Analysis Overview
SHA256
5506b60ad03f77d51ed88207458fe6d41af0eb7887fba953bddad69f65cd41d7
Threat Level: Likely benign
The file c0302de9110b1e9c497595f03c8cb8ab_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 06:56
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:59
Platform
win10v2004-20240802-en
Max time kernel
140s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0302de9110b1e9c497595f03c8cb8ab_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1280,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4068,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5444,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5604,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5612,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6116,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6048,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5636,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.142.123.92.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.244.61.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 182.61.201.93:80 | api.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| US | 8.8.8.8:53 | 93.201.61.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.200.61.182.in-addr.arpa | udp |
| GB | 92.123.142.113:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 113.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| GB | 92.123.142.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:59
Platform
win7-20240708-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000818cd5aeea14d646d9a7320e1c052cdaaba1c024efb4bf14ff4cc53a2c25e0b3000000000e8000000002000020000000b66298e95136cf5969c14650b0eee092373ef557f6ae89d85dcbe18865de417d200000004186b76e35b632056067484111eda08a513098f435a044110849af7614e91dfb4000000065533fa015de4aa7bd99b99338ba15f37535f361f185cf48bdcc81c66c38756850c9c77886441bca287219695beb6f65277bd18506b02a8aeb1772102bd8d5bc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2776A321-62AF-11EF-9D33-D6FE44FD4752} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201331fdbbf6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000ffbe9ea1422d14a0cb4dd43197a923f3d17dcda197c70df5c67b4981064e499d000000000e8000000002000020000000cc02a024c8ee2dfe6dd08d373ea623bb14ad845127aaea50c8fae113ce2e78ce900000002f87967a10c881e0a46e731d77c38c7f5f52940f040ba9986cdb632e4688a8f7dcaab09e0cfd34f5eaf358a489d4e923f2371b9fd25d75b2c94415e8d73e5ee18f1fead308b3185b7068d8bf3349f20e92a7fd4d7a96fc0a27203f4ea13466f0b17fd96d5fc000c92761dd3dba32dbcc2da15a614f415d8635b108260b7acf1273895e1bfc13e3d46ed52ee9599b10ea40000000187c13e6fafca3c91db8e127d87ec7e4a6d2349c70e43762e71c909cc908b123d1a5f029e6fedccb8a887a638abe8dcaeb514c5805b721982fa212b7c94708f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430730857" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1960 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1960 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1960 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1960 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0302de9110b1e9c497595f03c8cb8ab_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 182.61.244.229:80 | api.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | api.share.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab75DD.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar768D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a3abd09ee8829c4482c6b71f1acdaf |
| SHA1 | f89ddb3d549fe9d64289ff02f533aa115c8e8b93 |
| SHA256 | e5c45a5377010372d402e35771f36038e254d489cb8fef4e3044eaefaffc8af3 |
| SHA512 | 62a48ebd294dfb8a9bb436a07d23ecc1e11e4ac6b36316912ff340679ebd669d32072eced9d6e018843707bd6a3ec09c4379cbf3a72db692045dc187fe0f1c91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf61b2bf518aa20dcb4d61d9772b5940 |
| SHA1 | ae839951326f706c070016c4079ee5a7f1953bdf |
| SHA256 | 2d2ba4ab1ab5333f5cd3702e2e91e3f26123170f66b8889e922ce6123443ae59 |
| SHA512 | e3fba6c898edd0d51905bea4a02915c9cd34d3a3dad29a57b50308dd389f04e1f5dd917de56c883a00e9fce72537d3c546d6b52717245bafbaa3f54fbc6e1b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9ee5cbf22b6144df4fec7a9e8ad8d2e |
| SHA1 | db36900b2f3171c64dde2f8acad4e3bb265a85fb |
| SHA256 | d194489968b686025fd10aeec637ee6b6863b4145cf596a1b8d2706207dde0f5 |
| SHA512 | 17e1da7c142ff74e515b29748baba8353b82b6a00f09ca32db8a6530beea90cf203ff52e1b5f8f757cecd12191bbccd38578edda685e4d61a27482f4a5150954 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 161e22a5daa06691189cc3e4e984ab8a |
| SHA1 | f9f95a5b21d0e13b204b6cb7db2878d9449adffd |
| SHA256 | 3ce38d203385afc70056f4119fd19ab0e3b7b1ef278398c628a738999aeb0e06 |
| SHA512 | 9a75a5d0955b3da283222a8d435f6466d120746f37aac2f57f9b1cee69f4bf167635b8fa3071e50b48526837c5a88a4f0b276c47884a4709bbe543aaf57f5205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9dabecb8a344609d708d08b206c408 |
| SHA1 | 9bf656f7342d5cdca2e9484c0e1e235da3819d62 |
| SHA256 | f1753266b15d520e4afb0fcab18f4c50d2656dba632586c1c885f44a39755ca8 |
| SHA512 | 336ca64e4cf60b003d02d6a78797159d1751d7a2ef00c4af82eeb791e9182f32bb22c83ec8c4160f5781280b89a1e75f067d4ecab4c2bee363217787e2a3a71c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c63d498f2b14d8bf029fd5097c37a65a |
| SHA1 | 10d835686f2d91a743787767926cf361267220f5 |
| SHA256 | 15322c9667de22b4272d7c54f2576b1c93a363cc0f760088f08b4455039e443e |
| SHA512 | a66255b8286fc19cf2dc1774703ecf58cae7e88f2a439ddc0f3f2ae41b7375e44ff60030b45c3ae039838ff0e1449f3c2390637c8f8c3aba4362ec9ac0423f7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f32f9126e9d1afebf23f50c7953b51c |
| SHA1 | 594bb42ce2881aa25b0d49d0d9b10ab1cb6abbc1 |
| SHA256 | 389052c24aad2095f8eeb3a3682eb10823a8ff472be037e8f7b994c1835d089b |
| SHA512 | 2b6f2fb3eda94d57877cfbff2c13a12aa3020a1a3c909d2e62ed5725ae2e38f572917765203e3995450ee4c38bbdf7ee82ba0895f5edb85a9a929c3c056acc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 032e14a5b9cbf8821e3786a184b66bb2 |
| SHA1 | 6342df957cdd722f98134b4925077e3b2d7f6153 |
| SHA256 | c53070bb7635c80dcab5a8a703e9447244946058e7d655ad8e20a4ca32a3ff7f |
| SHA512 | 1fadbb10370e9ba3d119ff5ea147cbc7abc10fa7ff317803172f0952d6e7ed2dba109c2edeb4514c6e984079d608eabf30a46b4fb534b275f2f2e333afcf1365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb07d892a3a7a8d8a8be26eafee71ca2 |
| SHA1 | 9f95967d72f7dc162b97af0b3573551aae5e76cb |
| SHA256 | 323475888247382dde88e331bec99d0f6588662919238538ee2c713217b4bde1 |
| SHA512 | f04ba16e03e84076c3033f8337604aa172a3cb51d604fcafaa946d7681dec04b73436c3fa91b7728340e1f3e6ebe140fbb3490b1126885fdaeaeaa2d87199e1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd4b34a867cb274e533c4be84368d051 |
| SHA1 | 605e39fc281d64e987a72356e598dcb652a62ed2 |
| SHA256 | 965805fc083268e764f53318a9347b1bfc0f5b9ff7fbb36f19499ba0ad778bfb |
| SHA512 | db49fbbc0bd98ce4a6d0b6e3b709559a11f8d5ed52940beb354604668539049fe4178f242bd0eaec6b6a039c98f87acc2bb86e1e2b8252405c7deac008c7c323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 537957359bd78b6ad7304277cbb4a69b |
| SHA1 | 232ec28086b1d7d6fefe3dc332e42575086ae2dc |
| SHA256 | 60300ddc248a22f4b2669da574a0fe6a9581432b24255baeeb7ca8833b64c781 |
| SHA512 | 87e85b365794e9f1b5626b023dfab5914d5e4c07b49cb36b1f7344454e61c0cc3c9903f66c843d50659bedf560fe09dd44882505b935936d45855d5d3c4b6354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 425733635bfdafff74db5db6ac2acd60 |
| SHA1 | 941dbe6eb5efd4943c816a239c535d4692e610bb |
| SHA256 | 424ad4889e5766d3759755b62e4eaf83b33ac95a907fbb9033c05b6ce26e7d47 |
| SHA512 | 1645a500873881b727dd70e0a26a63a22c2381f35d92c0e98547e2c4126dbe75aa5a8a97d318e8a3fc3150e09a8a1f6d375d28b5ed0ff50f282bb04b9f6fc341 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68c2c121b4e5f56d28780a2fe095e989 |
| SHA1 | cc0057e58c3f200dbc15193c7b679ecfd92ab6fa |
| SHA256 | f12284d2bd31e965f7c438d4e2c87656e32ca8c6230e6bd2a33bd50f984018c6 |
| SHA512 | 02715588c31f4206ea591ee3faaa4e645d8940a3ec30a60fe4287484693d195af4a4e2a08fae0bf0a21968b7e9337b6487953465192c5b97d9fa7cd857d5230f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4725a25ada455f590939dc1e2a114095 |
| SHA1 | c8197ecb63c5759afcc4048eb29d840601158019 |
| SHA256 | 3d1e067f8d4f9bd5d834a97ff28aeb29edaae685c268a562ac5ca175501ec52d |
| SHA512 | 5713460925d3c415f4be0d9e112f864da3284ed036d8bae77b46637ef78f592d5ad8a5c8702dd074a5d9929cce111aa912825e2be87a9234325889d1ef1eef03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7321fde6874731d48c64fc842ec8b36 |
| SHA1 | f232976c2e9cd90bc39327d0be2ec2d5e015019e |
| SHA256 | 8b57b98c95c8c3ff083d829416f6d5c7b7bfd9de8509ef9cb77bb186ec67c6bc |
| SHA512 | 6fa9a5ef520649cbe8b69926cddd1ec5e1892d507cbdc9e5afe84ad20b92f15eb319619f71aa58e25342c06e1f39c4ca78c5f7683838cae5856a572701f90f97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0480867211c42896c7d2ba887faf97c |
| SHA1 | 7a92cedb0938bf97805b4df77ee8e1b25a71e03d |
| SHA256 | 17d1997b340fc519dfe30cf21581eab84bc69b8acba243dac1008280401357af |
| SHA512 | bdb751bad39b5c04f518bac96267ad9084f7520c65a08d16e78e0a840c6628a7f465635a81d8ebe86fef1c638d2154281c359dd6e262529b8f4f278bd537a770 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7a9bbfce1b2e81bd38bc0469f4fceaf |
| SHA1 | 112037cb1c46da2bfbf69853e44e45fac1a51ac1 |
| SHA256 | 807db4d3292e2280dc28f4f5b720875c1a8290a874a1578170a95de4a2163423 |
| SHA512 | dfb4dd0763aa46dffe3cec19e02cab672bb23f3d2bc541ed8aa0f1cba43b35c608df217db817398836d0955606982933aa8c50a4ace63a74ae5a8fe5de8af191 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c4a6b6772f687cb80231f8df73b9c5d |
| SHA1 | 57f5e49e8361173a7840fa2da97f710b7418debb |
| SHA256 | fbf398467b1c3d1b5ba2573d0d24cf0f44c21b39bfff987c3dd4cbaf0f6e4f1a |
| SHA512 | 632b4b45050a3ffceeba61d3d8dc11acdcf2a17da2b5bc7a54c2131820b961adb0c17b492dc94be591ce47b37347ceabd269e911485d25d11753f11fb7079286 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1318015f01ddaa8e9b99aca58dbd33a2 |
| SHA1 | 98aef55fef09142bacd9731976376fa3c6653cc1 |
| SHA256 | d1f661ac3226c3e60732ce95b4ddd6027db6a00ebd575ef308ee189ddd42d2f8 |
| SHA512 | cafd30d065faa38f0f914b6b950603c038e6068f806774966c8dffea427a7b2cd6f8b132c182ed80cb8161cb7659916cd63cb7f36b8ca24938232a4c1eb0979a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80e45687af1f76643bf5d46e42de71db |
| SHA1 | 17e12ceb8f0d04cb8d293a2914eb85824f7dc458 |
| SHA256 | 12549257ee193ed95c271f9da7047f1684182abc533e1808f6ff7c8f75e576b1 |
| SHA512 | 39caad57b1976157714d890af5eba286cc955166c43209a355945e1bbc7d7a5b3e1efd1689b82fc3c3ca6d051dba931695ccaffc6b64bfaff52409d68954c6ee |