Malware Analysis Report

2025-01-22 13:01

Sample ID 240626-kkc42awbmf
Target 116342b15a88fe6a8f1c984a05472945_JaffaCakes118
SHA256 d7b66abbcb763ebf671424b3cc51b063bdf61ebe3621bf33e7f3fec16052a666
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d7b66abbcb763ebf671424b3cc51b063bdf61ebe3621bf33e7f3fec16052a666

Threat Level: Shows suspicious behavior

The file 116342b15a88fe6a8f1c984a05472945_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

Checks computer location settings

VMProtect packed file

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 08:39

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 08:39

Reported

2024-06-26 08:41

Platform

win7-20240221-en

Max time kernel

144s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000876c767eb25b564fab14980298776c0c00000000020000000000106600000001000020000000538a4824031fc101aadb5fae6dbb1480a0f295cfb8312dc9cebf056e36bf060e000000000e80000000020000200000003d599f8abcc52fe10dc5cf973d13b53dec4e77e5dc996e84278e293354ed515420000000ebe65ae65c67753e7c76b30b64b67dabb8ccf12db444714dcbfba7f2efae0cb340000000c2b2d16c81618e43691338400ad43e2697cc9c645d1fd4b0ff4f5c306983efd21aef0aafafb1555119ef5d108dc4cabd737a337d7781db011d210e998ee04e44 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90E2FD01-3397-11EF-A5A1-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0703068a4c7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000876c767eb25b564fab14980298776c0c00000000020000000000106600000001000020000000f6041a8ad9e88ba76b9c61d9979cfb0f60ce80d6956a818f6eb0c9a6c87a46bf000000000e80000000020000200000006f837303c30853ad374f238e23c389bb1e143c3eff1d710f924b60ac536a11bf900000004d558f03ecd0dfdc92bdc382315dff96d293e9c392a9ce924049653d0b558292544263697fd51c49f602ed265a30646ddfbbde4f98d5a3112c0047f6452cbd0565f824bffdb197da87f2b318cf288add1b9b9b84982926b5fd2ff0d890efb4bebb9069072a95eebf24f6d452d2fee8ef9a8741658d7499803683082bb67d287b07486c12564483ed48590bfc4e80b2ec400000007b8ee70fa89467e418e4d3cd5c56d88b5cf4ffbce3acb1c0ae851046f172f1b19b335ef154834783ecada4ba7d1bdd0994b9d0abb1841471c1dc706887ec06b5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425553021" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" www.dnfann.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dnfann.com udp
US 8.8.8.8:53 www.uxdoo.com udp
US 52.86.6.113:80 www.uxdoo.com tcp
US 52.86.6.113:80 www.uxdoo.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.hugedomains.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 172.67.70.191:443 static.hugedomains.com tcp
US 172.67.70.191:443 static.hugedomains.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
NL 2.18.121.142:443 use.typekit.net tcp
NL 2.18.121.142:443 use.typekit.net tcp
NL 2.18.121.142:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
NL 2.18.121.132:443 p.typekit.net tcp
NL 2.18.121.132:443 p.typekit.net tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 2.18.121.132:443 p.typekit.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2112-0-0x0000000000400000-0x00000000006E1000-memory.dmp

memory/2112-1-0x0000000000400000-0x00000000006E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab387F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3962.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a37db943cb4d92088f106e817b5df4f5
SHA1 529acb7967ec8d5603a0e7388350e6c69617b3af
SHA256 d488fb3b0ce4209e33d6296c5c08810551d015cbad777529fd6eece6678cf86d
SHA512 8febe636800aab5e675c3e846b5b873bd1bee28a6be130916f21aef0537fe962adcf96e629af990df0ed0915fb7340f8e4b57910a783a282723bb7eed4d29b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e963846028dd57fc7413fff1011372f
SHA1 9b779f38a8ed7011f45135599c59450534b23670
SHA256 17d3d15263ec184ff40e670c7293f96da1270f98d7394ab4edb1c06a62625917
SHA512 cb6afabd409d626c7f0ea5fcfa4dac0ed4f32c28af252a099641f7e281d45dcb382cf07cb5497acb80565984b0babd74e06c14accb42c7298a9a4e80c61492c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03528e1910aad1e0a1f744abba1df55d
SHA1 1d4d8cea08c1c167eba75e97ecc9585a4d27af5b
SHA256 7d5d7a075c6db1670dd3662fe47359ffaf59fc89cb299fe375c1be7517d169c7
SHA512 90b57c5670796cbb80699693df227556427e581186c28ed8415abf92e9d89dc1a8236c94a896302b77f7ad5a27cd9f1fc957ae02eb2babaa42372311229626c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74fb7d8e16328b779e33d77cf4fd0c9a
SHA1 2255e4ddbe56edffd9d34ca2ffde20393baee130
SHA256 7f87deea3c930622e5f6a8217944c594c6e95f27b7742513fab2614d94391fb4
SHA512 16f644028d09e0c88f281bb3786acbc4b206c2f796fbf2eb7e482b00eb20e821986994735176e2f6c312e00f064121ad66fbb68e55cac7830276f4d3ffae1853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 091410f65a423b37a6bfc7e6adb15f3e
SHA1 9a2ce27b4360f2553415627ea4fd76f6f51f7198
SHA256 eca0383e882881b4dd3954891f2298e410ebe4cca4b814fb7b9b4d15e0952008
SHA512 1f7bd0ac5535db44808a0639b599bb4a28a99c8c1f56c94b43724ce43d344363f882d0ea569f92891a6642f7f0988744b8a8e6d1c241619d1f2f566673d9b426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91532cd16493599c054742be819a7fc1
SHA1 2cc24cef15a6d7a59ade16b6203b6d70b864456f
SHA256 2585887eb6a20f36fd897e22f95124b43fc1b7b01b941dd595e83ec734bf964c
SHA512 80dd52030f5b685741ce6cbb011f874844eda6dbc419083efeed95de1e74f59225b3fd26098c6ad13e67fed8c423849c2fb468fde85302a167fe601977c67fae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 388c55aae20d26176af80ad3010d938d
SHA1 dff63c7debdc3d0cbb5da7f70ae2995e51da9ac2
SHA256 c4ed5bebb657bc771762525eff44a9af2cc3b46d334641c2423a6a30de0ebf41
SHA512 93ed288cca30a8faaff2912e74e74915df7b289714e6d7c37da94fab54e16057e4762eaee4088bdeb14cc171c71caff664c08e93c62d13e52d19bd01f73d5736

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d80a7a6744a470b349df18b3f74cfec5
SHA1 a3881eba2d5b536b7a2a9bf13de8bafd6df058d6
SHA256 45ae48f9fd3b3907d5255a1bae4f160468b3011f3f0f112eb3634ef1a369b65c
SHA512 bc30dbaeefb6ea98aff782bc4dc6d39ef84d14763318102fa6cd7da9e422ee2f76a0a8daf89b19ed1f2ff9396068bba988e4c1c0892e752a5246a01635ccc523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d717744527c16dcf18f7918ccc883a23
SHA1 e2d4eae104732dc3f07c526e41625fda9aa29695
SHA256 edf5303be0b5e1cf226549d5130e26c9f8ff3f98c674cb89e0b72c513ade8e19
SHA512 085357f33b81b05ffc1b38ded5274eb51dcb2bd486c4b64ac6c9455d435f964f00f7b662a40f7fcd17e0d93c4c45c7282f828a9998ff098af8050c207c158972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 dcd335a74590e8b0c294f20dd98b3ce6
SHA1 35da179867f88d67c56423ddbd05d948f248c6b3
SHA256 2b8af8a4ff3057e4f3bb1c2554663da28fb382d78752406e101a6f618a63095e
SHA512 4e693542268dfa8adca094c8b2976711a3fa3f2f2c34948b1594436b92eb660622d23b16f56e2ddb0b9c6b9078e2f478dc9564af14dfe803f5562500089f7833

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbb83e1da0452dff6ec6c2261d87f19a
SHA1 1fab89cad7e5076c44feffdb400cb7a5dbed571d
SHA256 9bcf28469d002d15af1713539180473f72e0bab4639f016c4cd052a6db4e0236
SHA512 f03e92cf017bb250277d536f61168e93bc4deba684ad90a9741acb66630a83c3f8835dd4d925b8fc0e68222512b975a2dd0de0042c187a416d040742205d9109

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e8b0ec1a3d39dc558cb2da2f25c8045
SHA1 c25efd67528899e2d62abf4db226d25e66dc7e9c
SHA256 a6b280524346c70f64d9312e5edcd4e0983ea0e9078ee9c84f67b53f5d9f03cc
SHA512 22d51c0fcfc213720fda6777c5f71d903cc55d563e5a8550136acf52498625c6dffcd1752d4ecac8d333ce842beb98733992b8cedfcdbbf6602fd01b07be835c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6daa94e9c5be6cb7b80d77739ae42b7
SHA1 5148856c3a249ace1d32739dfe77a74a958485dc
SHA256 ec66886410ee56e3e5cf7cd74dacb0275c05c278847e9a2a6425666b442d91e7
SHA512 a7016cfa40709f504239da6e1afc3f5b2d9dca68ba89214fb507ab09879a9a6eb1d0364163af49b1bcb8468f285fd53e66cdce02df7dba2486aef7303fff3729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6c3dbcb6ef383150a53d299a88ce8f2
SHA1 1a60fdb3ab287d58486b0d872d9ca393fb99a146
SHA256 fa0aa1cbd0e0aef1f0a30489ce40cf8014c684b1d1e577d0cd0770a15a407840
SHA512 aaefbfdd7f4745c102ddc4f3dcc2aa90f788eac9ece535b2e117250470e35d16064fea20385bc74e2cd30258384de8dd4506829a7eb201b5e2704f62c2b8cf08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 277c86e779cbd799cdadf6b248f02e1e
SHA1 823d859e164dce667b6f47a2001a0c44b570c126
SHA256 7d9410e927c5b284b247d9c88e40df0b97397b675a04eb6cb9bc68432934d393
SHA512 6fdf1fe218f18c7d06c46b70727519d5cc26e34dfefb814db30cad325a27c7524e9b3af4c924374e73a0ad7a4f8cf5d505c91667b40a2cce266a0dab40831013

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a0632ce835bc53cc3e27a4dd2565174
SHA1 dcf6f2ebfe11d4539b5aa2e74f876a31fa0b8ad4
SHA256 33f3e0e7fedb8b59ac6f459a02656bdf89e85994c4c36d15c42832876c56eac4
SHA512 d03ff9f6fb8b1879d5ebae789a34e45ec028304187c2bea3bf31e5ee63ff7b05955e8bde9c2f238d77f3dba0c40351030da2587efdd8d197692817ca94c32b8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc3384962fbbff4437f4e07c2ca0fd7d
SHA1 0d5ef9a1d45f9b85a99dd2626f9bb21d4e14026a
SHA256 5cc9dae9872cffa8a4bdf068cf62434ae557223782c5d99b5c045d237bafa22f
SHA512 bac1324d467d723dedb13a3bb1e95cc4f488465418d4120c65185371c7d2a50541a2b3cfc42550ad3d999fc3a5dc6c62928765fa713994085e87ed683ded8b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 f167187e0194e3f6f96320460b9da336
SHA1 141a7c45c5b657ed74fe83ca2440dd2033cb30e7
SHA256 0fb0b3abec717166cc8e013c8ed3353b3e20244597d8db4f684b9e85665ea89e
SHA512 70363152904b1f5a741614494c8838a123f455f1b4dd461c5fd91f409842764dae5e4ce5fc70d53ff1d5d7126cd67eb7cdb4347a2e0cb4273aead8ef4ab833c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e50621656e74efd1a1d92a10e7d4d97f
SHA1 1aab917ad85216703d3d5cbc0b41a3a5a055acb9
SHA256 aacb311a4f18357d870b37c2cebd9b2d5c6b0b8ba588f2e7360b184400302a61
SHA512 f05b056c680a486daf92adee4aec94f2b0be3e460332c52ea7658ca12e048f0ece92c6df82a8ba20bc80aa7c0984bb651ad59e3a90d3289bd9a6488d86bd5f7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e89725e8bb7c67308a33aa8cc242c171
SHA1 8791a5b4d1ce31367c305e443ccdf82c94d28865
SHA256 aaf02b6a26f2ab41f5542d5fa5e9f4413503403b015a87e4d0e04fabb134fea6
SHA512 98dfbf8505ac955f1d17a6da0df38eb9cd993307de5f90109c62b9c25ca006621aa47135419ca587b01691d436f295c2c509bfd2653b122f92bf327b66186d19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b82262fb04dc6815005b100a00621b1a
SHA1 bfc96239f8e259bf6e3f4bd46c7cbdf84387100b
SHA256 c6f57f17647ea83346c5e143ec88354d4b1259f0475813ae1edbed8d64915c23
SHA512 616659d8166e2d763d2d691fbfed5a624b01abc36b863109e0fc7d6cc9011e9b2b4cd96036d310aeb67b92ee713b5d2abd972cdb6f54df1dd125981bde1d9155

memory/2112-1008-0x0000000000400000-0x00000000006E1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f58c4c5ca72c6cacda0e6cb49cb12bf1
SHA1 6bfdfa854b98b860ebf0be36510546f41bd2b3dd
SHA256 3f390cdf59da434c743411a20d9196a80a86653c9068d201fb54477ceb155575
SHA512 07364e741180b8825dab6e2460115eedbc825494c6260bd48eb606ddabc33771dbcaf1c554ac259be2416607448b57923eb4adc56086b903e59073e361e38791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00f26e62c96cc53e7395fe2b62895cb6
SHA1 7610043dd659f3eea2e90ed6806d435fec30eeaa
SHA256 42817f901fc42f0d5e4685df2eb44fe5cba1093e1df9f6df12d247732adfd739
SHA512 e1df99568a0e734846ef14da9caabfe9c344e50bffecb1ea688235ca96fc72ceb971cf67164044c2b7dd2cf940ffafdcd74ccbaee35adf108249ac740bd1a1ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 844c497ec03e7e34699dab6f03095a40
SHA1 3fbb358462199d36439df8ff0c7e6f86d55c0be1
SHA256 871bbbb021dcc51dfcb8c5de7211ff76c2508bd627fcbc9f0cdfce40f4f24ee9
SHA512 452b513a24419a0ebdac756206c73a5a0d55a0635ed66794d1a473ec46c8bc19f13c86b4f74d0d77ea7cee0a496d82ff3e124b22f0e041d1f2ed8dd0bf796b82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08223f9bed8218a8d7fbbaea3f11a9b9
SHA1 1734f30ed3618c9f8a1dac20783ff8fa66e1914a
SHA256 042a1ccb0dfb501cd6017c1a57d7a345dfc81e7a0ffc46e5636c5193410778bf
SHA512 1e188b1a8ea37e08536e26e0e8857a24dff6662eb035c92b17c776459bf2073ea3873ca68b5792f7d3dcaa042026a953fdf61acfe21399c1ea393e044aad36a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 619f11960d8b1ffaca65d37c541415cb
SHA1 5781695d3461625fd629999d959c528a156b5a79
SHA256 0cdb6efcb8b81ad665fc23afeaaa2b829106e414cb0bc5650a40a21054cbac0f
SHA512 a412ecffb50a924abcf762096ecb74cc6b7ac320a340dd2fa93c263d2f4bb9c9e23073a5743105c78a2cf11d05298160ad08f10b65fc0aa2882abe82372b9c74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebdc908e0b79d4e0344dff3b61cb8604
SHA1 78f4f676dc425aa4fc5ba371837ac5d7fc97627d
SHA256 7da9e9cd3885082074fd203ea6d965021ad1213a448362b0fe5b79235174a02f
SHA512 1c1aacecf5a356dadf68c98b422e6f824e88836da109002f935de6b3abde82e0a175784d88e5c2e981fe41cd3c3c9fde4097788bf91e68ec784e98a3397eb9a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ed0a81b2d5ea6c1e8389bddd6175fc5
SHA1 db53002dfd80dad390ba9ec300e99581a8972fd2
SHA256 9de56ee1cdeed29d28ce90f16e6d62b78ac5169167b9a240f204128c1c5b897e
SHA512 0f4aa0ca030a4b8cc7c1b43ac1dbddfe1543eaa6f04b71050badbe5830b98cdfe6b2ca6e20d00d6127d13e28731fdad3781d5bf5f3e6c6a1f00d82b1cc9e1514

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53b4561e7ff162aea59967b1144a828b
SHA1 fa422cd068d4dc7b04e1f6d391d323f7a4a76cfc
SHA256 d565589eea69f986240b42a3adca16e6b00a74d5e863aa8bb533b5409308bdc2
SHA512 d74508fd277e844a425e1bf96edf968f90ca3afdc3bb04a58d494f6c70299b55141a9a380ce163a97193431d5a5d940cf4343ded941da37112d4d25744586556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e23457203f3095ab7b3dff6b33caf8c6
SHA1 9a64ecf5d4d0e6bfbf455fcc5d0ef6a5183b0916
SHA256 e2ddad822068e651d9fc6eba1eec02013576a6e6e34765d555e9150e610aab2b
SHA512 6481a8aa4b559ae3a1a4af78ac3bb66565035f099fda3f63465c01de24866239fa6c207e882a0ef29087ffed6f4b8c196eafdccf92ebf30c3161456850cbcb77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40fd5535b6951631e21da8b4efeaf4b0
SHA1 1d2eae6ca30378c3485f4d87dc37110a451b2ce5
SHA256 fb6d464aaf2899cc33ea915cbb9c8ea65c246e7dd4178e19fb74b73af11767dc
SHA512 1da558f052775913035b8528dd3c72452b510a085fe55d20cff2e4723a1df475649d6ccceebf0a0567e8e8db95ebdf13711c34e2d41f04a541a3c75f5831190a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e164b265d99492b4212117df21591d62
SHA1 bd38c2703e72cd1c04a46aafa249c73e74d30728
SHA256 c1c8ca508a74cad892480792126a89767f7cbf4ef7a47080b208664781161ffe
SHA512 abc3fdc1c5b450b2d3fde6594aec9db65b42008d23aaae2f4241c0eae0e0d87d1815414625156766cb5e82fc52953280920f87d683b55237124c7a127096b3ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5fcabbde95ebbf25b5d5b70848bba5a
SHA1 34becbaf108c0c38e6af4968723cccd3dad3f737
SHA256 28db349d8ff4ea35eaa32d9f55474f4760dbd72bcd8875dc0241a4e0a819dc99
SHA512 86631914303782e8471050760aa2990e266c7d83d8609a67e7e32e494c2903c0e1c28c81bbdfeda30374f970411a5761c9b0e1abf9f6e66007f707fb1a54c3b9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 08:39

Reported

2024-06-26 08:41

Platform

win10v2004-20240611-en

Max time kernel

133s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1732216778" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3029a167a4c7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115172" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097a1eb2157cf4047a4f2ea4b9291f323000000000200000000001066000000010000200000009af786e484b24dd5838cd8d99a42a1145e87605078c9b288f53c8ea6c8201e67000000000e80000000020000200000000fae95645764b4e9e426af9d966a0a3712616633bcad31f2ae2287175290a561200000009e7c4e608591890f5f5d58895b645eedb23bb0bd71c1a889060347a9d11807164000000036a5f960952a3a6db9193c5434d2401497478e6d0e4199bcf0fa6ec268885ce339d80faac2bc88453a3fca5f75e1bf6fa1ff47aa29713138fa733e2e5f9ffc37 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097a1eb2157cf4047a4f2ea4b9291f3230000000002000000000010660000000100002000000007c8110462c990d7fd0256fd3a77a6a176186b209f153794e162e3be6436aadd000000000e80000000020000200000009582dc2ba4b01f9c44ef05f00b74a790bb9f8f75e7472164bcf875d6e1a2483f200000002b7fbba682e4cf73c9930fd488890c4e05b2c129e04fb435f5f4eed3179bbfda40000000cbe285a9ed6ce81101f91eb814a7425bb84bd99a36f3a1d705ec6aa497653e5d93a64c0ceb2ac075b0c7188565829b2af9295adba90707e3e17b13e02052f75f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1732997861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115172" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40df9e67a4c7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426156131" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{92CC72AD-3397-11EF-86EC-663BBECB1CCD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1732216778" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1732997861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115172" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115172" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\116342b15a88fe6a8f1c984a05472945_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" www.dnfann.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.dnfann.com udp
US 8.8.8.8:53 www.dnfann.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.210:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.uxdoo.com udp
US 52.86.6.113:80 www.uxdoo.com tcp
US 52.86.6.113:80 www.uxdoo.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 113.6.86.52.in-addr.arpa udp
US 8.8.8.8:53 191.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 www.google.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 8.8.8.8:53 cdn-cookieyes.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
US 172.67.20.8:443 cdn-cookieyes.com tcp
NL 2.18.121.151:443 use.typekit.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
NL 2.18.121.151:443 use.typekit.net tcp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 37.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 8.20.67.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 151.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/1664-1-0x0000000000613000-0x0000000000614000-memory.dmp

memory/1664-0-0x0000000000400000-0x00000000006E1000-memory.dmp

memory/1664-2-0x0000000000400000-0x00000000006E1000-memory.dmp

memory/1664-86-0x0000000000400000-0x00000000006E1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 0ee5ac8da7cc4101bdbd99f4381508a8
SHA1 d5bf3e64712cd0abc743971df1f79e5892d12170
SHA256 a500d8caf2c05caffdbe29bd7ff9fb6d82dbf73ec5f22847dea173f09b306750
SHA512 17d2e5cdcf5b1a96c77d25abb36fff73ace9954d05488cf08fad43114b5dd5f32e0dea2fbf41fedd41137b26f046eae02d6cc48ce42ce73cc27ba4368f2e1bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 5f0847e5a15af2d7923393c3cd30c5d1
SHA1 326c44f2bc29ec6578a400d6d46361efcb013540
SHA256 28766e681bf500e9cddbcd3275cd898c4165354ad087c2461d9ee374a7e2221e
SHA512 a83751183cd1f2ac063a0077f8edfaecda72a4649437070c83f88151c822ff42d43fb8a291c123af2598e10d15cbdc147cef353b2149baca9462fb02e3d67a06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB0E1.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUGBEKKF\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee