Analysis Overview
SHA256
d3931ee10daf52359a7591418690f97d4dd2c053624b231358e433f9e58769ca
Threat Level: Known bad
The file 3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Gozi family
Drops startup file
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-12 08:56
Signatures
Gozi family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-12 08:56
Reported
2024-07-12 08:58
Platform
win7-20240704-en
Max time kernel
148s
Max time network
143s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9472B1D1-402C-11EF-9CB8-C278C12D1CB0} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426936436" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe"
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe
"C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome12.ini
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:209930 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome12.ini
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:406551 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome12.ini
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:668686 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Roaming\Adobe\netmgr.exe
| MD5 | a6d89df2a80675980fb3e4a9bcc162e2 |
| SHA1 | 28ebac4db777095888b0ac79762097c49dfac0e7 |
| SHA256 | 6fd002fdcdc1a8447f03c227abd3e6551f9179ed79e39591069bca4b9fc9d6a8 |
| SHA512 | 35f1c1728d8d864898e2be9a0fd078a79af39a37428826380a7ba976c373a4984451e68c5eb9d8966d0061140eb1f8c57fcf871972db67ef959b8b36c673cb32 |
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.dll
| MD5 | ffd43ae9ebb59c9fd3b5a2b52addaed7 |
| SHA1 | b274ba1e9e386ecd129bc4957f1bc5d73056e0a2 |
| SHA256 | c2c601b8a7d8511853a9e5a09bf78af1ea2fe481529e216ca9c42bc2ecbbe3a9 |
| SHA512 | 2f87022ee56ba03e06e271aacde55933e9f4cc83b314c5817a8391a5b15b23230d5baf674eeac792933f9bd5c2d6ea495a74edc581df76d3e7a9b0d506636271 |
C:\Users\Admin\AppData\Roaming\Adobe\perf2012.ini
| MD5 | 3ecb2f912c4a7e7365d9908b6900ec8a |
| SHA1 | c823dec745baaf854a5ac17b633f31a18cb3d8df |
| SHA256 | 540546114eb029124055e6422203e5ff804f181cce7ceeb0de896d64362dd139 |
| SHA512 | babfc384543c6c218d0151f833388b8dd687c5f1b4e41bcb216630d5586f631a7f99ff8f41cad847817cefaafaddcf563cbd0a0fdb69ee59c9a59c2a386534d8 |
C:\Users\Admin\AppData\Local\Temp\CabDE9F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDF3E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16e73a681106b128d9ee90c00b7d244 |
| SHA1 | 536c121dcde138c6c5b5c867fd913cde3cd8c749 |
| SHA256 | 3496ec76c64bd2aaa7aa579e8ade4eb76333d21ba21c7c99683c527a4df8b67b |
| SHA512 | 78cf58dc3fd533c29129f190183343277dd15577c6eed1674c22b95479ca83fedf835f85483a4902a2e760f778655046b34b8f351ba57d87b67eaf3e0ae2e7d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e64edd7379268c2a63222edacbc9bef |
| SHA1 | bd24659240f116a22a1cc87641861f2c90182924 |
| SHA256 | 3ee12454b1d0b2de906a474170efab3b87f7370ca05a1e609d3147de48e42618 |
| SHA512 | bf9adbdfcd74f9b45283c56627e39a9776c521a5c8694a3d4f03868e677473b26e9e0fea2e9ceac8ae13b36caa510bb7e53285f9fdfc72c1e7e8e92092b5df3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7229749d7a914b2d7ab6693e1ecc717a |
| SHA1 | 54c004b7287fe2d96a8f1affa8453dbe67f731be |
| SHA256 | 1594ced2334f0227d6dd367012e872e79d0ff7c35dabdb164b9c6b98b78626f0 |
| SHA512 | 9377f17faadb3ca6677262284df2b7d8f4b911c2de1d438f2b802e3eeba50fd88aa1dbcafcf3a10969c767dbe6ce6a159b935745eecb4ebfb5497b74c508c46d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc9d1116645f169a4252b7d3a963a70 |
| SHA1 | b18459527425d44453e024871176744ff6f7a394 |
| SHA256 | 535d40c1d3f7f2f788fdcf32bc2892641e1f78ab9db7a8a830041cea8e2c4e1d |
| SHA512 | 20a57d97614f641e0922b65e621529516e83d117c9aab2d6b3c043b682e3fd5f7bd15af9210a80e1abc94e9fdd9d18ae8ca6dc295b06a5f07fb47d05874b6ced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4af1eacbfda97f71c44bd5c48e5ca4e3 |
| SHA1 | 6a2b9d241b97e8b089459af529d73565dc348dbe |
| SHA256 | 97b96815e868fe2860b2888d83aca0eafd0c4578640891afdf39ea38c7bc7db4 |
| SHA512 | fadef54e006988df77e92236cfe77520de61508bdfc776b543857d7fd08dee97f2a57e3891892803db3e6aa90dd59cd30fcd846bfd92256f915e3c7bb3c87f79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2167df173e5b2ac1b8da55a31f87615b |
| SHA1 | 0a1610dfdc9851eda08d31b3b35978fb161b6ad5 |
| SHA256 | 9566ccddc8545af790084014c1bdda6e90882f5803e5aab3283e36f684a9d8d4 |
| SHA512 | 82db48a1c0a8ee8bad710dce3ba585c67d881516ae70fede1e7d14bf3e330bb1c91aa9bb49e678f14416622a1f3eaf6cd5f23ddf969ba8bb01def59f5742249c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcfebd59d17c5ca9209fb567315b9c63 |
| SHA1 | 0265bb22a879a0000fb7aae5f4198f05eef08136 |
| SHA256 | 95de21fe53b55715669be8f8593a3021acb8012085c9f3a96df1dcfd5a87f057 |
| SHA512 | b368c9c62258b97755eabc4f071cc5a47515d6d3c66f896a46d7087feddb3ed942b47c9a6973cc775d756c3653cdce4830e866fa368a5f73495f68f2b865a710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a6d4e257d0d8158ce4c02dc735dc5ff |
| SHA1 | c270447487b3de9fd3302f36239cdb10b538e6ed |
| SHA256 | 41c9107c14145db32c13de74beb70e76dbd41a1cabb2482f602f3f1f1e64ff24 |
| SHA512 | 7e371a464023cf26b787c7624b5ea6d4ad682b863d03a6a381e6d1344e1be4bbbc479f675eb616d0be409585707d1d250392703f4f4f1c3cf049175dfd8b5920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ead76608856f1643494938e8548a512 |
| SHA1 | 4325734a37398542ffb7aa51183cc328dcbe7327 |
| SHA256 | 642077eadebffce87c1a95568c2c8d975b95e39f7dc8e124cf7b2a03d0af4228 |
| SHA512 | bd921b5dbf566dd3c88ed61184fb14bc33c309e14577dd4220febb0e8e17509b7d9a21609c2f7c77038fc58523924ebd79aa67be6d8ce9a73a588fce9a9f8cdc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2467b17a4590a468a1d838d9bac4fe6c |
| SHA1 | fcae9b1a930b42203fd139049a71fba47e35362d |
| SHA256 | 6e8673e3d6dd378c1152b9c5e5309121e9d47b70187919b9459be49ff4440d41 |
| SHA512 | 228d2068bc963639bb2a28f61311f2c6125b0c0eaacb001e2a7d9111c62595dad208fca9b014f4d5acf95f3926d4b71a3294c1d5586fc99a84b35c9fe17ac0b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74b1bdf10dd4b7d63455127a144a0c3c |
| SHA1 | 24a21f0aba430b3b3df2f2f9ecc6b4b7f1a19e00 |
| SHA256 | 07e2d4b716bb95b575987f7b00e09f56040d048b271fd960bd26833677c4f286 |
| SHA512 | 24c62f3bb3a853a8462b4563f92f9938b11065f4c9ad90b09099b0f2e691bbef03f4081c8465534bef75fb5e905a90034bf8eca8fe2a6066bccd8a990d2ea5ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb45f8844171d8bfd7da172c9e7b60b7 |
| SHA1 | 93e3ef5741a9b6d9ed7ad0656df84e648da26efb |
| SHA256 | 66eb752fb6302485ff460bb21998ebff0ba1dad457a5ccb4b06e9aa83dfdd09a |
| SHA512 | b88d4fe218aa2208c1d57f60a19dd67cf72cd34973b6f39a4dfcc9d2f879b74786cd153e85a91856f3c28cc08ebe1754255b346785e038f5d1d442007f24364a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4064742e820db08b8dd3ab3aae07ebf |
| SHA1 | 67fb7a5914bbc9138af8ccf042630198dedffccb |
| SHA256 | 05e689a6a0fdff896dbaab4fd7e830eeb5e06e4328b8c553c69f53f1073c5e0a |
| SHA512 | acd4a4bd85df592cfa179ab0fadad564fdcbe66c3f91990138dd94f7dd2545755094fc5dd045175df4d7d61b05c68471376581ed91eda56ec5ced49aa7ae9ba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22c0b5a9149767ded49a704ff1802ee0 |
| SHA1 | 649f6c020d957b1828bbb00fccfb8d1a057bc16f |
| SHA256 | b565bc2de742de9096757ffbeef17d8a5bdb10aea9551ba8c18a5357ab755b38 |
| SHA512 | dae8b4ee57bf7c47e1d35a930382b05b3c0379814b4670eaf19a3ace4c61f77672d72f9b3f5c4f313475d338de0bc99d6740f9f5e98f6bc01665e0018679e761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cca3c26c30cb15c158ed0b0b7463a2cc |
| SHA1 | db2c1fbde9989e34759bceef532cc844ea950b5c |
| SHA256 | a1c4d96ee72e385ac497a18d458984f558dd44bef738cfda6167c8ef12e23311 |
| SHA512 | 7e6b597f1cd3f3ec026247caee379dcf5b3a006be61489422ece2191616f9373be0f475eb6ffcdbf73dac49af9643b71647de24c1816243faef7ea494e5767b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 351b95b7b948112c65b1ff5112dcacfe |
| SHA1 | af7a496ef7f357dd03f31d63d67386008b1fa914 |
| SHA256 | 746057f05a2b65fb7974a6f116e1ea909ab0ced5af536eacaa1bb900ffd911c3 |
| SHA512 | d9af0ac924519326d3f52c20bbdf6e6ff35b39b2c982f56933737f28bcb753861a9508bd38716281596309a20c2ba110b0b8798ffd80a4784aa3aa7eb766fc7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36d93f0ffa26fd07c16b0150ba9ad1ac |
| SHA1 | 8a8e2de43344308306d29ce510a6ff292d9a59d7 |
| SHA256 | fefde2dd5aacaf80eeacf931ab9a9bf9fc0ababa118bab22e3b233e10be2abe2 |
| SHA512 | 0a5d944888a23734ccd3818171a23901f914f5ad06d8f60ed40ad1f0b0aab0384565a87816ac7412b3292360f6b62cff9d2af9d7e95a10106875e0e4d8165b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b210b9760dacab370cab05b74187072 |
| SHA1 | 3f6018f7cddac5b3e3f20f0bad2f18b9149c6832 |
| SHA256 | d76fa3773f7bbec66f866bbf9bd108145c4a12b7a62288ec9303fe35cc7aa658 |
| SHA512 | 1a77a8dfb3ee16970193044dd943aac55985fccfd0117567f4691df5f6ef9b431190f762d6e20eb6807955a4d938dd26cf5d53d05f6e21716c6563a3faa42d0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5798258516048502ed6433751077910c |
| SHA1 | b43c0ccf061816b06f912aff90e7d94614727f90 |
| SHA256 | 9a94181c33985b9d2163b4591af61b9f25ae8582bd92b15ef037ee0eb5eef490 |
| SHA512 | f3ecb24bc33fd29a70d744508b67e5646855be4054d4ac101ceaf607a14bb52273b6304e28fd8593dc673561c9d72c6150b18c2ab261aa0ece171f3d33a017fb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-12 08:56
Reported
2024-07-12 08:58
Platform
win10v2004-20240709-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118393" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427539543" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1763195617" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118393" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118393" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1760851586" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{94A0618B-402C-11EF-A8A8-C6F7DEB4B7CA} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118393" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1760851586" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1824289303" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118.exe"
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe
"C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4972 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome12.ini
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4972 CREDAT:17414 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome12.ini
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4972 CREDAT:17420 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-nohome12.ini
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4972 CREDAT:17426 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe
| MD5 | a6d89df2a80675980fb3e4a9bcc162e2 |
| SHA1 | 28ebac4db777095888b0ac79762097c49dfac0e7 |
| SHA256 | 6fd002fdcdc1a8447f03c227abd3e6551f9179ed79e39591069bca4b9fc9d6a8 |
| SHA512 | 35f1c1728d8d864898e2be9a0fd078a79af39a37428826380a7ba976c373a4984451e68c5eb9d8966d0061140eb1f8c57fcf871972db67ef959b8b36c673cb32 |
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.dll
| MD5 | ffd43ae9ebb59c9fd3b5a2b52addaed7 |
| SHA1 | b274ba1e9e386ecd129bc4957f1bc5d73056e0a2 |
| SHA256 | c2c601b8a7d8511853a9e5a09bf78af1ea2fe481529e216ca9c42bc2ecbbe3a9 |
| SHA512 | 2f87022ee56ba03e06e271aacde55933e9f4cc83b314c5817a8391a5b15b23230d5baf674eeac792933f9bd5c2d6ea495a74edc581df76d3e7a9b0d506636271 |
C:\Users\Admin\AppData\Roaming\Adobe\perf2012.ini
| MD5 | 3ecb2f912c4a7e7365d9908b6900ec8a |
| SHA1 | c823dec745baaf854a5ac17b633f31a18cb3d8df |
| SHA256 | 540546114eb029124055e6422203e5ff804f181cce7ceeb0de896d64362dd139 |
| SHA512 | babfc384543c6c218d0151f833388b8dd687c5f1b4e41bcb216630d5586f631a7f99ff8f41cad847817cefaafaddcf563cbd0a0fdb69ee59c9a59c2a386534d8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk
| MD5 | e901c332fbee28373bcd7e83f5c4ca72 |
| SHA1 | 9596958a7ea19cbb1d70da0b300fa0fb345e7242 |
| SHA256 | 1bc1cc56f2785277608d0abcee5a41ebe73ea75fd43c15a6308d75af57772593 |
| SHA512 | 198ee6d444579d1e62682232cfb6cbcdeee935df38729ed9db08f48756ff09ca464b1b7ff3a07d5fc7826a5c96c1d5c20bf42a034d2f14c3ee6c83bce0507942 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WZ04RUV6\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |