a200a06d84d2ef07b91a6dee173a4169eafaacf388263bb2788e96fda6715525

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 06:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe
Size

16KB
MD5

215f2a434f313170cb52c496c9d2dc19
SHA1

1f3ff22c075a2ca922b16303006f61705ebeaa1c
SHA256

a200a06d84d2ef07b91a6dee173a4169eafaacf388263bb2788e96fda6715525
SHA512

a161551f4fbf9634c4e5c06599e7b826791d638bd6e812bc98f0499c4548d36c5ac35908b0eea4329752b37b786c191c2f7bf2809ccaa6e8c19766009d0facf1
SSDEEP

384:H5yESya4zSCuYFIenZd/7DMxAHLb1cq4/fQFwqUm2+q:Z/2idDDMxeb12QFnUuq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 10bc11c111cdda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BCFC4AF1-3904-11EF-AE27-76C100907C10} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E15529D1-3904-11EF-AE27-76C100907C10} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05ABA751-3905-11EF-AE27-76C100907C10} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2348	IEXPLORE.EXE
1356	IEXPLORE.EXE
2280	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
1356	IEXPLORE.EXE
1356	IEXPLORE.EXE
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
556	IEXPLORE.EXE
556	IEXPLORE.EXE
556	IEXPLORE.EXE
556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2348	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	29
PID 2460 wrote to memory of 2348	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	29
PID 2460 wrote to memory of 2348	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	29
PID 2460 wrote to memory of 2348	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	29
PID 2348 wrote to memory of 2760	2348	IEXPLORE.EXE	30
PID 2348 wrote to memory of 2760	2348	IEXPLORE.EXE	30
PID 2348 wrote to memory of 2760	2348	IEXPLORE.EXE	30
PID 2348 wrote to memory of 2760	2348	IEXPLORE.EXE	30
PID 2460 wrote to memory of 1356	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	34
PID 2460 wrote to memory of 1356	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	34
PID 2460 wrote to memory of 1356	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	34
PID 2460 wrote to memory of 1356	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	34
PID 1356 wrote to memory of 1568	1356	IEXPLORE.EXE	35
PID 1356 wrote to memory of 1568	1356	IEXPLORE.EXE	35
PID 1356 wrote to memory of 1568	1356	IEXPLORE.EXE	35
PID 1356 wrote to memory of 1568	1356	IEXPLORE.EXE	35
PID 2460 wrote to memory of 2280	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	37
PID 2460 wrote to memory of 2280	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	37
PID 2460 wrote to memory of 2280	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	37
PID 2460 wrote to memory of 2280	2460	215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe	37
PID 2280 wrote to memory of 556	2280	IEXPLORE.EXE	38
PID 2280 wrote to memory of 556	2280	IEXPLORE.EXE	38
PID 2280 wrote to memory of 556	2280	IEXPLORE.EXE	38
PID 2280 wrote to memory of 556	2280	IEXPLORE.EXE	38

C:\Users\Admin\AppData\Local\Temp\215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\215f2a434f313170cb52c496c9d2dc19_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://tt1.05885.cn//down6/down/?s=C2E3D1B0AFC2A2E7B6BEB4A385EBBEF1&t=7/3/2024 6:23:19 AM&v=C1ADDEE3B1C2A2E9&n=CABEE3AFB6DAA7BFBBBFB8B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2760
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://tt1.05885.cn//down6/down/?s=C2E3D1B0AFC2A2E7B6BEB4A385EBBEF1&t=7/3/2024 6:24:20 AM&v=C1ADDEE3B1C2A2E9&n=CABEE3AFB6DAA7BFBBBFB8B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1356 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1568
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://tt1.05885.cn//down6/down/?s=C2E3D1B0AFC2A2E7B6BEB4A385EBBEF1&t=7/3/2024 6:25:21 AM&v=C1ADDEE3B1C2A2E9&n=CABEE3AFB6DAA7BFBBBFB8B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8677983330f466f8ef8aa119eca8117

SHA1
b25ec7dc057cb15beb9a3f9f35b835083ccf3a12

SHA256
6e2b927d481acc9458273b46c70af692215256c19bfa3ffda226771b15bb506f

SHA512
1f65e6a6d6acb703732124867819f3e4da413199b28d136727900a4ef92b6747d420168eeb1b27450c3c8933684beb6f34c51c233b27cba1efbc0e85d99db55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b4ab1af0b51a52dcae424a5bb902998

SHA1
b47ece99049593cd0e113b835b68e07812acd8ec

SHA256
53520bcab7fbbcde5f55d64bb6b7e7d32795be35edd834c9ee7486ed5d761f2e

SHA512
15cceb74156ff89265508ed77f73a837b2dbf8c3507e8d62831d06e62316bb7ffc1dbe5ccf49a35b209ef82aace1348df873ff1ca5dd941b2790e41c62f8f5c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4372f469cb54203396cca16d54e858f

SHA1
dffd686561b4320a98620e426a817c9ea85910b7

SHA256
1ba856fce345020822ad5f741b6f52f97b4049f19c8de46451e76ebcefabafb6

SHA512
798f6c6095a13f430e6702c42e2efbc6875a10129bc9d41e69a3c21b387bb415a6e123e5da303863099aae997296209ba50aa8b0dbf776513c4e09f4366d01f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ba4cb0b88534b87d675fd800799e8c3

SHA1
4d3ff427330c30d532f7d7e519a4fe13304ccb71

SHA256
4683c9d02dcad38cc951d235639ccdfd2046b1fcf9d707152428634c469cf9de

SHA512
d8ca58012c23de1da62529f2bab9908020620b8ec919fe672d73f95ea9dadfe88e7c3ef5032643a0aa78908c11c04237240aea978d9b9f47059b8f5a9fdb135f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
208c18c9d93cad9c15c003b536a4ba50

SHA1
dba45aded37875e4a2d16ed119c33339a6e1bcc2

SHA256
ae455113a319554952b399d43de1c7ba39a4532e330aedbc454c837a9aebe72f

SHA512
f024ff6e0b3ef7a4f0a45e66158315e3fffc0abd79aad8abded40d7c350f36fd70c9064157673466c3cef79ce0675f38533b1d11de3a7450ff9d4d3390d8040e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dd1d997bbaaf3e7190623c763b6a052

SHA1
ab1fc09dda24d46dc36e0b46f5aad69ce1ae405f

SHA256
7a921f717d17838977176bc56c508453dfd376920870fb5dad5c5af223de7adb

SHA512
d549d5d51c6be8c63c2cdf77b9b96e2cf801576987d1c5b6f42ff0772db23608665fb7c4db1d604b404f6ef1b30451919b534dc3da9fdb7c069522baddb51033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e20e6b79e099e35a4a9c3ca0513dd9af

SHA1
ea2d8292f342c9768392d91a7fb017908ca4a1ec

SHA256
9cccc6749ceb528233d51e5cc40d62118f443c22223404eafe5428d3d9cbaf08

SHA512
4af9e7bfed13bd280c849a4cab62f4d02a89eb6b4fd8178c7468e211385d13aa4ff12089e4f4167b69110dcd4996a505df9e3346c63091a58a32d8ffd3634adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ffdda76d0cd830188ff4ce3ba8f53a4

SHA1
85b6223f81f862471b52dd360611e583615a378d

SHA256
0706ad50738b2bb52dd876a0227919814f31149c1925302fefea56bb0ff5093e

SHA512
f5c8397b06a55aae3b6cf688d7bcc5e3ce408212a7ac5c1c6a4cadf77824d0232a204830b35023ad09d037f5ab947ddcf83f44a86119f16615f06d5542b63fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4b48beea5f5205ab0d9b9f5f993b239

SHA1
d043b81940b454c41f09dec2c7c50476d647262e

SHA256
8701783d9fe158559b97c5df415aa74cdab0703206e4fb1cc55856a5286f3f56

SHA512
a8b4c735e447e1e15d0fb21ffc148536b91adeba84673b39d832d4ccc0beb69f364c2a41ffa31cfa0e12d02b826089bfc38f1a0e1533ee433817ba073c5e4bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2704ead60fae866af8e952bdb0f9e41a

SHA1
4ed1b0ed5f10006cc27f5529c5e0a5bab73e90c1

SHA256
2f0010e98da20b956f6b532ec4504990e04933ae262246411ac23046ad2e182b

SHA512
100f8f5f473cbc6fad83c0a2dafb682d9f6243cbb2505377fb1857a1b908608f181896fcfa1f327df61d01206266978997df83093778ccb010cd74bb58521b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9f79fef4e9a9b065ccf845105defba0

SHA1
eaa3ec288c00b51120bdac8743e6c976e372ac04

SHA256
d7c5f77aeac35e92c486bb3356383b61b98b0f5f15c9c5fd42564cfeedb95d8a

SHA512
5ec5a0958550b9807d58bdf191b97602919e65c4d9ce7267f971ab401f34b8167e1c46f014aa169dc76c336116ce631fe1f4314451713f63ca0cea28d2724175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
195a08b701f66165dd361b51fe0d6689

SHA1
35163822b336bb310b6a9e8032b3ecf63efdefaf

SHA256
a45c8fa6bb7eee587d5dff79b69497bff84e25f01cfa25b5b8e761e83c0927bc

SHA512
07e2f378ea8a0a8efcb7dd8673fc2f8b564101bf0018964c437dd7641fd0bf9ee3991b6bf12028c4ca794f721ea0439c22330dbdb739734165158d6ae0210f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
698a9a4561ec19034ac4e77914bb7b63

SHA1
c2fe9b1212c86b053acf0e9128000ae52278f05e

SHA256
566a35b7c873b200d7afe3b304f9f2abb600e490642c7b113195c042dc0cdd79

SHA512
1ac20ea35caa0008651898bae2d5e2fa854ae464f095c5441da3b83c985e691c977351d4a5641294c382af12c8b12fa9929598dcdea167d82cb5673ca37b2761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70219abab99e2cafb1a1f3e549475119

SHA1
fefc17fd5a57d27c64badd05f23eab467fd84a7d

SHA256
258d0f08813eaf9487ed39caebcf9427a11a18b3a9faf700987e5c2ecd5d145e

SHA512
8c155a5e3e7c7f76e698da99a9fad7d914e671fb251fc032b0868c361691d1259174080a389e7401a05f99fc41b391ec70b597b9c1cffdff5ad2920cee15e37f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
602944ed2b335852c4581560308eba56

SHA1
8bd9cbb1bffd8274aded524b5e5b8d24003dd615

SHA256
11e9741e69c36a448469aec42221ede3404b697f59b2043009a8ffe1c4666b45

SHA512
8f23681957633fc6a2e468cebe041dbc3dab577485f5de000a5fe0dd1daf460daa6cf2c50c8d591824a3394027c3e4d4a827691f1f17a881a9f8224f2868e854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa25b94016a78322521ef4af54c6c8e2

SHA1
33c091cc7e18cfae277fbc56cf3481d049095ed7

SHA256
f1ccd31b6e10e34f6b3cceedd54aa9a0755d60cb242e6ce9a2940aa70456d6eb

SHA512
70042cf0c2435689999e66392b88da84cd92dbe0016ea426ac7259e749394cbb0c240a4640b548c49fca9219b3777f9570f7358ab5dc2b5895011cc148018810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4e3046c567f99298d0cb97d5c773868

SHA1
cf134f715bbf8126b4e68e4c4b8738b72128f7a9

SHA256
93e573b16bff1ea55c48ef8793afe41854768cd11870c6e383c63886e37b79f0

SHA512
20e898e1a2fd18b752d1ccd46dcb671acf7e7ab717d53423ee516bfc6596ee3714732fbd997d4057c1cc720328f84089d509bbcaa846b4b94e9434485eef44c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37d89024b0ae3a15130c40234cf36afa

SHA1
05e7be8af7d104c771ec00f98e8cc2a5256a19a7

SHA256
07dfd7502a641b7cca6db07fc1749d0b1640d04448acb41bf9bd26dc5f2e3fb2

SHA512
8c89fdc2a284482044b0d3081938fce0e2e41529a887f1f7fc5449c63c2faaf5f8a51b5ba119269a803c07ebc9f7ad5f612f55d68cf44495be14fa9c260dd817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8fc169617beda53ce604922eed70c49

SHA1
ec1080d1b84d36da05ff8eab0b254f5a72705407

SHA256
a765edd1d35b4c60e20bebda5a345c050b9332aaa86a5cb351e36cf4c146b5a5

SHA512
b2a0370a122e55830956a6cd569210b71feb21c4b49a4c1b0557d9247c713f971d72c1189894a8ed65eb18bac4a10097a69adaf8ab31799e6f8b30a0bfbaaa12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b41f3dd3d42b257d7f9624aa1847fa8

SHA1
2bddc772509090e3b82ca739572d460886169828

SHA256
750048caca9a538aa24ba29901bf257e4ff709545dc63aede17b7f8417e5cf38

SHA512
79d0a25cf07f48645992f8248dc41474fbc4b6d056fbd4a7d36856786542bc6034c60a92be24420594eba28c46608903c6d75a7ddc3cb60dfa4bc690158ef708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BCFC4AF1-3904-11EF-AE27-76C100907C10}.dat

Filesize
5KB

MD5
2497a8597fd7c511af43e94e366eb3ba

SHA1
8439ed5f8fdaea4d458fc7da9cbd4a6e50dcf707

SHA256
3380feee469d3df1580ebe8ef50d7af964db93414664e6c4e0b92ab42a1d2d28

SHA512
5a549460726b9c16e5935b3c520236d30ebf99db3cc3bafb0055e978beaa294aefc28c62259ec9a3a6595ca02b99e7b798b45c2d16bce3b36a12067cf2aabde1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E15529D1-3904-11EF-AE27-76C100907C10}.dat

Filesize
5KB

MD5
6c78db5be72620b671bd4d5a67346b45

SHA1
17c04784652c68daaefbb67dbf862226e2d0e12a

SHA256
65640d0aaa62989d8c134d610e76e3c6cbcdde45cee424df506fa77d09f0911e

SHA512
00db5951937aeb5616bddb3b784227814d35f9b282536192c353f03f7eef8cd0534a0b23bea24ce5748598629d743fc2b4f5e57afd34259ca07a279e917b92c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BCFC4AF3-3904-11EF-AE27-76C100907C10}.dat

Filesize
5KB

MD5
b2a912b603860ab702f027609b1cb435

SHA1
05e2189110df0ec95762995430fb7719e3bb8854

SHA256
0323e364e1ab862baf1fdae0880d324744f9516626f7316f545632bf3070a092

SHA512
70f66d6a0e27738119885f3f1d4a8372590a29489ed492b351786ce83873d3d8b78820f8c1b82dc9e639538001080d4fc6508c44e720f6e97620bc4a475e9dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C65490D0-3904-11EF-AE27-76C100907C10}.dat

Filesize
3KB

MD5
730d9bd10e929e5a48e09d27b4c796fd

SHA1
2775eabe919b2ad02ac5df1d08209147235895f9

SHA256
3f2ccf566c88fa4bc09ef2d33b41bc68271f07615a59159351c26adef1c66a0b

SHA512
4ad015a24b7a34f9038670243798d451e6e2a5a37d179b42fdccd23b734db5d1db3d94d4e1bd92947469211239c1e3e05a178d12a01334e4fa5379e45e29e146

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC813.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC8B6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2460-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2460-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2460-4-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2460-6-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2460-490-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2460-935-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download