Analysis Overview
SHA256
eabc70968d6828deb319a3dcf934bf5ddad355b8f3f065a8e95363f554876908
Threat Level: Shows suspicious behavior
The file 80fc7464938eecb59386e65898b56e7f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Indicator Removal: File Deletion
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
NSIS installer
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 01:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 01:13
Reported
2024-10-31 02:13
Platform
win7-20241010-en
Max time kernel
71s
Max time network
137s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
Indicator Removal: File Deletion
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436502505" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50C5F5C1-972D-11EF-82FE-DEA5300B7D45} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000121ce086b0276cde54d2afd147efc05af27d049bec4774d01ebf526a09c08488000000000e8000000002000020000000e3ea3e4082e6202671888c8df5d7b2d7750b1d4f75824c4996d676dd5d8a9187900000007956846663780c8be276c486ef3c61bf104e3769edcc8e99f2b4e2fec11077ef9fa9fe3c6780ff1b66b9c1a244158ad01d1403f5211ef9cf046e6be09f2ab94274a99049d0ba9eac266a57ffc3de43b2f898431725d0ff73090cfbc2b9af29d039cb386c38b94a1ce2e5b89d9d4a4b554f8a8c4c2c071edb2a4c0a4994a3a63f58cd41a793dc795669bb6a499a64f059400000004728924406c7683dffbdfbad2351b49e60a957d2d6b0dedaa121851f835c8fc10432857a52f5a63e06bd868e69b8833ca6799bfd737d80dd334a29df26b0130c | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0023ae283a2bdb01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000074d71810608224c7871e7f9f17f69a0d4b345c59f526b4ff8b63d80eebd269a0000000000e800000000200002000000041903d80cb0a2db5eca36f991591efbd08746c1f14b217ce2fd2dc2ae3385b55200000000d6e275f72afb1259b6db2e5232f815d5f316ff95fee55ea65952793db5d5d4740000000e8f381e77e582b83b08c1dc1ebab556bd500d2cc85372e2e01163c655117ea1cc1b4c7c240fbf5bbf342e12a7184b1fdd385dc1cc74dbb4af2034840cd56a17f | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl3
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\1.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | down.97199.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\nbfile0.exe
| MD5 | 74869a0346ab36bbba85022612505121 |
| SHA1 | 2cd02f46f2f9f46eaf15fce40a3bf4781f80cf8a |
| SHA256 | 6de866b5c8abb1db9b2be231b365c1aa029118fbc58823f443f00e3a33dff18a |
| SHA512 | 723812083113cff82aa5e2243759c572518865e351cc81b7c2b85a05557862dbbd7a98b964ff6f3aa3802bb5d4dab01a14147211495fc5803d9ddb7b715f4de5 |
memory/2076-8-0x0000000000360000-0x00000000003EA000-memory.dmp
memory/1552-11-0x0000000000020000-0x0000000000022000-memory.dmp
memory/1552-10-0x0000000000400000-0x000000000048A000-memory.dmp
memory/2076-7-0x0000000000360000-0x00000000003EA000-memory.dmp
memory/1552-16-0x0000000000400000-0x000000000048A000-memory.dmp
\Users\Admin\AppData\Local\Temp\nbfile1.exe
| MD5 | c4ddf11ebdbf9d8397d710d2cb4e2fab |
| SHA1 | 8008c97e7d6ff92deb3e1755a614f4afedca92b9 |
| SHA256 | 67a632049e45c25de35b533659624ca24f8e70447abca015bf5776ce6cb3ded6 |
| SHA512 | 3c9be7b92208e8c0f57ab8048108714e06b2aa896a479f61637a93a9eacb4818fcb25ce3d4e1a24086558daeae65d4b482b2c1cfba3df202c396e2bc218362e9 |
memory/2076-29-0x0000000000400000-0x0000000000497000-memory.dmp
C:\newsetup.vbs
| MD5 | 4736e7158c27f244482f5a614b9dbdae |
| SHA1 | d3a0e95a81e9e3ec95cfd596b25749a0e24e27b9 |
| SHA256 | b8229bc8d6b0013858fb9599cb510afa4566a439164b2c7444c449540a124acc |
| SHA512 | cebf895dd3ec3822c42b78bac49c685b063cb5afcbcfb3850b073cb118d086c5fa75ec50b6e73d90e14f2c6b595752ad87910b8cf27378424d72a9ea309bf824 |
C:\Users\Admin\AppData\Local\Temp\CabEFCC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF08C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cc5f97be92d4a060feb807f006d9c37 |
| SHA1 | ca2d8b3d21d753bdd17bb232bdaf1b4e273ba6cd |
| SHA256 | 64b1fe516cc88cac0107e1cc22536f26c51f191b1693b3390f8406865f9b6694 |
| SHA512 | 151b8cc0b8ced588ffd8dc20df80052ea430d90277d7f2c725f09583efc0fb4b485b2d8cbf93260abd94441e904c30dae8156ec245d2f33b56dd7b3560e0a4d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1176b4ec0ed1059223f3183bff27f028 |
| SHA1 | 7337e307a9128ad51c1657b6329dbeeee5a6a9d2 |
| SHA256 | 91460622f837f632a73bd459aa5b1d4cb807e94bf3d56996646fabef042b7ead |
| SHA512 | e4400ff9f31bb0435b424f813a2fe3d3b01ab4da63c199107e55084759a9e0ce23057369725030f71560bd27c5c511610cb5608538ebd6a5e794e700f283b728 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba9d7d5dd889f782540dec5b9b3c85d9 |
| SHA1 | fda3e49a3be02f7a6bc65eaea6a818c472039a6b |
| SHA256 | cd665040ee41eef0196ca74f87ff730d6dfe0aedbeb357fdd638f03567a075b2 |
| SHA512 | 675a2fa99351b63116db48f5302adf0dcd4bc61716538a4dc9b14e9e55efeeb393123a8c38b28590583cf264925b39aada220699991c9432e8f868c90be4a764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87c8ac59f5a86b717e4e9281a555d723 |
| SHA1 | cabdaeed004d2e8e2239f7840b26cb912ae489c6 |
| SHA256 | 296223ac1d8da339fa723cbdf486313e9a4f7158f56b6ab8c250998c7f40bf81 |
| SHA512 | e0f76f1decede9f7dea1943a373486892c15cf9907505102aeed8cd342f14008c52773f83f10004ccb8e509e607ebcc8add3644e733ac8d12fa45566ea31c8dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af21eaf747237241f2cbcc5240a9de8c |
| SHA1 | 1f06e00490889860fbafcd0a0a3c331c12577177 |
| SHA256 | e7bb1bb5ab256be48b06134827c62c6d2532f354d4d29da131a2126dede8603d |
| SHA512 | 04256d46f79ff5bf5f285dd5b35901805b5bb336699e93b395099b31e7c3400c372bc30baa288faff7c1f68cee522fb8f3baec59194b7a2a4d04f0237cc2de5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff907857a338f2edb8721a775577e2cb |
| SHA1 | 9c777e893756182f81e1e20cf4348850f35b0eeb |
| SHA256 | 995cec860990617770cfed0242cb25bba3d785b3572443711566653e410aadea |
| SHA512 | 862d37ccdfeef0ee17509bfdea5238371a1877781734170a08e29a83e4bea61bc0189a898edfbaa579bf5d731f77069dbed543a9b5842cb88a6523a1c4088e59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5fdf19d4bdba8901c9a808a0a0bfb62 |
| SHA1 | c22751f32f7334896b6a12d2a95f3bc06c0edca0 |
| SHA256 | 9f708b940f0054579642a084b652bcd9ca3be7bd9b2d4840bf3a1b03ac96b611 |
| SHA512 | 7440677575d53f48a49c5bad035c171554af6b1eb106cc5a5b2a870075624dc53f703e464a8393cc327166cd07c8f614fde8fcdab2c6e9abb01961585022e66d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 791ed552629e091584e7c8d4c4500d4f |
| SHA1 | b238ce08a91f7643670b5f76b8688fc5ff6d82a6 |
| SHA256 | c6e0ced78cf9019e97d938615c371aeae39d3799b598fa14a2055b8c647e1fac |
| SHA512 | d145dd08600a34ba68388c43c634e5843eb805baeb4e68914aff3ad4b172be4b72d9661a5b01b70b53541313d5e1afd8eddc836b6d646dd05e66642a17ee02e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ee802144c006aa2a85a6a2341870ce9 |
| SHA1 | 24484f1aaed772c8ee7dc7a815a7565f763f9625 |
| SHA256 | 9e14d6bdf63cce4ced3b2cff6401e94c4e386fb246162c265f6bce5b9fe2ae26 |
| SHA512 | a6e838256f0776def6165d8f769ca43e0861e6a44453f159f2463dc04232e7c132b957c68bc6e5b7662355d344db8b1b34951dfc99fa0afdf10ca9dd1ed642a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b2ed0dfc07a6cc65e71e9a6a87dd3c2 |
| SHA1 | 4776a05c55f99dd900fdc180f81f81a4f5324d41 |
| SHA256 | 412186df6415a5ada1bfbf62c9dfdcdc53777e1c7b84c86fa8d22f5bd9844b9b |
| SHA512 | bd5ff8363dee50d372cd9040c0be87539ab7407f4ea67da3caaab03dff5663e9076b2d7427139fdc1faf97e1dc52d4fca8c3d3d38d9659bb7dbfc217347880aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 851c138bc794044de7b3474b1c11703d |
| SHA1 | 5c9010d4c9de5c9f8fb9442251f488da5d653796 |
| SHA256 | 95db4f350105fc035850a2f8b528ef80893938c939b958bc4e5e03bba6badac1 |
| SHA512 | 000473a23ec5ac8a343c87e229a6a32c51a6eba73779da19c01ea94d5dc1a93abd28ef551583bee3a905fb2a34b5d27b4a0c88b9eac04bdfa4d8c9d851ebc30f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9fd66ae9def3378092aafe2e403325c |
| SHA1 | 6e01837155567e1899e440ead7ba88299cf86efb |
| SHA256 | 3829bc1da6d680363ef472abb4cdd072429cc066a8203935ce221961e7aa8963 |
| SHA512 | 5477c888f99db209a4eae3172322938f4040783acb04071d89e93aad37faf429e951935931be3cdd974df8efa7a5dbe56a0d3cdeb2d30075836b2ce079f0f36c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a90bddaa68c5e1da7bd770ca36fe82a |
| SHA1 | 860d94f4d0959ab781509e59a03c47d1be4564b8 |
| SHA256 | a7a3c0a7f559fda6214579462fbe47a9e4c864c28d3d8ecf51c53a57b55facdb |
| SHA512 | 80e2ffff5466f889d8e52ea09149673b2dc469d521557878a48d248540b574bdf3c5aae967ee325671479ebf1f29b0f341cdca34218abbf7de78d50358573982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11fb50c29e038a80f69398bb5f6946a4 |
| SHA1 | 9b8f6a9056312e3f85a1adae2a4547291f754451 |
| SHA256 | 5987512b242b927346f155ae90d6f83aae82e83763c617a6366c96197c898ce0 |
| SHA512 | c5bf0ccf96a4f69a8caf00cc3e173526019681bcc4d8d92df6583f080d3c67420542aaca47dd52709d6ee43650c0ffcba2f879f28e1c1e4db548d053eea18980 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ab20e4ea771a31a8389a97d392cc2e1 |
| SHA1 | 009f16758c996fc7a5027e12ce851114d6199d21 |
| SHA256 | 10e9882e36989f50e8162fb9bfd2e6ecaa320ebdbe0d120c4eeaffe54c23ab5a |
| SHA512 | c35fb006135c4c3d29bc445e6da2aedf2f8b1fcecadcc017e9808306a972ae5c93fccc810d81d13e6a1645a3f314084526d2d7c4186e4801231de8345e39747c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fea8f9aa981356f46dfd486ae82b5e2 |
| SHA1 | 1a89103748df0885a3062495b0022ed5b44bad8c |
| SHA256 | f15f8a5d395e7b428674baac0499e6249f4122b2da65e4ff5d312335f834dfc6 |
| SHA512 | acfb1e5bdd19f2fd00902b1fc21dbcae9fa71e5994e6ca79b2d29def30e57b2f02f133572c28864404b779cb71bb5bf5437d9a2deb41ee0dca1415b1e2bf1a95 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-31 01:13
Reported
2024-10-31 02:44
Platform
win10v2004-20241007-en
Max time kernel
136s
Max time network
143s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
Indicator Removal: File Deletion
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31140670" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2519065719" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31140670" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c88e6291f50dd448b150439a5f2f5a3d0000000002000000000010660000000100002000000078afbaf0a42d7bbc1d0b18b13f08db6ad1967ae36f1a9a04495ff06f04c6c8c9000000000e8000000002000020000000ffc78ff952479cdab181978b3ae2c6c10de58487959bafb23111204afa36bd1d200000000d42536f5b3c7a4053343af4661d4ca718835cb1ab2bda90e0b2e2f450738af74000000045d6fa6a96fbb1362b34d622aaf41c33be5394d726efeec09315a4636cc4799e7146a2f87897c054792b3c538428d97ed1fa202b11aea2ee78ee1a28ee0a118f | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2514690987" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5013b0963e2bdb01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C168E4C8-9731-11EF-BEF1-D2BD7E71DA05} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403fb7963e2bdb01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437107517" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2514690987" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c88e6291f50dd448b150439a5f2f5a3d000000000200000000001066000000010000200000005cc8a8dfb1e1e044d99e75dfd84f946b98724662e96c829ce6be4721a8c968c4000000000e8000000002000020000000dcb6cae0a4047704cfeaef4b2959cdb0381796f81fd7401b35116e22e5fb285a20000000131a47ff90bcf59e8bae647f11d46679e14b46c14ef0f35462d4dd7a26338c3b40000000510e612baaa4070c80f29ca5cd19230af6364df0e20cb6a02efcdb3f62f26e44ea3d212d1a5e524b79bcad03c459f8c8b7303c9af93ca89c65ca77fe7afbc22c | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31140670" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\nbfile1.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nbfile0.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\80fc7464938eecb59386e65898b56e7f_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl3
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:17410 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\1.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | down.97199.com | udp |
| US | 8.8.8.8:53 | down.97199.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
| MD5 | 74869a0346ab36bbba85022612505121 |
| SHA1 | 2cd02f46f2f9f46eaf15fce40a3bf4781f80cf8a |
| SHA256 | 6de866b5c8abb1db9b2be231b365c1aa029118fbc58823f443f00e3a33dff18a |
| SHA512 | 723812083113cff82aa5e2243759c572518865e351cc81b7c2b85a05557862dbbd7a98b964ff6f3aa3802bb5d4dab01a14147211495fc5803d9ddb7b715f4de5 |
memory/3180-3-0x0000000000400000-0x000000000048A000-memory.dmp
memory/3180-5-0x00000000001C0000-0x00000000001C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
| MD5 | c4ddf11ebdbf9d8397d710d2cb4e2fab |
| SHA1 | 8008c97e7d6ff92deb3e1755a614f4afedca92b9 |
| SHA256 | 67a632049e45c25de35b533659624ca24f8e70447abca015bf5776ce6cb3ded6 |
| SHA512 | 3c9be7b92208e8c0f57ab8048108714e06b2aa896a479f61637a93a9eacb4818fcb25ce3d4e1a24086558daeae65d4b482b2c1cfba3df202c396e2bc218362e9 |
memory/3180-15-0x0000000000400000-0x000000000048A000-memory.dmp
memory/4680-20-0x0000000000400000-0x0000000000497000-memory.dmp
C:\newsetup.vbs
| MD5 | 4736e7158c27f244482f5a614b9dbdae |
| SHA1 | d3a0e95a81e9e3ec95cfd596b25749a0e24e27b9 |
| SHA256 | b8229bc8d6b0013858fb9599cb510afa4566a439164b2c7444c449540a124acc |
| SHA512 | cebf895dd3ec3822c42b78bac49c685b063cb5afcbcfb3850b073cb118d086c5fa75ec50b6e73d90e14f2c6b595752ad87910b8cf27378424d72a9ea309bf824 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | eb495911b32c5419c6e1c9f84108c332 |
| SHA1 | 7668281d05bd89c6ade1a31aebc00143ca95b2c2 |
| SHA256 | a31d4c84f26e3230d3a5f46fde02f225fc51341caeb15ad94e08103812e4a972 |
| SHA512 | 536a93b36a0c0c3bb9fdc9b10cbe4f1b8020a78372d08fe9069139a5dde92c9f81fc209911bccbb2cb4a8d363d0204a126edc77b92beab5f3c62bd5adb3b737d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | ee4ada789158c1e5a14d597cf1d5edd0 |
| SHA1 | 9593aee78d30d51ab93d6a29dc4dc873e0d466b6 |
| SHA256 | 903a6d82bf2fe8951104cf90d9f64aab0fbded30a2246e678a80d07868569b4f |
| SHA512 | a6214f62e5089512aeaabab7c4bb38e8663fb55d5f4129c57e726723dad10802ec40c3dc836087713b77c1874c12f177bf2b2998fd3e52f4210c1c5307885c16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IQ93NPJ1\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |