Malware Analysis Report

2025-03-15 05:52

Sample ID 240628-kt2tratelq
Target 1986242734173a6d7faeeae5165e28b5_JaffaCakes118
SHA256 583d9ccdc1024490949aed20d307505b17a06d6c54cda4dcf638eee39cee98c7
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

583d9ccdc1024490949aed20d307505b17a06d6c54cda4dcf638eee39cee98c7

Threat Level: Shows suspicious behavior

The file 1986242734173a6d7faeeae5165e28b5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

Checks computer location settings

VMProtect packed file

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 08:54

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 08:54

Reported

2024-06-28 08:56

Platform

win7-20240221-en

Max time kernel

144s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f7217bd69d39dc4e9c5281d21e8e9c3200000000020000000000106600000001000020000000a948c504141dcd1a176532792c3cb678d044ec73642fc58cfe6b7990fc895cec000000000e8000000002000020000000e4780ae1ac55699d1a03ad7017bfcc641aacacd7b0436509aca6547fd69e582820000000d2e8c0c6cc3bd0b908efc5fcae82041a9ac70d73938772fcc6944d737f29aaf14000000096b146c9dd0c3ae1410abaaa9c081a8f0f3346d722349bd85b1bbcbcfc8ad8250e15128cb926a62289516e39c38e26a8dc23659ef9f7aeb95d69fd1bd92c69a2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7072a4db38c9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f7217bd69d39dc4e9c5281d21e8e9c320000000002000000000010660000000100002000000010f0a8847b8dad9a86d915f7e638371862888ad77bfc51c473d3bb48725d71ca000000000e80000000020000200000006011ae6b574e549ce617c9cc7bd2c728b675dae9487b70e69a5a95904bca7dd290000000a9ad58a543f463b9733ced2bf22e6a66ac5fd7847980f3e957a3aaf20fd288d674c5a0e0c4e0468f4840f8faee11b2f8b1e0b51249e1296adf16b7c52741741148fc29ab2d20568d836930d192c75ac155cef29b903800c8afd4c614b010a2a6487e2611ea8ff1d160a36e6e9ecc8dee0d020929cd298cf661c95d335ee17f783856094a772bf8b2c1b68fbf9874b35a4000000051d67348305941d715ba8833b1de0d0e9a611b9e8361dd8257f771f29df3bb69ba49da55d7abf0fdb54c74bee3177ba39d6c167d67773890a9b9b5394e29af1e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{045485C1-352C-11EF-B1D1-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425726732" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" www.dnfann.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:792 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dnfann.com udp
US 8.8.8.8:53 www.uxdoo.com udp
US 52.86.6.113:80 www.uxdoo.com tcp
US 52.86.6.113:80 www.uxdoo.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.7.37:443 www.hugedomains.com tcp
US 104.26.7.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 cdn-cookieyes.com udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 use.typekit.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
SE 184.31.15.74:443 use.typekit.net tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
SE 184.31.15.74:443 use.typekit.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/1628-0-0x0000000000400000-0x0000000000705000-memory.dmp

memory/1628-1-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab499F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4AB1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d33b29cc4811cc2238a4b07a6061359c
SHA1 95584a6f1a51be1bbae748667b24b5228646cbee
SHA256 017b96d72afd558d68116c6a1ffb7df1f6e1fc57b44e7d2cd845f399abc6d6e7
SHA512 4f1854a7d304ac91949b9c0beed535786cb06efc57872a77ddd488e1770e9414e327127c0fee8756aeb17177540357c4991389e08b69c129ec042aea08e82e1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11d8ef29f2b03c62a1cf819933432cb6
SHA1 3cb6a475257aa3d802572d52e66861cc140b2d01
SHA256 967975523fe662e95c86465bd067bec465ba2874ae0eea2ccae8f91aedd7ea02
SHA512 76345e2fa7336a2605665b6e586f97d9622442597e3547842bbed2b0f878f0f1a3138d50b2a138bfe5a8b6438f9a8905f177fed9785bc557e6d0e4dad9ea6dc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aedd0fdaa93622764c60a81737210699
SHA1 cb998974e52a0f7e2792f20df2cb3c6ab4622516
SHA256 69bcba9aba79ddf0e1dc3c61b60bc2b9875d8a7cd6579d4bb0c5420751f3c7f2
SHA512 329c2c1736865827ab84ff6f4b61f72a3abe24f86320379b04d26cf55218f563209a92453d5266734ca8800621838bb5d2d6240f06bdfc09e14f715736d26c8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb37e57fae53e95aca076e6102a90923
SHA1 e97d097084a0575b89779cd780bedfd054360c36
SHA256 4df111f6c6c8c15d8f28c20eb41d15b048f8f1ad5e94b0db20a32ce37890c767
SHA512 8852578100eccf1d79d1f2987e37bc8a74bdfc1c3ce984ffc44f86335d3eaa1ce28b74ca750912bbdcbfd4a6350995ea6d1f06d56bbd1547854b9a626b5b4a75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0407727a49614709dc597624ed833536
SHA1 31403f9d1f0a0c0468f606b7bdf8dec8cf89e0dd
SHA256 f4fca4277d2c741645ed55f45ce0a2b0c7243c8040a4e59a2e98af0556b4e8e9
SHA512 38127ea6537de30ad830dbcef432da3ad181976aa8f3e4766a6a5be4d23b5b3fe18f2d0ac798227fa82a472a18a53b2692e0cf9c31f2a2c6e24fca700884d650

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 970c2691b8b0464b97ad2b39d9474599
SHA1 c05994b0e5422d3ea22cc839eda636cc5023e32b
SHA256 ab73114fd2e2c21cd6632c8f4ed98f5b93de8b6896c47745e9fd118886671bf9
SHA512 c0a552ee3728d7b7743e6b5a71da81d1862aee57fe003e22a5020ac3b9d925561da34d9e56b1737fc5f479d727ada78b341f4807ca626a7ea27aa2c6eb169bf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbadc425e517cc18b0696f71dd0ec409
SHA1 d3da9a445ddcc35cc986a1692304d57498400841
SHA256 3e7d66de6b67d7e7965ce133806344eb1775449bf51ee81fb460471d76aea3d5
SHA512 189b3db412ff6306992a68588c0a84b7b656207604a305cd32574586975e520f88c7cba75c0482c90bc7c3009d1d68372f1156dd7c75768860822f1f3038e667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db7b52bf440ac3b2b222e49fa0a3c5fc
SHA1 71afcc7eec41bcd471e2c81b6118d97fc466c16f
SHA256 2560f326957a55a05153b56a752baf1752c4ba291ded89cedd1a9ecb3ca900c4
SHA512 24b3089f712885f6e9addcdc54036fb26d2fa5145d03e9f67e61a36e11da3f26e10249afc591c814e1bb95937a2671c383ed416c953642901c75b05d426ec276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aca2ee89a763172a3937f656214930b8
SHA1 9df1e81cf36be1f73fbc7ca1adcd8065c087bcfd
SHA256 5e276e9a5ba9a92e87e3e28bf7936e2c8866e15666d1ea2612e5c2e36416b455
SHA512 83bd1a06efbcadee5f2cd6324f5f9f75881ed51acfc43dc39cd414da44a37d188fdacf7a8c83d760b42432505b8f110036774470d25e07ff4abcd39cc6daf7c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e709635aab320bfd28100d052200f90
SHA1 6f36f91e57e71b6be50684d37327943d4f3c487e
SHA256 144cb9bc4b6e8a89d3651be5a7684d1b9ccc96666ed7c127f99baba9c2c61950
SHA512 cef58def3e217ce6b726e31bfc16e8362e4b8a82a3fc8040657d4618c4b03d8cf25712f56ff1c294715ad148712649a6f78022fa12642880234d5acdda48e442

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\script[1].js

MD5 bfc517188e31c284e6f920185ef9581f
SHA1 dc44e4b0baaa94841eaf301191236605e05aac26
SHA256 2cb9e929560926259750c4d840710fbf0a7d2c8da9a9a886ee478bc362829e7e
SHA512 d3f98cf4d1b282d8d673320910acf320de861f363f522dcb1ff7720575c0d80ccd8eda85acbb5ec9867f98010ab9c0e07f2a3dc08d5f0ad0ff1a4f3f82f048cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 308f21d9a05ba01bd9f3d4677bdd4bab
SHA1 65ab7e23ba3d951216069c8d7360ce836f46bbca
SHA256 d8651b31673006231ecc91c1cdc17cd2be290a7c323125a5d272a8385765c451
SHA512 e648580952b78ea392d3e220ffe8287286bbd15814117bf1270567eaded700030bd09d930804c0afd458409b5d948409dfeb9d6d89db0f6f24b2cee1f6d9b964

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 389dc6fede6bcc97a50eccd3c6fa7bd3
SHA1 4287b033b281fbb3960fb372875b78bd69443a23
SHA256 24b2ddb4246cedf02e3bce16b6bbb41fed6053a21090e68a48aa8937bfac84f9
SHA512 10cd3017870bcac65c79f844ae03133ef82b7eb6baaf95898132a618760b9440493736e9846bc18d420d4183c992bfbd5aa536518195065bf29c3b35b7688b29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 994e4bbc6706f31c76abe8541ece8a19
SHA1 c78501990e9308bb6e5acd209e1d716b248b32c3
SHA256 1c2de3fa77cb4ce408f4f4528b3c1a0f41e3a0d4cd53a14fed84d4a7efa11ad3
SHA512 b5f5a2bacb518ddf00c43cba4a6604084fdc0eb970ef7e9bdc48129830152fccf4e888dacb3451f2e48c33f41115dadedb45a20c645663b7caca61481de53867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9ad78c0c6fa6403966aca461fedff57
SHA1 bf55e0eed69a508b3a66dd7dfdedcd576db17967
SHA256 0d770d03e173dd8dd8e557a445b7e2162c80cf84c8e7d47b17d27ac6f0b30a3f
SHA512 869aa203b28a4bf9b3b638e3c32231062a7bc00403a5f41c80db6fc88e92f7e3c00ff623008917cc0eacecbce442824f2831ea81e2b5a04f063d980e1fca01cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fce9b691dd6c0cd004294be21f74e5a
SHA1 52a9f2eddbae29d9c5e2fb5ed210b00aff31d769
SHA256 08e0cbf2cd9bcef856a01eb5c8ffb7c48732c29b3e9e3a392374835514dc80f1
SHA512 97fc8b788909f2cf9e685ab98e3a2d0a66bfae8d2ccc56aaf76b6227c04a36e8e47159127b5c9a3f8e1a1c1bd45275b1296f2f7997e17439f1c3eeaf63ce4aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93440d46c26a88391047606db7ec70ec
SHA1 03da41a276f803721ea84ccd2cde9136a302d5d3
SHA256 22b3e8e025fafd8b0cbf282aa1284a93655b2848e7fbccbde25fdc3acfbb6bfc
SHA512 60d8a25fbc5b63115156c6d53087316206698d26e78abc928a010231e2afc1c37c0d1c155eb6ab3c69a0aac6c6877970b3808c2dae9e6936990771f18a8c4155

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 b015e63d8dcd8b852f3f9c00922256ce
SHA1 1046e983b224ff418288451b7507aac119c2e9bd
SHA256 36333fbc57ad8950fcf509846d5e744a648c2ca2811fc73c540f9500da6a60f7
SHA512 01001032f90115113c285843e245c25ff00b725ec269cb40eeb41d3bd595a5fdbeb4c2a206d38ae5b479fb0a90f5da25c361dda25dc008ced5944c6e08e61a51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5a950c83a51edabd6eb5072bf8d3b72
SHA1 4758a2224347129a961f09351cd2a4685e8e93ae
SHA256 4ff1eef2f2eb4818dffb7e00059913cb28e723772751f08899a4c7ec44ebebf1
SHA512 523b3edfdd32bcf55f71681903050fac93bab1de4ad9c8018e3fefa9655ad6bf1c749e1ed6f36ee53905e4547d2bef460956a7fc1ee58a9c46af577d02214dd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aca9e622b1cb55fed05b4434d55c21af
SHA1 b1dc3a3a4655397fa4823d3242560e54224005e0
SHA256 99adfb5a4c3d052e76dbfc7d0349d84dbe31057a00716110a05f605ca362a945
SHA512 c2b509ed0d6803cb6542358906ee78cc90ef2bf4784ebab5f1bff93193352056fe1b13b6211b4a9dd1740ddbe53f33482944aaeb63b4b654e14949a98e033cf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16ac56f5f31727efce5ac42fe12e7b43
SHA1 55e6b5d7dc8302f551886c01b103e859f90ec0dd
SHA256 66834ecee83ba84a7a7028d3b25f34fb46126c8e4841c3a0197ff43230dc91cc
SHA512 29536578883060a60e92278965564c5cae944129b777fc343744b60730e791c1d1ab815fa3736a31155f2d8cf5f2934546cc96ffe5caa75f3e5edc9aeafe7c24

memory/1628-1246-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc2d3e2a5e3e535af31e3665bb7f75d2
SHA1 908cbe4cba247a6404892fce82d31b4dae67e099
SHA256 b83738f0b9913652c1308c86ec3dac2732eab500c8da50314a17649a13e00618
SHA512 ad8b531920dd1eb0bff02f061bbedd49baa5441d48bef3035b412f487805832428f52f0eba99057ae2ba51d5e92c92202fedaa5b7f087753d388e81735defa97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 87b238817f28fb8b85d2f5379d23f728
SHA1 9b2d4992b633885abc105850a86925a1404e7d6f
SHA256 f1d46e2607598e630b5418b3ff7604d55bc3135fffb8b85600fe30c98ab58277
SHA512 8b98c79c31c822d516af9e2c8121deb26ba62cc94e2e3b7e0f92e47a9fce1620a652b342cb204750310fa5607913567bb93fb6b563aa55745c1930b57018e2d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc4e7624039f5e544dda4878e9982ada
SHA1 ad12eb45b0cb49b828d90c1479e5965b6e17fd95
SHA256 dc872f1e04e57c4e123f66a070598b53808208e416d790725ebd852aee3df8e8
SHA512 2062bab24581ab6610ccf2eae6433220e39a7bfbfb283936c0dd3541be50464ec8f3695cd19cbf79c32ed0d693eac55dfa285cc4ec96fb2858c383f3b78af4a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fc075b0ec8bfd4723a8639913acb706
SHA1 6e83307e5a6313b15e0f37e771456c93d13312c8
SHA256 8db8f68986c4fbd5a815ec87483cf4a657bfed3b6ad6f4b2bbc74a998bfda627
SHA512 1172bbbbd5d6e13799d44807d5b442e9ee725162a1eaf17d74ce89f0cb6a7a8ae360b5cdee64c0f8321a19720dab5dfdfc5f91198e3167e599eddedfd674856a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5304c8acbb5a76568bd4fee23957494d
SHA1 19ebc062813fcfb904717c1652d466b8433b12ca
SHA256 af965134749cf1525f141b26851dd6e572cd09e39f9d3ff4c16fd7188fcdb50e
SHA512 addaf37c0842181adaddd03701b46910e56a4f82401f551d6670b29b3d6d3be90471299b815768411c6eb7867241e0c7fcd44f8814967ea9b010f0dc2e313245

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 038ff2b7ce2715d6394ca1f30901dbb2
SHA1 7e223381ab1350481d87df3bf26339fdc111aaf7
SHA256 278eddba010a43b79b00b8d037e0f8062038cbecc0fe9ed53d8addeba274a2ad
SHA512 a17a6e10a3c1c6a227b53aee4797b7e0effd005297c2bede68996d9a9781b42fdaee22fe37dfa5ef8966402f0416d9a98e0d5b1ff330361b9a576e3652490361

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc150d5c37fe62b1e19740d539ebb9d8
SHA1 8a4b6d0ae99b50834c669498b9b11e25993ce460
SHA256 97c8bde7c09124b26be2a878905a34a66ba1e1f6f14235eee08716d95eebf5e4
SHA512 794f4c454c0a04ef4b9ccce4ef4240e56075f9f8267b5c4387f0d8eb86c88aeb186b35561c224ca165b1d61ce01edf7bee0f80e1e4fbb8f1871d50e7d4b9aea0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61dc83b74f147d66c2aa5fa679891b28
SHA1 0c684e2adf0cc9d7cf71eb6855d1ec87e828289a
SHA256 f5fd60d6bb897bce2d416ceb765c9efab503763fd5cff42a2e6a4847f038d224
SHA512 918e1b4fb687f461e770735d3096487f79b751406dd317b63a896805e261ad4c471704728370f8d30bb926365496e917a788324573dc872b28c2feceb3ea1b94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e89066270a6ce3212b34ba14091bd28a
SHA1 a8fd18eb2ca5f44c1762f24ce13a8ad8a69ea7c3
SHA256 040b10b7897a61158f4bdd16a358690381d5f2c7d20538d9b752316512066088
SHA512 34814bac3ad5ef1c3716c4c80919d5634d5fa52719720bf2ff422db06e1372f168b066a49ef012cf154210083718248201fb7e48dc0cd637dc6da19442fb4c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6e636f4345f702ee627c62d1815512cf
SHA1 841f729eb119a9a1bf73f6e2777f01e4158c71a3
SHA256 371fb7a2cf4b41a228d09092b45ab46563be790973e5d4a8227409d5f828aab2
SHA512 6fdb1ea827ed065c3d6340c647e95d326494638f964e888db0bb0a4a1cb25af9cdc64a735de981f7fd54de5cd36e2269fb63fecb43660bbd10c0b54a1f54a4e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f83c178edd060a769ef9610ed1242322
SHA1 df30e7e8ea0f72f5acefd66caefb71c86456f0ab
SHA256 fd3bd07a962cf944ec8278f8785ef0bd2019096095b80212e33a785744e6ca78
SHA512 2549399e0e6368903401a3f4c51689cf19d5452b24afc718ba6768c9f873f24b64bd9e410acf52fc29ef5811faf5dd9cfc17c0c4299c16a7cb82969cab50ec40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a9486210da331b28e22e75212c2374
SHA1 100fc1e85f93fe2313102fcb6e505a82b6082f7b
SHA256 60f133bcfea1a2a7f5cada335e101c51984766076dc96a97bba351b1f8b10c9a
SHA512 bf9f3d5acf52b137af86ae9b786268ac5f1d0fa0a78e8e1eb49c7880938450ac466fc6c0e174302fa206af2627f6c75a721853a9e579f23527a27541a2f4e5e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fdcc6f9cedfa3ad9c4b96189fcaccba
SHA1 75d1b0e50eaaea202dfe6e7ce2ae0db9a7cdb5a1
SHA256 f3e653f0334059af48b94e12c48d9709c351b1d28db6def087c6be9174587a7b
SHA512 5219d14558e7419984705209633d06723d58ce225e24be375d8096ddb0692ffa9e8ef7236b740516fb23e65ce249fef39d980202f533dd117ded1da3c73e7046

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eb78554d314b05527f26d2cba0f4b2b
SHA1 c056c884c946b47b8c123226e4fbf673fac950df
SHA256 653a42ec99705c85558c90a49e8f6e13ae62b3d83626a7008cb2873d37b94fff
SHA512 a7a4ac7cdb19de2dca5b2b018019960cefd74f51e72e9d36e7e134eae3e6752c0353645ed57dd4294a35d62de433909ed0cdbc5aec05c65c0d38764ba04b27af

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 08:54

Reported

2024-06-28 08:57

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115576" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fea8ac7b1719d7438b2b1567698ec946000000000200000000001066000000010000200000000f6e9d55907d17eb7715696d32f1dd61c9bf1b1cdb5db054abb7779a24afcf9d000000000e8000000002000020000000f7a4592c0edfd4306407990a349f4107dc967def01a994ac09117ef6b6863c9d20000000bf014855665e1c93d298496111e530ff87fad28c9c8d5c7e6daedebd9e204903400000002c5b014676cf18c2dc03082062af7aafb7d5bc8c31167e1ce4f919c18bc45cb0fcea0dc855883fc4555288ec1260d466cda53b69ca5c2af8e732680db8a279e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3856107226" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01248e838c9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115576" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3803607057" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0E0EE713-352C-11EF-B9F7-6257B05D87B4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3803607057" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805162e838c9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426329860" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115576" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fea8ac7b1719d7438b2b1567698ec946000000000200000000001066000000010000200000002904df9a6dfcd65ce28cd5b70a4b4152bdaf906a4bd953c2705da2c1732a75d0000000000e8000000002000020000000daf8d8e0cd3fee427c300c4e2d1a86720f98a90518c49af5aee41250e6fb67f720000000f8acf4ab6d3d28815f369bfb69a2a0870bbfc7fec569a675552ae33c1d0711e34000000050ed63fec4abc6c7f4f790c6dbf5948290a1a48eb33ceb39d8ade10e99634fb03e4eba16a0e6ac2665e024965f79a4e6d0a6d1011eaf46b3012f9d42ff484627 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1986242734173a6d7faeeae5165e28b5_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" www.dnfann.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.uxdoo.com udp
US 52.86.6.113:80 www.uxdoo.com tcp
US 52.86.6.113:80 www.uxdoo.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 113.6.86.52.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 www.dnfann.com udp
US 8.8.8.8:53 www.dnfann.com udp
US 8.8.8.8:53 cdn-cookieyes.com udp
US 8.8.8.8:53 191.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 104.22.58.91:443 cdn-cookieyes.com tcp
US 104.22.58.91:443 cdn-cookieyes.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 8.8.8.8:53 use.typekit.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 91.58.22.104.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 37.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

memory/3108-0-0x0000000000400000-0x0000000000705000-memory.dmp

memory/3108-1-0x000000000067A000-0x000000000067C000-memory.dmp

memory/3108-2-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\script[1].js

MD5 bfc517188e31c284e6f920185ef9581f
SHA1 dc44e4b0baaa94841eaf301191236605e05aac26
SHA256 2cb9e929560926259750c4d840710fbf0a7d2c8da9a9a886ee478bc362829e7e
SHA512 d3f98cf4d1b282d8d673320910acf320de861f363f522dcb1ff7720575c0d80ccd8eda85acbb5ec9867f98010ab9c0e07f2a3dc08d5f0ad0ff1a4f3f82f048cf

memory/3108-80-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 fa34ecb8815a2d98849888cb1cdbf38b
SHA1 84fd0e04586009efb3683c98da8d9aa41487cd42
SHA256 5077a54924f80491a74ed78bbd73ff7bf85a27caddb80ceaa9ccb86f8b9a11be
SHA512 ccfdb76ccedd0076601e17272d346229e2b9c0dd884c09bb7701b32c5dc177da8a91bb539ce751297d8ea44716fc497e8a337a9499c93a474ba85915f28f1053

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 1f68ccc1e206567017fb645498758797
SHA1 be6b6d0c2566f07cc7c5a73d18f2a14869a7ebaf
SHA256 7a746e4661767db55a9194ce12b02aad1f6299108ef8e16cf6f8c757eccd7f65
SHA512 cd642d16c5e519579e76025e82f82f418a57f40e2da9b56d3ec94b008921bb0029b8d8e542174dc8d03ba07e34ccd01768874a48603f47e71935ed5989121f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee