Malware Analysis Report

2024-10-16 02:23

Sample ID 240706-vgehsswbmn
Target 28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118
SHA256 e575c39549529d79d3346a5bb09cf7b484083a83c56db65c5db686a41da9a2bc
Tags
isfb gozi
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e575c39549529d79d3346a5bb09cf7b484083a83c56db65c5db686a41da9a2bc

Threat Level: Known bad

The file 28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

isfb gozi

Gozi family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-06 16:57

Signatures

Gozi family

gozi

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-06 16:57

Reported

2024-07-06 18:24

Platform

win7-20240705-en

Max time kernel

147s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426452083" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426452012" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426452017" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B15E5181-3BC4-11EF-BBDF-EA452A02DA21} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2672 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2672 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2672 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2672 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 2768 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2916 wrote to memory of 1656 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2916 wrote to memory of 1656 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2916 wrote to memory of 1656 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2916 wrote to memory of 1656 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1656 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1656 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1656 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1656 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2844 wrote to memory of 2932 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2844 wrote to memory of 2932 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2844 wrote to memory of 2932 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2844 wrote to memory of 2932 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2932 wrote to memory of 932 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2932 wrote to memory of 932 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2932 wrote to memory of 932 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2932 wrote to memory of 932 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2096 wrote to memory of 2492 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2096 wrote to memory of 2492 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2096 wrote to memory of 2492 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2096 wrote to memory of 2492 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2492 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2492 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2492 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2492 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2768 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2140 wrote to memory of 2072 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2140 wrote to memory of 2072 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2140 wrote to memory of 2072 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2140 wrote to memory of 2072 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2072 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2072 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2072 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2072 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\netmgr.exe

"C:\Users\Admin\AppData\Local\Temp\netmgr.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\perf2012.ini

MD5 be919e08cff35d70b8480d4bf8bdf454
SHA1 90ee59d40bda7c0cda1459a1b0a1cf273aa5b0f2
SHA256 79ac1266ea8f4c90f6eee8f806f7103a0608a0bfc8f7b665fd39cf5bd3984687
SHA512 7f368fc8a648c7d2d88c58b54f3d6fb3e37f5f196cb9b85d8f57569a1032cedd8ae4476f4e17b5c64fa5acf2c94a44e8e4a052dab1beff714f4bd0098439c93f

\Users\Admin\AppData\Local\Temp\netmgr.exe

MD5 4c8950da250ea135ee77a2644af414ba
SHA1 a261f0d651a05fdcf97c0e35326c0d7bace137ef
SHA256 70480daaf97bfcb10fd793ffea9e90e1fcb84861415d14a3766a238a29cf30f7
SHA512 f1f17d24b34a905cb4ee09538e4b5283dd4eea97918c3d8cf9634b3f7daf6e891be7439fb5c1193c2a994137ae145bb958266bcba180b54dc064a07fb8e8f1d0

C:\Users\Admin\AppData\Local\Temp\netmgr.dll

MD5 c0c093987a55fe9ac61e6e2b5a362d51
SHA1 52126b81560e3319518c50058c86a8c5fce0d3d1
SHA256 5c7d07858c7d01156a7f624d86b16e948a4630a2388d0c3cc1be86bd95f4858e
SHA512 716e9dc694a1544be5730cc8b82a4a73d4f8763408c80fe38a61d66cc201d9cc440510b036dfb49d2b1353b827a7628c389e833678860e358c72951deea1c7ec

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B15E5181-3BC4-11EF-BBDF-EA452A02DA21}.dat

MD5 4ff025514cc822b85eb32101c9455b5d
SHA1 abe2f4551f22f7deef6b0eefca349607ffabe9b9
SHA256 eeb693f83cf24a104c1ad5decaa7fe345c3197ec349eb97adf851aadb07bf990
SHA512 312305a0f51f2385ca1cf2be4414ede461c7f1d15a15a96de930d6547567e45c2dbf39c0462df76d7fffa737614a2e5240d27d412279f5449199a49c65b9d345

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\Cab51F8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5269.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f7d74dc1acedffb15dd0a8ff961dd88
SHA1 cb9fb623135236e8e83d63495d9a15966c0076ad
SHA256 506a5bc5876477e4f6a0f6fe4d5d541ccde64a0939a976cc07d8e723790d51fb
SHA512 b679e128fadc1f5bdcf06b8ca6b15563ffff8f6251b9ecad706b62ede32225623574032939a828af446845826e14216e9e49f3b6df60ed482d3fc6f498766597

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7116a040f5ce35e2454a6ba589922e9b
SHA1 e271ae31f09f907e2985aea74aef704a493a0922
SHA256 9f8793b9a68b1a9473453fc172e380aa36530fa6b0287bf1f105fd172505c762
SHA512 333c910c6ea604db316eabf1e98e1d4169fb5828a4c278b58d59a4e694fb830350a1b10aeb93108fd1c4e1c335574a4dc708cf024bc0d7e1cbef9979b4771f0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bdff3b0f6b4ed827b7a6a9827bf8029
SHA1 5f9759f915b87f8a573dd78f48130b5351723484
SHA256 44c87f0030cd030fed95b1daeee31745a63ab80da9f559a53fa5e31fa3eecccf
SHA512 7367eb1d747e916fab2cd66654d4ffbc97e5893ec34ad9596cdc09b07a619ce1f9992aea1a5e4eeeeec5a7e19226398bae2706fa662653887e7db1864bbf8fd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa7f4606e35055fff6521e3ae884fa21
SHA1 a274be0509cb2772d19bfb6b26f4355a35cc7c2a
SHA256 497ec832c824402345e0ce3167e81ba81ac88ed466141bfc7db268cec9337033
SHA512 25eac91724f77a2cd1d1ca00e67f62e93cee820aca568fb1c4c77b50d0b6f23f68ebc952239ba21dfe2f5bb4367eb21cf5323fdd84bbdda4ff0ebd1b63eab257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9daa1a565cdf49a6206c09878993da75
SHA1 9768fb1d209bfa22e4835f8d60582ab996bb2235
SHA256 5ba54d15292bc1e428e6203c086f11eb0452e4a0064078b8a910c2f25d0cddf4
SHA512 62c66b571a00ab4ed70b4a5b8ca4f4445530b6ea454a52d8225aa765ce79dd1a5a6c496594a63f1912c01e25895d1602dc0d666d44dde998e7bf6ad56bf8704b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f203f70651711e084644a5f6186ae8b
SHA1 17f891d291656158cabd413d1a8f8032e76dd358
SHA256 beb8d68002c346d530df36996732c6fcaca3fb4caca6a791c401747c7121b71d
SHA512 32158c948b8fe225bdcad96d86f28244a0dfed0ddbc24170d68f544db317fafb08fb9b1be34b6236af9cc61a6302c15dc703785d8ae1ae1ed88f70c21e2c73db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea54adbc43059d42b2474b22e016790b
SHA1 2e6f0bcd24edf07ee18c48dd9a2ea25367607a29
SHA256 7db574f77b4cb99b62f411455af672a542c99e11afcc5fb885015aff93890eae
SHA512 3bb42af05e78bb0cc90f1fde5e2c9ca8e89f541e28826987ce79225613e5b7f7a126e6e15f75086f98954d77ba3a089b41a2505005c137a2d7da06c8ed2f3d99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24807202871bfb4efccea49cfef7dade
SHA1 c92977c62827826df7610b792c0c3291de3eea5e
SHA256 5f7e2a2bf0722e3266098f8cf68fd290c7e5b90f02604fb8dcd9d5b42f11d85b
SHA512 dea8aca94880381df505aa1e05da8e187b72f69491f789b8c1ff1f22b014b669920718a446f13df50476770ca19f4f38a603d8ac532ed850770d3ddf305c34b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 335f48073dddd91199160e30e8e54442
SHA1 4b1ed1cc303a9c80baa74a7319239ea73490fe8f
SHA256 f4eef46ae3723734ee480f806c4c070896478d56eae2298e897b19eac6cb5676
SHA512 7d70762a326bad9b93128bb71a088b5a0fd4651004a5dccf84b91b2d6a0b5aeabcd7595cfcf9864506b23c218e10cd636d358d3aa603015478c299dcafce99a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bd975060e56b4a22b1b8d26b80708de
SHA1 9a3b6bbeae788004279377b6ba1345adafe3d7c2
SHA256 df2c49bafbcfc6f5c74791ed1fb1c04259def1e90a6cddd0fe3e2da09b52a871
SHA512 97902ab1bf4429c85780d2d7a8a7f48a530d92ec5e4ed348ffe302d02d6f4d62c9ebb85716641341f1e95d48c47d81421f11121d7c8289d3e7a04c32edc2f98e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f376794a7850e2daf6dc4bc7526598d
SHA1 362d5f15cf4d8a0021517636d456812fe5abd117
SHA256 d6c28afb7d454d884be1c9cc001be481f0066384d10a0660094111e10787408a
SHA512 46012b1805fa9e4920f595f551b0be3e00a15fa1c1809fc491cef2f0235e300eaa84a6a324bf818f18d175cf47a4becee7387d6b03de657a882829b5e99ff6e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e24d87c8adbd4db50a517c8876703b0d
SHA1 944006fc73be1bc45db7a9fb7e445b4458017797
SHA256 063dba5d9c707c875a42883c845d752239a3cbeafc5ac7f0a983d702ccdfc1ed
SHA512 715567a12095b489a78b07b54a2eabdf239d3aca6fdf48c06258a5e79cf45fb4f5560d94e326d81c2e7c796963384e2d4e3d3c2d20dedf9bc4b004be3a09b42d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d3242e533245fc8f2980d2f179a0151
SHA1 f80ea99b508a3ef5202c6337df6a7b570ac9b4ef
SHA256 7359541c6c10c626d2e98c08d5b34d39577e8318a7867509f3da60aac2a81a2f
SHA512 7c61941c3f2489b1f35dd97ab35bc81ecdac76c59385b4e90e149dc6e9894fe437478a4622125cfdd75d73841c5a59efbcc5b3a509fb33e263a6dbc696278626

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dbcac381d2db847b09eafd2de4100d4
SHA1 ada7e8efc19dfdc64d2ee0bdb7f21030f4356fd7
SHA256 a96a5c967f2036d708b60566a5ad28efb4a9e8948b15a441406b5ae4547d9216
SHA512 c354f72c512676d8b6be6f9ddd3f9011fad82cbc6387ca7381797bda3436802e673b1f47d30d9391e9321d12f8e0d33e5036193daf02051a383cbac2392c4306

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5df07cbcda8e2749c9ec1de56c6a6cba
SHA1 62cd114c949a0d685e3e908a89112e01e58b234a
SHA256 b416e41fce456d339ec0bb53b7ec63cbe47daf45edb8aa4007970197ae13879e
SHA512 e9cc11bedc240007a478c59bf3322958afa27dffac88b3bd667237024a145ebc46ec81552c746dcc6370d495ccfe5f33c4a367f1441cae0d43d9779db76b8714

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6feb66098c5a263f952eb10f13a2e9e3
SHA1 eae45c2b635354569bffffe96626fcb72bf463bc
SHA256 d7b16fcf3bf71dd80ba5c47a53e817781970229c3ea6d470357018b5921c5c17
SHA512 b29d8c203fbf4ccccc476a9da911b6c8eb61004268c1f45d1d67bc5ad43c3ae1428e36bfe12a84873e8e7cc106ca50a07ff544fd5072fdc9ebe78271972e2960

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6c1f0de85881626abd08516e4cef0aa
SHA1 ff51f3756f784715a1d3dbc77ccac7276e8cbc23
SHA256 4fae6c0156edba7fc6b658a0fad206bb4a0f79f160b70acf25ac6c693cca6766
SHA512 893a92f85a5b59cbcd88122f87330a7b9097539800e3c47f99138328cd2a85addc8afd2768d940baf72466b85ed15dac3763beec61e38218a995ee7573a4ba3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eca57745bfa8bbb2659e39550d7053e5
SHA1 b93c3d11add0f1684f2f955003f3892297ad8256
SHA256 0f9694c099dc80c3051b95107f6bbf3855a1910416031204060da6965c9b3214
SHA512 8256f297f7fce044b56dc3d88b70ed0443f9df01eccb98e6e7158e989375e464a5411e88252634e9894ec2f419ffce6766cf6aa3227847eb1daacd685ebf5d0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32193888df6455eae4b9c50498e4e46b
SHA1 77d61bf3aa162bea37c1d27bc854f179a06c18d1
SHA256 e5dc38f9817752ba493a5d22783f688fd183f0c7466dc52e839fe05ff5cd68ab
SHA512 466db526f3fe5d507070a72e0a770c67fa65d1b34d1ebaa99d80587f6ce6f179ecfa219260cabb3d4727a3705a53a8a4be836a78b2215c7fd024e8ef2c659d7d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4A696E1-3BC4-11EF-BBDF-EA452A02DA21}.dat

MD5 c6de2c77f0fcee18bfe39286b7316c4c
SHA1 e8a1023f020b5cb4cb2ee74a394d35e8b1727947
SHA256 b9c214e0e607eef9c79613925533129f1e95a4033152ee4f0604189b8b1821f8
SHA512 25cf9a409416f6002b83f337fe5d6d15bccfe43b5eb184041f369ebc931f0c397cb92825b03eb27acc27f756ace76388ad0aca25d757e621e512720a626031c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a221ad2969ffe0af6e1c165045f03ba1
SHA1 5b8c958297a054e0b777fbb027ef9235015dde2e
SHA256 b9e93904cec2815211502358a9d7a3b993da08f4ef39ae857e4170259054ffdf
SHA512 3f68160d68cd9c5c76bf907a7e18b1fa5a45f71e81bf156cf08e86e3eaa2489788e98409e525cde7bf5d250ff299a27f0c37dac817656a1ed3e1b7ce3cec6255

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 919ed75e41469dadc694a8b1ace64678
SHA1 2a20fdb2fc04dce7e1fd08638e1098fae8ae93ff
SHA256 bf07128ffcaf9249344a1734e9534251e64fbe159546cbd19e175b31c84dd03c
SHA512 61081b44a2199a74c48f74ecc9103db8544eed0d24c9b7a1cbb62335e7649c034e94d7334f90564c01069651d0c5e2fe622e243ee805e653e8c6535ce0374465

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92e49d0cc346b746bb4f26dc11a3d790
SHA1 8ea6590389fda1489a1d9990b04c0bb102f85819
SHA256 04073a55ffe8b5aaeb10373914f421707a41c4caf8f7d84962f61aa8c8d3dafb
SHA512 c5a43218958c71fc09211aa2e6c059b03377eed3b2f54038ec51d20bd884754ac0ef7b1cc1fd40626d419497be1d63cca2e0d57043ba4d91558db59d0218cd98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd0fe0ca2acc1a39aeacdb1557a73171
SHA1 2598222d1655135f75af21608060e0c4d73e39c0
SHA256 9713fdd4696115b4f516c522854b3d817bf56cb791740d52e0d39988e2e6e4ca
SHA512 7516921ba1dff681979c1792fe9e41910fcdba0b2719b10a20d13374a0c479fda21895326ca1bf3a4fb7407b4db9dedff3882eaf46f36e911eb257483b7209b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e68193903fdf0cff07cd2ab3202e862
SHA1 a9a5a4b39b196eafed472075497d6cdb8978876c
SHA256 e8982985b4f3911b23659520fe8b36b9d22eec8b2a9faf62599d4d5ce45300fa
SHA512 d20105e37cf3f175bf784cfe36787f18aef26cb7aba7be23eba96a866f3d71b02e99a325cc0966cf66cb7572fe9aeeb67fa87ca96a6ef1c7d5bf89be6d97dbb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 038fa008f88379e98b286891b293531c
SHA1 45b14cfea7f15e8b005ddf6ecf92ead8f9003f23
SHA256 d2fb22d715342523019608362dc5642e9f96254f3648d40f25e8eea572d685c5
SHA512 6078bac8db751826fb2f8003cae240866571c870524c3e74260d432a84e2185c510d9dbb4c9ba4c345f5567ea9529e8a34efdc948b4b8410636f691af769ad53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d09630eb20891cd1ed4dd45b9c4b8aba
SHA1 9b9166a4f461d1706a63bae68e11515330cbfc4e
SHA256 1965fa7e5daaa1ca6a119fe4bd57183b69cad8ff68e1f61d1cac27732f0b9f8b
SHA512 70a15b8af88b602d827243a721ac6f8558137d0f783fd40d65e1b8ae32836505cb72209bae62e4b925baebf98fccfaeefd543a398ad41463ad98b704622f6329

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cdc095732a6fb6d82a258c307415b4e
SHA1 cdc618d4b3587977a5181bc9392dbaeac28fa8b0
SHA256 65c874a62ffdc28c030b20bb0cf361e2937bd1b645f3317db113db03a590f212
SHA512 5f8e39eb4e6a76bd6b1c24739baac8cd5b04e720f157b1064fc6fcc4ad03d4a16d575e19dfe99c1e791c292233891b1a6a7aca7cee19e140c118ec3f24ef9f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a0a9b9ec33936d23bf87110d1f333dc
SHA1 2a1a31f2c5f440018a8fee8437f5ed61a8f30010
SHA256 8e18e369eec6dae9ca63af4e5b785591dcd2a2bb2e16a2148e4f13221f1d35c8
SHA512 271a18c9519379ed9612b0c50099684776fe39fb88f42c61c7c214706315008bc2d7c1792895afc505df8fd36288718e00113f9113cd058f90ad208ef4fac27a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4A696E1-3BC4-11EF-BBDF-EA452A02DA21}.dat

MD5 adadb4e252a9daa165010a22ff7909f2
SHA1 97e4304ceb9971e08ef2ce7593816dbae1319424
SHA256 eb2080636f5552b54c16cd04156b67bac5d9ef619afdfa37cb0fb8a0077fdabb
SHA512 d05fffffad44391fdad265488568d462c8bc8615293db4fe369c70764794aad7b0d13731ac94523282fb258a19fc472fb70a163dc22305324a5903fe75a0799a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5fb9bcd1ef1a7ea8b5ce1c3b36c7a04
SHA1 e9e913cb3f41cd1d5c33114dc5622d900a8f4914
SHA256 63f156be4db29f6da5eb1b98b30acd9177c891a166c8b10c41c6b90330621df5
SHA512 0668cdd276503238cc22226daf82c45abc545e06d339e91ddbf6b4d3c6e2617e971434a1f969cdf4f3bf722189e37b6ebe64212b0ad17cc1f92190d668c3aa35

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-06 16:57

Reported

2024-07-06 18:27

Platform

win10v2004-20240704-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3617421730" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3617421730" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3620703395" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{033D7880-3BC5-11EF-A824-C6544352F76A} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117265" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3680390683" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427055256" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117265" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117265" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3679765605" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2EAFB1F0-3BC5-11EF-A824-C6544352F76A} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{56578E7C-3BC5-11EF-A824-C6544352F76A} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31117265" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{06FE4AEA-3BC5-11EF-A824-C6544352F76A} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\netmgr.exe
PID 4704 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4996 wrote to memory of 4244 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 4996 wrote to memory of 4244 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 4244 wrote to memory of 2292 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4244 wrote to memory of 2292 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4244 wrote to memory of 2292 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4704 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2260 wrote to memory of 232 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2260 wrote to memory of 232 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 232 wrote to memory of 4252 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 232 wrote to memory of 4252 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 232 wrote to memory of 4252 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4704 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2004 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2184 wrote to memory of 2004 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2004 wrote to memory of 4436 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2004 wrote to memory of 4436 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2004 wrote to memory of 4436 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4704 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4704 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\netmgr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 4160 wrote to memory of 3964 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 4160 wrote to memory of 3964 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 3964 wrote to memory of 2192 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3964 wrote to memory of 2192 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3964 wrote to memory of 2192 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\28e9faec9de3bbdeb65435bfc377d1f8_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\netmgr.exe

"C:\Users\Admin\AppData\Local\Temp\netmgr.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4244 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:232 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\netmgr.exe

MD5 4c8950da250ea135ee77a2644af414ba
SHA1 a261f0d651a05fdcf97c0e35326c0d7bace137ef
SHA256 70480daaf97bfcb10fd793ffea9e90e1fcb84861415d14a3766a238a29cf30f7
SHA512 f1f17d24b34a905cb4ee09538e4b5283dd4eea97918c3d8cf9634b3f7daf6e891be7439fb5c1193c2a994137ae145bb958266bcba180b54dc064a07fb8e8f1d0

C:\Users\Admin\AppData\Local\Temp\netmgr.dll

MD5 c0c093987a55fe9ac61e6e2b5a362d51
SHA1 52126b81560e3319518c50058c86a8c5fce0d3d1
SHA256 5c7d07858c7d01156a7f624d86b16e948a4630a2388d0c3cc1be86bd95f4858e
SHA512 716e9dc694a1544be5730cc8b82a4a73d4f8763408c80fe38a61d66cc201d9cc440510b036dfb49d2b1353b827a7628c389e833678860e358c72951deea1c7ec

C:\Users\Admin\AppData\Local\Temp\perf2012.ini

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\perf2012.ini

MD5 be919e08cff35d70b8480d4bf8bdf454
SHA1 90ee59d40bda7c0cda1459a1b0a1cf273aa5b0f2
SHA256 79ac1266ea8f4c90f6eee8f806f7103a0608a0bfc8f7b665fd39cf5bd3984687
SHA512 7f368fc8a648c7d2d88c58b54f3d6fb3e37f5f196cb9b85d8f57569a1032cedd8ae4476f4e17b5c64fa5acf2c94a44e8e4a052dab1beff714f4bd0098439c93f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{033D7880-3BC5-11EF-A824-C6544352F76A}.dat

MD5 5f5b05a1afc3aa5985c74b456cfc11c6
SHA1 9acef90eb690ab1a507ec27f5827f612bfe098ed
SHA256 2618c236b6e4112500e3db68356f02105a91b75b4c9e9d23a001f3e4e2df0c15
SHA512 6213d2ea42bdd822c82b3d83b19688cf95afe7b78300d3d32d1b605fbee1b1033369073bdd7280bd7c4be531e5be3c9dae2f2563b6c47e9eee06bd2c28849bcd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3GMK17I0\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06FE4AEA-3BC5-11EF-A824-C6544352F76A}.dat

MD5 bf241b546e464d1cd575658f4f7054b4
SHA1 53e203c87e546dc42ddecf30a80f4bbd618b6ac3
SHA256 0b4eaf33deaabb0682d9b6e12928926da185e112a673016fac91f62c017ad275
SHA512 60fec9adcdbdb414e1b7aeba13d7f23fce93ab3b570171601c6d4168e494c4a859c2439f19d8c24bc6342a85cee8f9f55c008c466e987eed111bd7602ca269c8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06FE4AEA-3BC5-11EF-A824-C6544352F76A}.dat

MD5 635bdc4c6e313e3f3c8f82fac03e28d6
SHA1 cef1e999b79b7feee9fdbdd9c43912b1d9a57d35
SHA256 72758b1cfa6dab3a65a30231fb688661262334d12cbb41f405cc62290e1732cc
SHA512 8bf2dacca60e9322ca5dac823d4a0646a12d24f99f407e9184d97dc6859c1c895cf4d57aca10dca1d371416dd6485c2d7efa33694202e10ebd797069abd653b3