Malware Analysis Report

2024-10-16 02:26

Sample ID 240703-r9b2lavdpp
Target 22be9cca6e4ec3af327595b890a92fec_JaffaCakes118
SHA256 04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4
Tags
isfb gozi
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4

Threat Level: Known bad

The file 22be9cca6e4ec3af327595b890a92fec_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

isfb gozi

Gozi family

Executes dropped EXE

Loads dropped DLL

Drops startup file

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-03 14:53

Signatures

Gozi family

gozi

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-03 14:53

Reported

2024-07-03 14:55

Platform

win7-20240508-en

Max time kernel

147s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe"

Signatures

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426180332" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4ACB7C11-394C-11EF-A1DE-66A5A0AB388F} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9257231-394B-11EF-A1DE-66A5A0AB388F} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426180261" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2844 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2844 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2844 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 3016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2644 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2868 wrote to memory of 2644 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2868 wrote to memory of 2644 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2868 wrote to memory of 2644 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2824 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2824 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2824 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2824 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3016 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 2940 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2940 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2940 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2940 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 288 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 288 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 288 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 288 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3016 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2700 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3012 wrote to memory of 2700 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3012 wrote to memory of 2700 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3012 wrote to memory of 2700 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 1692 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 1692 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 1692 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 1692 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3016 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1752 wrote to memory of 2196 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 2196 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 2196 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 2196 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\netmgr.exe

"C:\Users\Admin\AppData\Local\Temp\netmgr.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\perf2012.ini

MD5 4c3b39e182df4229534b78cfa45e61b5
SHA1 69441cc35b9bd9489ca554109596fd2fc661ca0e
SHA256 cf77c00bbb500e962a13ce734c22fe1b6fafa73df7a3c49f5f6a0c6c29f43928
SHA512 0fee4c3a5f845acf1dffb2fa2179db23fb4fa2a3cf8f09d56ec0f140f9c60af6cf252f5fd1549439d7746d23679a2860592752828f00c10a143c097bb2bb307b

\Users\Admin\AppData\Local\Temp\netmgr.exe

MD5 9c1c2825532b25e266d62db50952ab44
SHA1 4ed0bf16b967f68dc3d3ae857700f0ee02d78306
SHA256 2f73ad3dc5bc16ba73876c8d9ba6c744cf9ea695cc644106165c72a5eb4fd79d
SHA512 b10507a54bea115d5fe766397a7658c98cc26496987b1646ace58db1c9b5f9503d86393bb022093e5d0a697bc4f617a68d8e8caa4d5c778c423b04ea192300bb

C:\Users\Admin\AppData\Local\Temp\netmgr.dll

MD5 ad63a41ca3b73254128c05217f91005d
SHA1 d7ad7a0faea886963227f8a712de81ba1419d405
SHA256 d600529ed11ce48f4748814978e0ef47306470811a3273df012d38346895db9a
SHA512 939c5289a93b3619b1e81c9f21c8731ba097dc04d0533279e6f9bf9e6dc057f0815dfc2004204efb7a8d0a3cbdc136fcf42eec3ed1daa30e0614e3fcb3c48797

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9257231-394B-11EF-A1DE-66A5A0AB388F}.dat

MD5 b0e9cb6fcc49bc5037e4d13c8a9f9c37
SHA1 1ea4f6f2249194cf425d9cb8f8f4478b8d3c6971
SHA256 4f5becc03b6d6104feff7dce8a395580823802b8dbea174ca17c879b4b435518
SHA512 bc20f67f178cffeba5161c4b60d49dbc91a9ac0fc08590966b5cc53ed6aa2af5a2a2865b40b5889b0314fbeea8341c6a52e3fd642d761e72058464749807d229

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\Cab471F.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar47C3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62e95790a22107721c5fda32fdebc0b1
SHA1 dc15252923a42fe8dde16838e5dfb8ac3e341285
SHA256 a8e7c1531fbedccce23ddd91713445106ea109c677b0c38f2a2ac42a1a8da706
SHA512 bb5967ebe055bd1021f71e9e52f9de5c1ec8a424427c665872480786d4d67f0327e73d589c5b59139f66187efa10f6dd7a60e28f3e3d4c79712dcb4c8ecafc14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88b13029861a1d1e51cc1c0a0691e85d
SHA1 2d79330eb52ee83266c255ae2bb331785d8e58bf
SHA256 784cf4cd0dc7db32f8edd98b102ab2e26ba8333eacaa0a05a3a761f49e0e5194
SHA512 69cbc2fd370a460426d76c64c7abdd01c6e2b507e5e8c4b4948d143087737bce56ad4a27b18e2a6cd93ea1fbdd6c5820c0f0db43399c9ec839381e5087da1139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15110d5fae878570d13c62289c0d790b
SHA1 c9006c63de5f50bb5989f772ff39968cacf0e533
SHA256 3d957078386c784cb8edefb5585668642034caa675211aeffd51941cc0151fa5
SHA512 4ceb4b2cb6d7b10a697973d5a8bdbb01518263eadcd93d033867eaf0fac7722c0ec4d620a2880a5969b366e0d1774cca283a9add68df8a5a138c532fadf456ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcb3723e5905f35d69598c89e0430037
SHA1 b5e3a8d1e002bfe092ff5e5f8d74c3e8466c9042
SHA256 c77d2452b3e90be31274422c1b8c7c39e794fd5cf377105e59a838186a69df96
SHA512 d4ca30d04f6c0d0a235210c981e29ca24b879ef513a69b323f7054c0b0db2bff70a66a57a62dc0634bb8a1ef37d66ad4d35ddcdec198c88adade53fe18018203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfec196406d958714a7617e58bac28e5
SHA1 f41fdf9251f97a7735863ef29ea928a2cd87071b
SHA256 c337035aa1985e901a68e7eb300a716c1bcf6d05d7212d1c24ff7b19233e02e6
SHA512 4a8b55957740dad1d6456dca76a230a8d4fdac09e7785ce7dcb80c25c9f39df7f923f74a54bad24ce6d92bc139afc40f48890590a6a7f6911686f4858509096a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89df3dd2bd6ed315b54130fc61b6dd88
SHA1 18a6a2112220d8a36d505e6b7f975cd76df9c863
SHA256 66cd4920db8615462f815724b02691fd84cf5eabbfbe459b4ba84454643e7f1e
SHA512 d3555c348a4daebfba0e98f28e1c418015715fe58d682b965b2e0ab31fc61b91b4bd782ffd74b29631cc17ecc6cb6684a30b9b1864b6b748f2f81ffbf969ad31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f678ee4e073f0e40e85ea3061ad978d
SHA1 ae2a4383642d94e30980f3eb50e97d5232b7e17b
SHA256 59671ef0346d70547a1a5cdc3427eb10f6ca7dec1dcfc345f001a2b2f99eba6d
SHA512 23a4fe1f8c46210bfc908bfbd213c5947012ca6a09e1590b52741d7a66ecfbcfcd33fda35b622f56110912c843eab91dcfce8060f5fd007aaec9a217ea1abd09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94563bd7d946a3cd55bb70361cf06f42
SHA1 ac0670190974e9abe188a954dd00f3af30c669cb
SHA256 0269273d8a310af2cff6eba4a3199fcb0900d2beb660ce688d877ec93d4199f6
SHA512 5bae029d8223ae8cf3d9684371c5f8b159ddd0785bd7aed1c20bed33c266f349ffd6b3629927bc954781f1112d59f9418327fc9c4d714b60135a0a23dba4b91c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61cd06e10e16475690ae783aab5acdae
SHA1 3a702684c75134ea8dc72500dacdfc7b612fb74e
SHA256 c480567e6961608516f00c900219362333f771c61a13d21fb6f79b6a9cfcc209
SHA512 165f4c82464134980b43d4a4b26aa08857bca6f7dc5ddd692b3b0a9f0ebe29e55b1c6378a0a0997ab705dac5dcc040fe3e5757f125f0d8f742cb5798859d14a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09d5501a6f2b126c891e4f8b026ca41a
SHA1 d21c6499fb94b0829afc76b963344733bf2368c7
SHA256 f5fefeed47eb928e4c856249915c2c2062df3acc3abbb1744c494f7091d1eb1c
SHA512 bd6fb7aa940022c87e91a3eef0711865b64bfc0bb9912d79029940605b643ee360c673d60441822031abf6d016e7c730912743386fa98e23e91de8c971db6920

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77312f725e19751ecef293c81670a841
SHA1 b5cafcc3f87ba899ea13247d4f1013cb01806fc2
SHA256 6497d7219665688c20eddba650673f355ad90493c38fcf4256c43c39e75676a9
SHA512 1b12dc292f3b9e0d416dad08161e90ad1d01f94ccdd0ac1d95e57e5c6b7950e317ddcf6c8a763250de454e241dad90e7d5fc4affdcf07dc9259efb0ff56a561b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cbe824f2fbb2ada65dfa330b1256d23
SHA1 33856e181f057b11c5d07991069afcb493e3d23a
SHA256 96954a1a19481b6c0bd7302b94166b707466c01848ab2f4b361f9bdb1c673c35
SHA512 b5098f266d875fa2c31de20fb5978dd42b1add209756965b5e33019ea576320593e67cb737354245049674e11463eb8c1b5adb85ac7704c1ff84808b7f776de9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 397e666849e19f9a35dfb2b171755165
SHA1 f766f748eb59a934bb22228ebde901bf8533d811
SHA256 a5787ccbe654c552f1f19e28908e6247c6ad35157cefdd4bf2d590a7ddf34415
SHA512 8519c075fe60c3d4869e3d6239fb52b354b4ec8518bfe37ebebe4be8663f309ab7844cf2cb6d73c08ede1442d058f009c8658ee7ab2aed20106dd774dea1fdb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9edc5069d86c4a586191990373a06541
SHA1 462abee6c80d77ac41b854827fdc7606ecde89dd
SHA256 7d035f133bea3cef564356470cbfb7f8be333301dfbb00c4f68fec91bbb1173c
SHA512 7298434bb2133e10a9445a5fddac03d6ad28baa060ffac1d532dd8658229bd1caaa75deb3adc1df40f3e10141f631b997ca843b51c953bba14fedd62400762a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76a6f844c228af7442cae2512aea3b17
SHA1 0eeb04b81fa9659a94db4031f46d2cb3702713ba
SHA256 4643f387b6a892d1eb75ea582be9d8f619c1371ae73cb03b1a9877c8c9162d31
SHA512 ef9c91520d2eb8d18d54e80d39b7aecbe75bf2481378d029a1281af2af1c57e3b0e57237f75f7998c4f5f09b559db205f72465e9abb31683d5aeb067a6425b0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4c32242946f4ae458666fe900e9dac1
SHA1 589657177ad03af88098c362aac64b656c295157
SHA256 5bb13dc327d9f697dffb4c6dbdb5064f44bf32b80daf5df2ec9a617204e9925c
SHA512 1d2876299ad181de6037169dbe2b7f74b83ce85f9d74402a4ebc90c89995c720b596f68424b29e60bc8fb33820f3ef54af0ae911de2224d6ac8750a1783bc2b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 929ef3059b4b4a4e7e29d9dac33ae9ca
SHA1 203696f46de380e02586923c8f8046c98bc49ba6
SHA256 34684dd2ee52bfa8fdfb4cbc63f817e0df491fd552bf9a64c72f7145f5ea3d31
SHA512 5fca7b494d892337c4e3acc6ade475524b35470d615a7a1d32863420eda9ed32ed8326435ce36cd9acc2e10e7bab70154aff435a1368d4ee300b7fb3039f41a2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC643211-394B-11EF-A1DE-66A5A0AB388F}.dat

MD5 3b079c548d99d2a73a56ee64d7c856b9
SHA1 82ba757b52055be66301f5d500d37be27e9e456c
SHA256 eb9a97a693482349696448062c4aad6028affb15726da21eee39492656a90821
SHA512 d46b6680c664403b52285d7d6974e8a473ac4f3ed824c8a6d53fda630e8ff3bc87c0cbc7c83d4c5b35c8ba867eb16dd80f22d98ac8f4f991a9480f2a9cb92654

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fce97d913b00882bd70abd0b8a9785b3
SHA1 188f671b0e1d5636a39b77e463f7338363f2bbc3
SHA256 4122f0e1aef58abaaa617b4613aa4fcdfd6ac67ab0564163326fc5f37f7b2f0a
SHA512 0a4dbd9a8e2e1510814e56704247f2f028f6a6822481bdb757b18a5348ae3d0ccf0ebf846642bd157951cf7953603c86bbeec9f82347288cdd9571896fcaf69b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0d0cb18adcc2c0d8bc7f1453eafbc88
SHA1 09bf7984689763451af6a7082abfeca9f9b5b197
SHA256 f556b16af4cebd3a2bf5a557728de0bcb4b0a5311ebb65317afca8da606cbb6f
SHA512 454f2e2a531915de14003d2ea10829c67c1a5517fda3fa2ff0a42f10dd826e469230f4a1308168116d1b4e7d0e7d1049f8830a61618f9c179edb6e23c6f10511

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 766768b92fc210de51c5bd7e74be3597
SHA1 c2e70ab53fbc09957569a1cd9597bf711bd1c3ac
SHA256 34eb023e2ee5d5d2483cda90e639ecf85961c71f461f22959e4d761b9e9a5a96
SHA512 1f30aa805bbe697aefa5a70c15ddaf7e1d9d241be6111c66f4a51a4e0b098ec52eba80635edf5943bb3a8d2001225f958d12596af947a1ec4b47d4ec53061fdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ccfbcd34666a20830a89b32166b6fda
SHA1 fb5644d4ac68162ba77dedef6ab870c3b27bed36
SHA256 215b8ea89924b2e1d8aa96db9b499bccb53ed4aac0154117f25e9d038cf96175
SHA512 b85f457688d2c089f8450797de1d1b2c40d075e5fa674e27f198e0624bd6d936b9a2f435c17dec896b1570ef1e53e75036a409e3e6bf7b545fed97f36188efdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26d9eac12229479824231e6159b7b62e
SHA1 8af96ec4cc5cdd64050268136c731710970470f8
SHA256 396242584f6a1ff9bff0d82171ba97a489593070342aae1cef4934eac085af66
SHA512 05da31b4f5a127b497ac897d1e077aaa3a1f3e43bbd72e6677abd522f9bb1ed6995579d8772cd536742660f111c77ec9445f62f966763ae36f6ff01d9173f51c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eb38757c14f28f02e0e37586af325d9
SHA1 7391a76451ef55442eb035d1a026a10dc9a6b10c
SHA256 ff11fda68a6a33aece9270a6e07b9dc65ad244ebad91bf411a0c88ac74aa561b
SHA512 92d38513575057208475e14451445f30bc5887f6673305d8371433f534f88fb4c10df7a32c83e5b5f4486c00a8efba0cc5527743ba48a82e7ddff83ec84d09b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76db30929615aabe96657ce5a9287f56
SHA1 2413963761e94a16439ed1b2d0db30bc02fac026
SHA256 7dcab62a5de7a940c235a242931018d4df4d6179fd7918c6b25f5962bde99fdb
SHA512 8f855ddaee4de761205dbf8143482319b203069b0a2b17f2bf1118d1210cd2f2107f7ae4caa39834b040c44a1ea45db4fd6d290e37281b7cc0a2c57ca0dea161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bcd58681c315e0204b878037ea5045f
SHA1 81d1173970da3853e3ba9b901b248c05bc4399c3
SHA256 1efad56c9be3e3d316e5af7dfd0b7dae667220ceb341fb0e7d1b251b315a3f61
SHA512 6c22183bceba4cc532ee0486e40d31d1328a017e5cb10fe9528ea0b19449f5fd45e6ded6fb40b64554b6a19d989936d81c675ed0892a00a607712e4d54502b72

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC643211-394B-11EF-A1DE-66A5A0AB388F}.dat

MD5 d359ed87da9f86dd4869d29a2262782f
SHA1 96e52e03c139d9972c668809202f70614231419c
SHA256 46987c62cd2fa38d1c00ff55444cbf065019e3c359498b5940650f7a6738c484
SHA512 ae40681f39de1e50b8d74692d061c008c952284695a52327658895f674d858c7a6f299593e3bbaf89496d98935a06ee1c8cc3e70fbffa230647ef4ddfbf298e1

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-03 14:53

Reported

2024-07-03 14:55

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2690B64F-394C-11EF-8383-C21B8D59DC13} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116632" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3544142767" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31116632" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116632" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3542423459" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FAF5F475-394B-11EF-8383-C21B8D59DC13} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4E506AB1-394C-11EF-8383-C21B8D59DC13} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3478829653" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426783371" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FEC9DA51-394B-11EF-8383-C21B8D59DC13} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 640 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 640 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 640 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 1048 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3564 wrote to memory of 2392 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3564 wrote to memory of 2392 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2392 wrote to memory of 4792 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2392 wrote to memory of 4792 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2392 wrote to memory of 4792 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1048 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3060 wrote to memory of 536 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 536 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 536 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 536 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 536 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1048 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 3280 wrote to memory of 3600 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3280 wrote to memory of 3600 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3600 wrote to memory of 4116 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3600 wrote to memory of 4116 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3600 wrote to memory of 4116 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1048 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1048 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4572 wrote to memory of 2080 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 4572 wrote to memory of 2080 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 4952 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 4952 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 4952 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\22be9cca6e4ec3af327595b890a92fec_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\netmgr.exe

"C:\Users\Admin\AppData\Local\Temp\netmgr.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3600 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\perf2012.ini

MD5 4c3b39e182df4229534b78cfa45e61b5
SHA1 69441cc35b9bd9489ca554109596fd2fc661ca0e
SHA256 cf77c00bbb500e962a13ce734c22fe1b6fafa73df7a3c49f5f6a0c6c29f43928
SHA512 0fee4c3a5f845acf1dffb2fa2179db23fb4fa2a3cf8f09d56ec0f140f9c60af6cf252f5fd1549439d7746d23679a2860592752828f00c10a143c097bb2bb307b

C:\Users\Admin\AppData\Local\Temp\netmgr.exe

MD5 9c1c2825532b25e266d62db50952ab44
SHA1 4ed0bf16b967f68dc3d3ae857700f0ee02d78306
SHA256 2f73ad3dc5bc16ba73876c8d9ba6c744cf9ea695cc644106165c72a5eb4fd79d
SHA512 b10507a54bea115d5fe766397a7658c98cc26496987b1646ace58db1c9b5f9503d86393bb022093e5d0a697bc4f617a68d8e8caa4d5c778c423b04ea192300bb

C:\Users\Admin\AppData\Local\Temp\netmgr.dll

MD5 ad63a41ca3b73254128c05217f91005d
SHA1 d7ad7a0faea886963227f8a712de81ba1419d405
SHA256 d600529ed11ce48f4748814978e0ef47306470811a3273df012d38346895db9a
SHA512 939c5289a93b3619b1e81c9f21c8731ba097dc04d0533279e6f9bf9e6dc057f0815dfc2004204efb7a8d0a3cbdc136fcf42eec3ed1daa30e0614e3fcb3c48797

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FAF5F475-394B-11EF-8383-C21B8D59DC13}.dat

MD5 58f9e732268a158c48182919d7bdf2b7
SHA1 802e7aeb9ca141a6725e4fd07b5301e4d9003164
SHA256 eb4fdc4a1be259947d188d7c1b0c7c08b898a79fda214b828392b1a60ffb4a9c
SHA512 9bd28127719cd7e0bfcb62ef2c4c146c30722aa064eda8d9b12c8dca2749f1fdd4abd4181b91e15e306ec94cac3a430bb1232a6427e0ad5bb7f17ecaa318855c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBDD2.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FEC9DA51-394B-11EF-8383-C21B8D59DC13}.dat

MD5 efc53d8519b5c87208d3546118c6c605
SHA1 c3a4824becc4da989c66aabe5edc1a16aabc0273
SHA256 30b0d28382ad22829f1b2b1f397716bc7fe69bd11d9c426758abe9112f85ccce
SHA512 dc7f35102b1ccc6d118a1125d713051b499ffd64aade893c8d234d8ab86662d0c25f9bf362aa05f134077952b559123f376499c11e0d02db5b283e50ef7053e9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FEC9DA51-394B-11EF-8383-C21B8D59DC13}.dat

MD5 7ef20a37f7a8d61fac2febfcb1a4ed1a
SHA1 b693345e935662a8353edc5d7e273fa4963cd86f
SHA256 3c798b99c564afc45c1aca199d68ed7f2b8c929d78246d58aaf12befc8bd4162
SHA512 6bfd8226ff9b7900f75aadbd8a716e879874f4a3e00c347ec8917612892a7a94bbabcd030e21bdd54552fedb41ba764bd2412f8c9c9d41d174bd6671c3bffb42