Analysis Overview
SHA256
46640b7bedf8e26bf309fddbebbb12c6de9107d2546705a97aa61808529651ad
Threat Level: Known bad
The file 78a216935265325cccdfcaec093e3c47_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 08:23
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 08:23
Reported
2024-10-28 08:26
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\78a216935265325cccdfcaec093e3c47_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a9546f8,0x7fff5a954708,0x7fff5a954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6585930679148347208,1635483568070944632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6585930679148347208,1635483568070944632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6585930679148347208,1635483568070944632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6585930679148347208,1635483568070944632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6585930679148347208,1635483568070944632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6585930679148347208,1635483568070944632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 172.66.41.9:445 | resources.infolinks.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 172.66.42.247:445 | resources.infolinks.com | tcp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 172.66.42.247:139 | resources.infolinks.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_2260_RZMELUPHLVMDVGHP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57e0d368a78f84f326b4660c3ac5070e |
| SHA1 | 30b2447b15c750d06219bdca298770cafc81b7c2 |
| SHA256 | 684390d7324f1991eec03b2f674627d07c0fd71d65be45764b158e3124a4dfc7 |
| SHA512 | 43d1c4b3e0efcc9066d28095f5e1bc7f0ca8ca184e152cfef0f769c8de37dd20b9349aa55b7fa8195f370a948d8110481bb6773aa58e01844a388506d04aa146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51449e4616ef73db733fe7af56418bee |
| SHA1 | 34a1870aa418f9623c8de747294fe9b1c5ce1e7f |
| SHA256 | 943e0da4c942008c0c9b8e6938bf45b6b5a928f6b5fef101418bc717e2b7ec36 |
| SHA512 | 05d8a8f74194c73e12a369715b12db09ef5d2d1f747fb03d7a6ba6fb678b1dad4885f2aabd31cb01fa802135471e6c9a77d24b2e0ab62d1907def49964fba9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb73ee4b9891a8d7f34fbe74535e2054 |
| SHA1 | f76d1395a9f66195ea5c9e27e159da41aaad844b |
| SHA256 | 0b43f38d37f9d5bef5234539a641dd45a6883d787a4ec2de69a3fb88dbeefc28 |
| SHA512 | ee3d8866f8b17462e4cb82e39fbca5475e56db618a9dac773720f5634f66eb0d99cb03ca8a978124e692fcdff9e08596adefed242a1c205c26236c55b6e65c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 134618992c891cb56e8ef4aa9bd7a464 |
| SHA1 | e6b166f3ade592afc8c83125d6958d760464976b |
| SHA256 | 16f5be6a43d534224eda24e21cd1587472730b98f621b52d382be5fcfb7b01ce |
| SHA512 | 09049ea74c505a66638bbd02bafeff27a5216c67e02e2d5f55f53e42d4bfc7236c7be9b685f8d46383aece8ec94adc4254b739e5fb1f3315e1c2a11a5bc01bce |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 08:23
Reported
2024-10-28 08:26
Platform
win7-20241010-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436265678" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E94BF0D1-9505-11EF-ADEF-C2ED954A0B9C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2712 wrote to memory of 2492 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2712 wrote to memory of 2492 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2712 wrote to memory of 2492 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2712 wrote to memory of 2492 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\78a216935265325cccdfcaec093e3c47_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 7bb8c6047c321096d5bced187597fa97 |
| SHA1 | 6d8c9d39213bb6bbec70e52e50835b928af3e5a4 |
| SHA256 | 12d43ababe9cbc51805962cd62b8eb84626e72febefc9992f16374355c724556 |
| SHA512 | ffde9e2d8ba0d71ee864574f4bc9d2a2557676a9d57096d2d7bbda700917d028f956f4c2072ce0f17f964d2dd884b523b575bbfd4adc8d081c1541442b9efdaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 7a05c99657a63789efc5688995dab0d8 |
| SHA1 | 81f513532c5c5bb72252614c535c6aba6d754234 |
| SHA256 | cb90aa06e760bdfbf56bb4ceb8e2c0a7f95538cbbb74b59c293e2b577c2b47d0 |
| SHA512 | 13ab8c33af649e047474ea835aca64405787763188bccb150b07d34142661539a67da90f74af858091937767a9ad0166d3f635a2a2ef99b1692e40021b229846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dc6bd4bfbc01737decd7850a46257ebc |
| SHA1 | 156814bceeb2b61481d40c206d1a45f917d9aa03 |
| SHA256 | 6dffef7a650a573f04addc7dfaa7d84c6eae104e12388539a573d9fba727a4ce |
| SHA512 | a7d7530dc0ab2822e00b5d158cf14271d23c9231987611ac2c7fe5cbcef8e343dba1ae74ceddec91bf719b30d7cf3086bc64516131fa1e6d1628bc2a9d1434cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 393039794bb07c4f40f7d13e0953c4f0 |
| SHA1 | f8acf743cd0a5c19eee19e5f30c1ac75312d01fa |
| SHA256 | 4c1c31a69091634bd3266946dc328f97aac045fbac66a6c63b4f82e3f682a427 |
| SHA512 | e754f8031ab8653a59a14fb801762052cf39ae8ecc0194b85f19e3f516046b0f7ddce81744a3c5ec92cb7baf9984407d5f6fb11fe50a6b1a866a16bad506030c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c417c2c1fc1949d36d114198af0cd578 |
| SHA1 | 7168e418ef8e60dcb7c86befddd3e56f4ccd5eda |
| SHA256 | a31d1183eebf18a09e182fdcbf3b16255e3487dd9aa762749a8c11f4af602e3a |
| SHA512 | e881e922f098a0013361e304db42f4ecd67945e2c479ac86efed726c1287002d9cf7d8a7ceba042f0907ba251252da02595287deac311d14c7594c319dbea0e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 4a2e43af6a3301969d6a2a48439c01ed |
| SHA1 | a45bea6f8c94bce52156a220b5caba07fc78ffbc |
| SHA256 | 8267e0b414b462b25e5eec1fd15f8b944c72a2fcd307c6f7da006f67e30e1a86 |
| SHA512 | ba62b19367bffa23d0b1804e0ad82604c75b3b048b47f54fadecce4cb418947b414ab3794527b237113c1a8e701c73fb10adcb799793ed43b559666e560d91f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3
| MD5 | cf440287b92c219161bbbcdf3134797e |
| SHA1 | 65d3604ee306d79e6f19fde614aa618c61a3ee4b |
| SHA256 | 8e6643fa40a0ea1997a4999fc08928f1384df4300a8be0f89a332cd0e4863d53 |
| SHA512 | f0043139e2fcac86cc4722a1624ff1b8454216a1b44cb725a5698a2f3a01155d1f589a6d023d5eb078a4d8f183d5804c743bfd22caf47719dc85cd912de98edd |
C:\Users\Admin\AppData\Local\Temp\CabAE89.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3
| MD5 | c79cc17dc3659f80a1efa85ea0fe08ed |
| SHA1 | b61258c807eaff2d426dec4d35cfa40f9e9d09aa |
| SHA256 | 16b3801e79f7b5a7046b6f83e9d6a8599b3ce26a89ea71938380bb1cd668090a |
| SHA512 | 1e48441fadbe44a3c7c2f4dd905774eecf268d8a799942eaf3794cd9350163d8400a0bb925c74113798e2c2b8854bfd960f7cc80ab8b0973c66dd798a183d3da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_276D3645C8F85F5AD2BC13B79CFB31A8
| MD5 | f7ceb77800b8a27f8d19bf1a19af6d0a |
| SHA1 | 5ca3e2a52ae623bc1d039d15ccb196a1a632f0d3 |
| SHA256 | e91d020263b6b54fa3df492a492639323dd190d2fb145cfc86cfb6fa03af5cf7 |
| SHA512 | 808b31cd3d204498be74384dd484fefcb8f3d8358289e9e47b40f6761d334f8ee765f90ee335dc1718f63af1020feef9fc228b60877f5d705448be40faad088a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_276D3645C8F85F5AD2BC13B79CFB31A8
| MD5 | cb0d087cf3cbbb31c7001f65a2d33760 |
| SHA1 | 57bd0cf02e0cc030d1a228d82afbfd8ebb777b30 |
| SHA256 | fa98aec47ab16865d1531d66c4c1e0e7be217f5851dd446bce52acd9d09cb3a9 |
| SHA512 | 616fa0883bc0857c169b7c697bf02aa653c31fb7f613c5890004fe09b75f10a05328c44b60f72577ef36c6b02b187d5636895061c7f42de95c9edf54be2cc86e |
C:\Users\Admin\AppData\Local\Temp\TarA038.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e66169e3380994c4f608790c0cb0eea1 |
| SHA1 | f9de4349cabd08d4c1097fa1793e6aff8efee155 |
| SHA256 | cfd39deeb58a6e603b2f8bafd8f98705b734bfa46f5259b2da9ea9dee41eb908 |
| SHA512 | f61386e574e9c63b6251e491abfbd844b2c469e306f1887f6f35c83094cc4d974372b507365f80a7639a9964b8a08b39c7c7848b44c14681562fe1b4ba6d42ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b0dd96619774d510d3255f96839e83d |
| SHA1 | d2aafa42cd735b15158f5ac2e70d82c15d4a33ae |
| SHA256 | 0d7f1372241aa4ebade4cad975ce5d61c608accea2c2cb49b419bc96c4f08b38 |
| SHA512 | 89cd885b021fd36b7ef572cafbdbba0ce2cd9c9d9daec9e8aee7f84d9d31174ddf9037d659cd84eef3b66f4e874bcf8c9a373ee2fc2dbb377c4d34e0c4138534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44a752a6066e6e5f7a939fd286f70521 |
| SHA1 | 6d28439d3d8308a2c23c53eed66ba6c481814f12 |
| SHA256 | f7ad6ee748bffe0783d924255107a99ed3d6c6e55c859675e0fe8c92154d387f |
| SHA512 | 5cb1ea5e078164d964ec31deb3cd1117d57ab9f5811e61adc38f4b4acd0f8df67a19b452390d8bb1112cd716a3805a20c891a55ffcd02cd91c0c22ca710646c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30a4d5c89b4acd1f73b045ffa20789ae |
| SHA1 | 1c9f9345d1391d165ee9af53a5113d66dc9f554b |
| SHA256 | 4753f7388bd34c4e90400ae90be8360c97f9a75a64af586fe554714d9d3d7f42 |
| SHA512 | 2a5bed9670f9c33011f76e58ef94f7af71e84854d60996e1308ab301af97d3048c2014be2a50e1d3b2853a59fd3a3f94f92fdc1e162b66c63da3b3cd91111f03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2e52c04122ea3795a17771e4d754500 |
| SHA1 | 45393b1087896de0af9797bbc0dd8c9aca427cff |
| SHA256 | 68ee185fa326ed8f3c2f3a0a4a2f4b77633d4e4c7b2f0ac08b6d0aaafc84136b |
| SHA512 | f779041e5fc3b49d402883167f7c081c48a8222332f1fcf0047700a7d32e5171f2e209202fbf4a0764c63b7e5877dc46893bdcf208953cd3a08c4583a08a2f2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ba25a0904eb5ef33ac916b0c80b6a6b |
| SHA1 | de88a31277d9ac0146c4514b728af31baeb60867 |
| SHA256 | 8dc95baf26f32e809f78d9dbb0389042c3c5900ccc6a11dfa9470d5d48a65b80 |
| SHA512 | 8b0825782db5dc0a1f4e282b269328869fd8fffeeea21238143f39b82e401bb08f8a384926ce0c4197daf354d398ac88b64482022989d97e73ac2e1ad050ce42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a5d4af98452aa13c7c8513f08923c31 |
| SHA1 | 5ba5ea1548f3a81d21bcd9a1450279b265e590fe |
| SHA256 | e6cfda39dfb3c4f79df9d666407f2692e6cd3314a92aff32f354bd58f729fd40 |
| SHA512 | 6f5e82c5037a8042f1ec63949b1d9a2dbc84267b4c2b10b1feb7cfd05164a7032748afca9eb1eefe03130991940ebd65b438d51e6d0a4cbe3c4f7b3ef75b765e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b69526ac451b823a362bf70da464f50 |
| SHA1 | 4bfe56dda02c2b2a4b33fbae3c13b99417084478 |
| SHA256 | c4fcb67dc1571fbdf1e6542974b3315e2b874939fe979c94b48be5e243797037 |
| SHA512 | 1e763dc6ed293544a2ae48d5ffae316b1cdd42b10d1879462c0ccc5346461e8ff2882e1433cd048ef5a32055bf292279f1bfdbe06a3300f6e61fb3d9e401c0e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5ba2e3f6ffc4227b8388b6d75326534 |
| SHA1 | 9a9b9bef307e5ce867706b91e9a254cb96cca0a7 |
| SHA256 | f41d6efb623e9addbd8e4dec2208a6dcff1b68699f6c7db71e1a3d1289b7648c |
| SHA512 | e6aba5f1bd5eba82f01164e0e591ac01b8d73238f740881b70c7cb7083b51decfc5e2a89422284989c0bc91d820e538b667b91192d72d0effce3cf0ac9be552b |