Analysis Overview
SHA256
d7b66abbcb763ebf671424b3cc51b063bdf61ebe3621bf33e7f3fec16052a666
Threat Level: Shows suspicious behavior
The file 116342b15a88fe6a8f1c984a05472945_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
VMProtect packed file
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 08:39
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 08:39
Reported
2024-06-26 08:41
Platform
win7-20240221-en
Max time kernel
144s
Max time network
134s
Command Line
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000876c767eb25b564fab14980298776c0c00000000020000000000106600000001000020000000538a4824031fc101aadb5fae6dbb1480a0f295cfb8312dc9cebf056e36bf060e000000000e80000000020000200000003d599f8abcc52fe10dc5cf973d13b53dec4e77e5dc996e84278e293354ed515420000000ebe65ae65c67753e7c76b30b64b67dabb8ccf12db444714dcbfba7f2efae0cb340000000c2b2d16c81618e43691338400ad43e2697cc9c645d1fd4b0ff4f5c306983efd21aef0aafafb1555119ef5d108dc4cabd737a337d7781db011d210e998ee04e44 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90E2FD01-3397-11EF-A5A1-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0703068a4c7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000876c767eb25b564fab14980298776c0c00000000020000000000106600000001000020000000f6041a8ad9e88ba76b9c61d9979cfb0f60ce80d6956a818f6eb0c9a6c87a46bf000000000e80000000020000200000006f837303c30853ad374f238e23c389bb1e143c3eff1d710f924b60ac536a11bf900000004d558f03ecd0dfdc92bdc382315dff96d293e9c392a9ce924049653d0b558292544263697fd51c49f602ed265a30646ddfbbde4f98d5a3112c0047f6452cbd0565f824bffdb197da87f2b318cf288add1b9b9b84982926b5fd2ff0d890efb4bebb9069072a95eebf24f6d452d2fee8ef9a8741658d7499803683082bb67d287b07486c12564483ed48590bfc4e80b2ec400000007b8ee70fa89467e418e4d3cd5c56d88b5cf4ffbce3acb1c0ae851046f172f1b19b335ef154834783ecada4ba7d1bdd0994b9d0abb1841471c1dc706887ec06b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425553021" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" www.dnfann.com
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dnfann.com | udp |
| US | 8.8.8.8:53 | www.uxdoo.com | udp |
| US | 52.86.6.113:80 | www.uxdoo.com | tcp |
| US | 52.86.6.113:80 | www.uxdoo.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | static.hugedomains.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 172.67.70.191:443 | static.hugedomains.com | tcp |
| US | 172.67.70.191:443 | static.hugedomains.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| NL | 2.18.121.142:443 | use.typekit.net | tcp |
| NL | 2.18.121.142:443 | use.typekit.net | tcp |
| NL | 2.18.121.142:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| NL | 2.18.121.132:443 | p.typekit.net | tcp |
| NL | 2.18.121.132:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 2.18.121.132:443 | p.typekit.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2112-0-0x0000000000400000-0x00000000006E1000-memory.dmp
memory/2112-1-0x0000000000400000-0x00000000006E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab387F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3962.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a37db943cb4d92088f106e817b5df4f5 |
| SHA1 | 529acb7967ec8d5603a0e7388350e6c69617b3af |
| SHA256 | d488fb3b0ce4209e33d6296c5c08810551d015cbad777529fd6eece6678cf86d |
| SHA512 | 8febe636800aab5e675c3e846b5b873bd1bee28a6be130916f21aef0537fe962adcf96e629af990df0ed0915fb7340f8e4b57910a783a282723bb7eed4d29b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e963846028dd57fc7413fff1011372f |
| SHA1 | 9b779f38a8ed7011f45135599c59450534b23670 |
| SHA256 | 17d3d15263ec184ff40e670c7293f96da1270f98d7394ab4edb1c06a62625917 |
| SHA512 | cb6afabd409d626c7f0ea5fcfa4dac0ed4f32c28af252a099641f7e281d45dcb382cf07cb5497acb80565984b0babd74e06c14accb42c7298a9a4e80c61492c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03528e1910aad1e0a1f744abba1df55d |
| SHA1 | 1d4d8cea08c1c167eba75e97ecc9585a4d27af5b |
| SHA256 | 7d5d7a075c6db1670dd3662fe47359ffaf59fc89cb299fe375c1be7517d169c7 |
| SHA512 | 90b57c5670796cbb80699693df227556427e581186c28ed8415abf92e9d89dc1a8236c94a896302b77f7ad5a27cd9f1fc957ae02eb2babaa42372311229626c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74fb7d8e16328b779e33d77cf4fd0c9a |
| SHA1 | 2255e4ddbe56edffd9d34ca2ffde20393baee130 |
| SHA256 | 7f87deea3c930622e5f6a8217944c594c6e95f27b7742513fab2614d94391fb4 |
| SHA512 | 16f644028d09e0c88f281bb3786acbc4b206c2f796fbf2eb7e482b00eb20e821986994735176e2f6c312e00f064121ad66fbb68e55cac7830276f4d3ffae1853 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 091410f65a423b37a6bfc7e6adb15f3e |
| SHA1 | 9a2ce27b4360f2553415627ea4fd76f6f51f7198 |
| SHA256 | eca0383e882881b4dd3954891f2298e410ebe4cca4b814fb7b9b4d15e0952008 |
| SHA512 | 1f7bd0ac5535db44808a0639b599bb4a28a99c8c1f56c94b43724ce43d344363f882d0ea569f92891a6642f7f0988744b8a8e6d1c241619d1f2f566673d9b426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91532cd16493599c054742be819a7fc1 |
| SHA1 | 2cc24cef15a6d7a59ade16b6203b6d70b864456f |
| SHA256 | 2585887eb6a20f36fd897e22f95124b43fc1b7b01b941dd595e83ec734bf964c |
| SHA512 | 80dd52030f5b685741ce6cbb011f874844eda6dbc419083efeed95de1e74f59225b3fd26098c6ad13e67fed8c423849c2fb468fde85302a167fe601977c67fae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 388c55aae20d26176af80ad3010d938d |
| SHA1 | dff63c7debdc3d0cbb5da7f70ae2995e51da9ac2 |
| SHA256 | c4ed5bebb657bc771762525eff44a9af2cc3b46d334641c2423a6a30de0ebf41 |
| SHA512 | 93ed288cca30a8faaff2912e74e74915df7b289714e6d7c37da94fab54e16057e4762eaee4088bdeb14cc171c71caff664c08e93c62d13e52d19bd01f73d5736 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d80a7a6744a470b349df18b3f74cfec5 |
| SHA1 | a3881eba2d5b536b7a2a9bf13de8bafd6df058d6 |
| SHA256 | 45ae48f9fd3b3907d5255a1bae4f160468b3011f3f0f112eb3634ef1a369b65c |
| SHA512 | bc30dbaeefb6ea98aff782bc4dc6d39ef84d14763318102fa6cd7da9e422ee2f76a0a8daf89b19ed1f2ff9396068bba988e4c1c0892e752a5246a01635ccc523 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d717744527c16dcf18f7918ccc883a23 |
| SHA1 | e2d4eae104732dc3f07c526e41625fda9aa29695 |
| SHA256 | edf5303be0b5e1cf226549d5130e26c9f8ff3f98c674cb89e0b72c513ade8e19 |
| SHA512 | 085357f33b81b05ffc1b38ded5274eb51dcb2bd486c4b64ac6c9455d435f964f00f7b662a40f7fcd17e0d93c4c45c7282f828a9998ff098af8050c207c158972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | dcd335a74590e8b0c294f20dd98b3ce6 |
| SHA1 | 35da179867f88d67c56423ddbd05d948f248c6b3 |
| SHA256 | 2b8af8a4ff3057e4f3bb1c2554663da28fb382d78752406e101a6f618a63095e |
| SHA512 | 4e693542268dfa8adca094c8b2976711a3fa3f2f2c34948b1594436b92eb660622d23b16f56e2ddb0b9c6b9078e2f478dc9564af14dfe803f5562500089f7833 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbb83e1da0452dff6ec6c2261d87f19a |
| SHA1 | 1fab89cad7e5076c44feffdb400cb7a5dbed571d |
| SHA256 | 9bcf28469d002d15af1713539180473f72e0bab4639f016c4cd052a6db4e0236 |
| SHA512 | f03e92cf017bb250277d536f61168e93bc4deba684ad90a9741acb66630a83c3f8835dd4d925b8fc0e68222512b975a2dd0de0042c187a416d040742205d9109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8b0ec1a3d39dc558cb2da2f25c8045 |
| SHA1 | c25efd67528899e2d62abf4db226d25e66dc7e9c |
| SHA256 | a6b280524346c70f64d9312e5edcd4e0983ea0e9078ee9c84f67b53f5d9f03cc |
| SHA512 | 22d51c0fcfc213720fda6777c5f71d903cc55d563e5a8550136acf52498625c6dffcd1752d4ecac8d333ce842beb98733992b8cedfcdbbf6602fd01b07be835c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6daa94e9c5be6cb7b80d77739ae42b7 |
| SHA1 | 5148856c3a249ace1d32739dfe77a74a958485dc |
| SHA256 | ec66886410ee56e3e5cf7cd74dacb0275c05c278847e9a2a6425666b442d91e7 |
| SHA512 | a7016cfa40709f504239da6e1afc3f5b2d9dca68ba89214fb507ab09879a9a6eb1d0364163af49b1bcb8468f285fd53e66cdce02df7dba2486aef7303fff3729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c3dbcb6ef383150a53d299a88ce8f2 |
| SHA1 | 1a60fdb3ab287d58486b0d872d9ca393fb99a146 |
| SHA256 | fa0aa1cbd0e0aef1f0a30489ce40cf8014c684b1d1e577d0cd0770a15a407840 |
| SHA512 | aaefbfdd7f4745c102ddc4f3dcc2aa90f788eac9ece535b2e117250470e35d16064fea20385bc74e2cd30258384de8dd4506829a7eb201b5e2704f62c2b8cf08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 277c86e779cbd799cdadf6b248f02e1e |
| SHA1 | 823d859e164dce667b6f47a2001a0c44b570c126 |
| SHA256 | 7d9410e927c5b284b247d9c88e40df0b97397b675a04eb6cb9bc68432934d393 |
| SHA512 | 6fdf1fe218f18c7d06c46b70727519d5cc26e34dfefb814db30cad325a27c7524e9b3af4c924374e73a0ad7a4f8cf5d505c91667b40a2cce266a0dab40831013 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a0632ce835bc53cc3e27a4dd2565174 |
| SHA1 | dcf6f2ebfe11d4539b5aa2e74f876a31fa0b8ad4 |
| SHA256 | 33f3e0e7fedb8b59ac6f459a02656bdf89e85994c4c36d15c42832876c56eac4 |
| SHA512 | d03ff9f6fb8b1879d5ebae789a34e45ec028304187c2bea3bf31e5ee63ff7b05955e8bde9c2f238d77f3dba0c40351030da2587efdd8d197692817ca94c32b8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc3384962fbbff4437f4e07c2ca0fd7d |
| SHA1 | 0d5ef9a1d45f9b85a99dd2626f9bb21d4e14026a |
| SHA256 | 5cc9dae9872cffa8a4bdf068cf62434ae557223782c5d99b5c045d237bafa22f |
| SHA512 | bac1324d467d723dedb13a3bb1e95cc4f488465418d4120c65185371c7d2a50541a2b3cfc42550ad3d999fc3a5dc6c62928765fa713994085e87ed683ded8b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | f167187e0194e3f6f96320460b9da336 |
| SHA1 | 141a7c45c5b657ed74fe83ca2440dd2033cb30e7 |
| SHA256 | 0fb0b3abec717166cc8e013c8ed3353b3e20244597d8db4f684b9e85665ea89e |
| SHA512 | 70363152904b1f5a741614494c8838a123f455f1b4dd461c5fd91f409842764dae5e4ce5fc70d53ff1d5d7126cd67eb7cdb4347a2e0cb4273aead8ef4ab833c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e50621656e74efd1a1d92a10e7d4d97f |
| SHA1 | 1aab917ad85216703d3d5cbc0b41a3a5a055acb9 |
| SHA256 | aacb311a4f18357d870b37c2cebd9b2d5c6b0b8ba588f2e7360b184400302a61 |
| SHA512 | f05b056c680a486daf92adee4aec94f2b0be3e460332c52ea7658ca12e048f0ece92c6df82a8ba20bc80aa7c0984bb651ad59e3a90d3289bd9a6488d86bd5f7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89725e8bb7c67308a33aa8cc242c171 |
| SHA1 | 8791a5b4d1ce31367c305e443ccdf82c94d28865 |
| SHA256 | aaf02b6a26f2ab41f5542d5fa5e9f4413503403b015a87e4d0e04fabb134fea6 |
| SHA512 | 98dfbf8505ac955f1d17a6da0df38eb9cd993307de5f90109c62b9c25ca006621aa47135419ca587b01691d436f295c2c509bfd2653b122f92bf327b66186d19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b82262fb04dc6815005b100a00621b1a |
| SHA1 | bfc96239f8e259bf6e3f4bd46c7cbdf84387100b |
| SHA256 | c6f57f17647ea83346c5e143ec88354d4b1259f0475813ae1edbed8d64915c23 |
| SHA512 | 616659d8166e2d763d2d691fbfed5a624b01abc36b863109e0fc7d6cc9011e9b2b4cd96036d310aeb67b92ee713b5d2abd972cdb6f54df1dd125981bde1d9155 |
memory/2112-1008-0x0000000000400000-0x00000000006E1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f58c4c5ca72c6cacda0e6cb49cb12bf1 |
| SHA1 | 6bfdfa854b98b860ebf0be36510546f41bd2b3dd |
| SHA256 | 3f390cdf59da434c743411a20d9196a80a86653c9068d201fb54477ceb155575 |
| SHA512 | 07364e741180b8825dab6e2460115eedbc825494c6260bd48eb606ddabc33771dbcaf1c554ac259be2416607448b57923eb4adc56086b903e59073e361e38791 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00f26e62c96cc53e7395fe2b62895cb6 |
| SHA1 | 7610043dd659f3eea2e90ed6806d435fec30eeaa |
| SHA256 | 42817f901fc42f0d5e4685df2eb44fe5cba1093e1df9f6df12d247732adfd739 |
| SHA512 | e1df99568a0e734846ef14da9caabfe9c344e50bffecb1ea688235ca96fc72ceb971cf67164044c2b7dd2cf940ffafdcd74ccbaee35adf108249ac740bd1a1ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 844c497ec03e7e34699dab6f03095a40 |
| SHA1 | 3fbb358462199d36439df8ff0c7e6f86d55c0be1 |
| SHA256 | 871bbbb021dcc51dfcb8c5de7211ff76c2508bd627fcbc9f0cdfce40f4f24ee9 |
| SHA512 | 452b513a24419a0ebdac756206c73a5a0d55a0635ed66794d1a473ec46c8bc19f13c86b4f74d0d77ea7cee0a496d82ff3e124b22f0e041d1f2ed8dd0bf796b82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08223f9bed8218a8d7fbbaea3f11a9b9 |
| SHA1 | 1734f30ed3618c9f8a1dac20783ff8fa66e1914a |
| SHA256 | 042a1ccb0dfb501cd6017c1a57d7a345dfc81e7a0ffc46e5636c5193410778bf |
| SHA512 | 1e188b1a8ea37e08536e26e0e8857a24dff6662eb035c92b17c776459bf2073ea3873ca68b5792f7d3dcaa042026a953fdf61acfe21399c1ea393e044aad36a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 619f11960d8b1ffaca65d37c541415cb |
| SHA1 | 5781695d3461625fd629999d959c528a156b5a79 |
| SHA256 | 0cdb6efcb8b81ad665fc23afeaaa2b829106e414cb0bc5650a40a21054cbac0f |
| SHA512 | a412ecffb50a924abcf762096ecb74cc6b7ac320a340dd2fa93c263d2f4bb9c9e23073a5743105c78a2cf11d05298160ad08f10b65fc0aa2882abe82372b9c74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebdc908e0b79d4e0344dff3b61cb8604 |
| SHA1 | 78f4f676dc425aa4fc5ba371837ac5d7fc97627d |
| SHA256 | 7da9e9cd3885082074fd203ea6d965021ad1213a448362b0fe5b79235174a02f |
| SHA512 | 1c1aacecf5a356dadf68c98b422e6f824e88836da109002f935de6b3abde82e0a175784d88e5c2e981fe41cd3c3c9fde4097788bf91e68ec784e98a3397eb9a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ed0a81b2d5ea6c1e8389bddd6175fc5 |
| SHA1 | db53002dfd80dad390ba9ec300e99581a8972fd2 |
| SHA256 | 9de56ee1cdeed29d28ce90f16e6d62b78ac5169167b9a240f204128c1c5b897e |
| SHA512 | 0f4aa0ca030a4b8cc7c1b43ac1dbddfe1543eaa6f04b71050badbe5830b98cdfe6b2ca6e20d00d6127d13e28731fdad3781d5bf5f3e6c6a1f00d82b1cc9e1514 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53b4561e7ff162aea59967b1144a828b |
| SHA1 | fa422cd068d4dc7b04e1f6d391d323f7a4a76cfc |
| SHA256 | d565589eea69f986240b42a3adca16e6b00a74d5e863aa8bb533b5409308bdc2 |
| SHA512 | d74508fd277e844a425e1bf96edf968f90ca3afdc3bb04a58d494f6c70299b55141a9a380ce163a97193431d5a5d940cf4343ded941da37112d4d25744586556 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e23457203f3095ab7b3dff6b33caf8c6 |
| SHA1 | 9a64ecf5d4d0e6bfbf455fcc5d0ef6a5183b0916 |
| SHA256 | e2ddad822068e651d9fc6eba1eec02013576a6e6e34765d555e9150e610aab2b |
| SHA512 | 6481a8aa4b559ae3a1a4af78ac3bb66565035f099fda3f63465c01de24866239fa6c207e882a0ef29087ffed6f4b8c196eafdccf92ebf30c3161456850cbcb77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40fd5535b6951631e21da8b4efeaf4b0 |
| SHA1 | 1d2eae6ca30378c3485f4d87dc37110a451b2ce5 |
| SHA256 | fb6d464aaf2899cc33ea915cbb9c8ea65c246e7dd4178e19fb74b73af11767dc |
| SHA512 | 1da558f052775913035b8528dd3c72452b510a085fe55d20cff2e4723a1df475649d6ccceebf0a0567e8e8db95ebdf13711c34e2d41f04a541a3c75f5831190a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e164b265d99492b4212117df21591d62 |
| SHA1 | bd38c2703e72cd1c04a46aafa249c73e74d30728 |
| SHA256 | c1c8ca508a74cad892480792126a89767f7cbf4ef7a47080b208664781161ffe |
| SHA512 | abc3fdc1c5b450b2d3fde6594aec9db65b42008d23aaae2f4241c0eae0e0d87d1815414625156766cb5e82fc52953280920f87d683b55237124c7a127096b3ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5fcabbde95ebbf25b5d5b70848bba5a |
| SHA1 | 34becbaf108c0c38e6af4968723cccd3dad3f737 |
| SHA256 | 28db349d8ff4ea35eaa32d9f55474f4760dbd72bcd8875dc0241a4e0a819dc99 |
| SHA512 | 86631914303782e8471050760aa2990e266c7d83d8609a67e7e32e494c2903c0e1c28c81bbdfeda30374f970411a5761c9b0e1abf9f6e66007f707fb1a54c3b9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-26 08:39
Reported
2024-06-26 08:41
Platform
win10v2004-20240611-en
Max time kernel
133s
Max time network
144s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1732216778" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3029a167a4c7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115172" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097a1eb2157cf4047a4f2ea4b9291f323000000000200000000001066000000010000200000009af786e484b24dd5838cd8d99a42a1145e87605078c9b288f53c8ea6c8201e67000000000e80000000020000200000000fae95645764b4e9e426af9d966a0a3712616633bcad31f2ae2287175290a561200000009e7c4e608591890f5f5d58895b645eedb23bb0bd71c1a889060347a9d11807164000000036a5f960952a3a6db9193c5434d2401497478e6d0e4199bcf0fa6ec268885ce339d80faac2bc88453a3fca5f75e1bf6fa1ff47aa29713138fa733e2e5f9ffc37 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097a1eb2157cf4047a4f2ea4b9291f3230000000002000000000010660000000100002000000007c8110462c990d7fd0256fd3a77a6a176186b209f153794e162e3be6436aadd000000000e80000000020000200000009582dc2ba4b01f9c44ef05f00b74a790bb9f8f75e7472164bcf875d6e1a2483f200000002b7fbba682e4cf73c9930fd488890c4e05b2c129e04fb435f5f4eed3179bbfda40000000cbe285a9ed6ce81101f91eb814a7425bb84bd99a36f3a1d705ec6aa497653e5d93a64c0ceb2ac075b0c7188565829b2af9295adba90707e3e17b13e02052f75f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1732997861" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115172" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40df9e67a4c7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426156131" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{92CC72AD-3397-11EF-86EC-663BBECB1CCD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1732216778" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1732997861" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115172" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115172" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1664 wrote to memory of 2916 | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 1664 wrote to memory of 2916 | N/A | C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 2916 wrote to memory of 1820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 1820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 1820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" www.dnfann.com
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dnfann.com | udp |
| US | 8.8.8.8:53 | www.dnfann.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.uxdoo.com | udp |
| US | 52.86.6.113:80 | www.uxdoo.com | tcp |
| US | 52.86.6.113:80 | www.uxdoo.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | 113.6.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.hugedomains.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 8.8.8.8:53 | cdn-cookieyes.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 172.67.20.8:443 | cdn-cookieyes.com | tcp |
| NL | 2.18.121.151:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| NL | 2.18.121.151:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.20.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/1664-1-0x0000000000613000-0x0000000000614000-memory.dmp
memory/1664-0-0x0000000000400000-0x00000000006E1000-memory.dmp
memory/1664-2-0x0000000000400000-0x00000000006E1000-memory.dmp
memory/1664-86-0x0000000000400000-0x00000000006E1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 0ee5ac8da7cc4101bdbd99f4381508a8 |
| SHA1 | d5bf3e64712cd0abc743971df1f79e5892d12170 |
| SHA256 | a500d8caf2c05caffdbe29bd7ff9fb6d82dbf73ec5f22847dea173f09b306750 |
| SHA512 | 17d2e5cdcf5b1a96c77d25abb36fff73ace9954d05488cf08fad43114b5dd5f32e0dea2fbf41fedd41137b26f046eae02d6cc48ce42ce73cc27ba4368f2e1bd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 5f0847e5a15af2d7923393c3cd30c5d1 |
| SHA1 | 326c44f2bc29ec6578a400d6d46361efcb013540 |
| SHA256 | 28766e681bf500e9cddbcd3275cd898c4165354ad087c2461d9ee374a7e2221e |
| SHA512 | a83751183cd1f2ac063a0077f8edfaecda72a4649437070c83f88151c822ff42d43fb8a291c123af2598e10d15cbdc147cef353b2149baca9462fb02e3d67a06 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB0E1.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUGBEKKF\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |