Analysis Overview
SHA256
d3312b99d1dfbe22a25eca16d000350fddf0da8e7deabab791fa503f76d4bfb9
Threat Level: Shows suspicious behavior
The file 04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Unsigned PE
Enumerates physical storage devices
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-23 01:41
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 01:41
Reported
2024-06-23 01:43
Platform
win7-20240611-en
Max time kernel
148s
Max time network
122s
Command Line
Signatures
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\GreenBrowser.exe = "0" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.html\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\Content Type = "text/html" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\Content Type = "text/html" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.5igb.com | udp |
| HK | 154.85.61.64:80 | www.5igb.com | tcp |
| HK | 154.85.61.64:80 | www.5igb.com | tcp |
| US | 8.8.8.8:53 | check.5igb.com | udp |
| HK | 154.85.61.64:80 | check.5igb.com | tcp |
Files
memory/920-0-0x0000000000400000-0x000000000054E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | 9fff23ec9ae1a8d6f4ec173e8f8af4c0 |
| SHA1 | 7792598607845d98c5952507a9cf4d3026544183 |
| SHA256 | e58516e06aa2d4435df290550ac6d93a62f7c72b48e6f0bd7413fd8766d914ab |
| SHA512 | 978c772ca1ea550dd518227494e6571c0d3747a5c628ef091d5b41ac8a2403b82ede1377d649d5acb046146cee1bd30a621b0064612180799ddecf7196e60d0e |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | df9726ea557850cf1b7bb378a3923b99 |
| SHA1 | a314b554d5973249591f028a48d3bfb3b49eee4d |
| SHA256 | 4ce5132133b17adee5d4f1c88430d2b9b6a1372cd3e66bb2011ecf7d5c74bc7e |
| SHA512 | 966595440643c739295c42d3d5585b02d8a9ad7f9c0322c0ee6754af1dfb7d70657337e0ce2938f991bb552a472a65b9838b4dc6fc03c750142d1f723006a0f9 |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | 99b6802de6261b6498d8a6fa9c36831e |
| SHA1 | 588c46a2892dff9e98b266757e2d69ef1a1ec51f |
| SHA256 | ba9f5d1ede0c880903210151460a7d35c091cdc26f2be95d49133e64c909b76d |
| SHA512 | 05c51d48241950447c90b5c1756fab87956916303f5df9d9ce5a37be8f624f028d7899c25c0bd655d8fa9fce44a6a4d61a1ad4d6e4fdf5df781d3066b15e4066 |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | bf2d5fd6e174e0b5dac7a69ccca8b1ab |
| SHA1 | 3ea5e6209932039641ac88f14618667849336436 |
| SHA256 | dfffbd3e5e462a03c9d76d20a4a5a01004f04aa65a4efa5071e37aaa2aec574f |
| SHA512 | e8becc4c647675b8e784dc57abc1cc55e752103d9caa8affd2a5c4058efaacc7840aa9a4be0e86d2c36ca9a30f595d516ff09028c6acea2c8ece723deafbd895 |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | 7ac48a92846857e59b105d4a2ab0d076 |
| SHA1 | ed137749090aa8f376d178881534eda9bd4099e4 |
| SHA256 | 907d702c75932b49b4a1f1e1254dfbb19647732cc3f0bc199523acaf492e2ee7 |
| SHA512 | 61e07797f03f6efcc7462befd9923ec11fcd7e33a27a2ef7812334674ad265a6d6b2f819e6c6cdc2da2709c4b58e5373c9c10f8a2ecaf9d922e841da06c3dd8c |
memory/920-394-0x0000000000400000-0x000000000054E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | f7e652c7d5a328e56d25c37f075b9590 |
| SHA1 | 078d16b574fe4478f291a88e1377e270074568dd |
| SHA256 | 58ef07ae4a636f151ffcb54d00715efb996238f151f77e0efe4f0a92bf0d4ef4 |
| SHA512 | 32358274f965fe4962d93ff8f985e839e1461b97b6f4a9f891410daa76b13e342276d621f4600e8f00c7db2cad1930e1519b45939a7b152eeb7e62293c653832 |
memory/920-404-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-405-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-410-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-411-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-412-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-414-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-415-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-416-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-417-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-418-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-419-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-420-0x0000000000400000-0x000000000054E000-memory.dmp
memory/920-421-0x0000000000400000-0x000000000054E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 01:41
Reported
2024-06-23 01:43
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
54s
Command Line
Signatures
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\GreenBrowser.exe = "0" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.html\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.htm\ = "htmlfile" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\ = "GreenBrowser" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\GreenBrowser\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtm\Content Type = "text/html" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\https\shell\GreenBrowser\command | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ftp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\Content Type = "text/html" | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04c5c992c657ec64cccfa6fbd6c372fe_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.5igb.com | udp |
| US | 8.8.8.8:53 | check.5igb.com | udp |
| US | 8.8.8.8:53 | www.5igb.com | udp |
Files
memory/4432-0-0x0000000000400000-0x000000000054E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | 9fff23ec9ae1a8d6f4ec173e8f8af4c0 |
| SHA1 | 7792598607845d98c5952507a9cf4d3026544183 |
| SHA256 | e58516e06aa2d4435df290550ac6d93a62f7c72b48e6f0bd7413fd8766d914ab |
| SHA512 | 978c772ca1ea550dd518227494e6571c0d3747a5c628ef091d5b41ac8a2403b82ede1377d649d5acb046146cee1bd30a621b0064612180799ddecf7196e60d0e |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | df9726ea557850cf1b7bb378a3923b99 |
| SHA1 | a314b554d5973249591f028a48d3bfb3b49eee4d |
| SHA256 | 4ce5132133b17adee5d4f1c88430d2b9b6a1372cd3e66bb2011ecf7d5c74bc7e |
| SHA512 | 966595440643c739295c42d3d5585b02d8a9ad7f9c0322c0ee6754af1dfb7d70657337e0ce2938f991bb552a472a65b9838b4dc6fc03c750142d1f723006a0f9 |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | 99b6802de6261b6498d8a6fa9c36831e |
| SHA1 | 588c46a2892dff9e98b266757e2d69ef1a1ec51f |
| SHA256 | ba9f5d1ede0c880903210151460a7d35c091cdc26f2be95d49133e64c909b76d |
| SHA512 | 05c51d48241950447c90b5c1756fab87956916303f5df9d9ce5a37be8f624f028d7899c25c0bd655d8fa9fce44a6a4d61a1ad4d6e4fdf5df781d3066b15e4066 |
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | bf2d5fd6e174e0b5dac7a69ccca8b1ab |
| SHA1 | 3ea5e6209932039641ac88f14618667849336436 |
| SHA256 | dfffbd3e5e462a03c9d76d20a4a5a01004f04aa65a4efa5071e37aaa2aec574f |
| SHA512 | e8becc4c647675b8e784dc57abc1cc55e752103d9caa8affd2a5c4058efaacc7840aa9a4be0e86d2c36ca9a30f595d516ff09028c6acea2c8ece723deafbd895 |
memory/4432-374-0x0000000000400000-0x000000000054E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\User\GreenBrowser.ini
| MD5 | f7e652c7d5a328e56d25c37f075b9590 |
| SHA1 | 078d16b574fe4478f291a88e1377e270074568dd |
| SHA256 | 58ef07ae4a636f151ffcb54d00715efb996238f151f77e0efe4f0a92bf0d4ef4 |
| SHA512 | 32358274f965fe4962d93ff8f985e839e1461b97b6f4a9f891410daa76b13e342276d621f4600e8f00c7db2cad1930e1519b45939a7b152eeb7e62293c653832 |
memory/4432-395-0x0000000000400000-0x000000000054E000-memory.dmp
memory/4432-396-0x0000000000400000-0x000000000054E000-memory.dmp
memory/4432-397-0x0000000000400000-0x000000000054E000-memory.dmp