8becc4c647675b8e784dc57abc1cc55e752103d9caa8affd2a5c4058efaacc7840aa9a4be0e86d2c36ca9a30f595d516ff09028c6acea2c8ece723deafbd895

memory/4432-374-0x0000000000400000-0x000000000054E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini

MD5 f7e652c7d5a328e56d25c37f075b9590
SHA1 078d16b574fe4478f291a88e1377e270074568dd
SHA256 58ef07ae4a636f151ffcb54d00715efb996238f151f77e0efe4f0a92bf0d4ef4
SHA512 32358274f965fe4962d93ff8f985e839e1461b97b6f4a9f891410daa76b13e342276d621f4600e8f00c7db2cad1930e1519b45939a7b152eeb7e62293c653832

memory/4432-395-0x0000000000400000-0x000000000054E000-memory.dmp

memory/4432-396-0x0000000000400000-0x000000000054E000-memory.dmp

memory/4432-397-0x0000000000400000-0x000000000054E000-memory.dmp