Analysis Overview
SHA256
9494b9ccb055f5f9ac4d69b043b0954ea6dd7771927670e7680be3ca547dd907
Threat Level: Likely benign
The file JaffaCakes118_40be31f9acd0bffe829ca9193867ea6f was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 14:57
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 14:57
Reported
2025-01-27 15:00
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be31f9acd0bffe829ca9193867ea6f.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11593162253168472189,9282811053975882561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.rentpartyhalls.com | udp |
| US | 8.8.8.8:53 | tek2games.com | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2c40d5d7c5e0a85321aa5a230e68a231 |
| SHA1 | c4ac788ba4da6897adc3c9ef661ca6b469fc547e |
| SHA256 | 9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384 |
| SHA512 | bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0 |
\??\pipe\LOCAL\crashpad_1008_MCHVCSSLRJFFMAUF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1b9739f5776a018d1dfea64dee3f4897 |
| SHA1 | 3dcea83f53d046c24318fb0748f4d0652b213456 |
| SHA256 | a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0 |
| SHA512 | d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3532c782d6470e90ecd7ab84e0c1d2ae |
| SHA1 | ae7ba704e13b57d5c0af50788566e29f4e42e6ba |
| SHA256 | 794fefcbf1fbe2bcfce71e8a75a91106d2393997b6ed79af1e44c0bc064a7093 |
| SHA512 | f0ee17816a9c2582c223862211e758643f317841ce402f3eb7cc9f247dd7ec11f4ad67147a20fbad4788c3e6efe341a141bb1faea0181842004c9f100ec3f092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6d94763c-16a8-4220-bba8-89d872a22f12.tmp
| MD5 | 8bce0d45c0d137e967eb083d42b4d8c5 |
| SHA1 | 8c48e5880547bde1d4f8009335953ce72efbbf8c |
| SHA256 | 9c1a0a7b1bdfcb9dd35a4f1bb8928f524314f279d29a2b0257921e307dafe572 |
| SHA512 | 6857f0ed92b9ad6408815fdc30336211f59b56fd1c6ceee6ac1d69124a8ff629b546a7ad7d4c0e4a9c336cf2d08a24569aedd5a3561fc4163057fc81e879b40c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca385fe232c47d81cf265a0c004a1008 |
| SHA1 | ebe9100e0bac74384f7f6034b6282539f469a080 |
| SHA256 | a725d9375571fd926dac80ab5e0991682ed6646deb236e2e81082cda1a23397b |
| SHA512 | 7917b991b20c6fb6eef8473eaf7fa063410c6b5cf62c8f1030617e25b8ae39d3df37cb6cf805b990e804a7fe6f94a562486dcc8da4b961bcaedac45c435c5d20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 62fa438b48fdfb61c360e6d4fd356110 |
| SHA1 | 6e54e946a5211afa1459715b9f37a18ea92cdd57 |
| SHA256 | fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798 |
| SHA512 | 01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 14:57
Reported
2025-01-27 15:00
Platform
win7-20240903-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07685121-DCBF-11EF-9733-46BBF83CD43C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bc6da7b163a4714b8d52753121f2200500000000020000000000106600000001000020000000b24907bbdbfa54a879dbbaf602b03352e0ca688d0a51eb7a5018f34fac497d0c000000000e80000000020000200000009bf1ddb846aa7e8f50f62881e6959f8d5accd4ea79398965587fd19087a9ff6f20000000d9a42a9b0a577a76d5ed89b0a04afce001d68107cb18c15de8fcd79c9948ca0b40000000df1ffba26ca25ff831e056987eeedae84cf0f3d107e4a6d93f65fd46f45cf5452f44772e742db971fb3628b989233ec36a092e6c2384cfac022f577e5a79eedc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bc6da7b163a4714b8d52753121f2200500000000020000000000106600000001000020000000be0067e3837e7d128cb9a9762fed0087db877ebe9fffb83deab6023099d31250000000000e8000000002000020000000ad213826e11dadc04c2d94ac43898a24ed9bd2eacdace3449dfc73d7cc6291d490000000b7c92d741a07cbd08d1a147e97808add53d0b18ce99fda0f7f5a172b562f3a3870ced231e4788bb1fd3dc49866bd4c35e7965944a41c13d7af69dac30593d9458ae6a6ad31effe1233541433f89b09f8cf7b8182f2c62fadfad5cd478f75795607c50c697fab6ebca914937c21c3293b7888c3a73fa527221be22ab4cbb42d698f8e1cc31ab857477e37388e8419ed78400000001bc4d634b68dbfdfac09d369719a06e86fb53f6b9363aeffc0fd517c94ca5eb7130d7c975b807590226be94ba66cdc2abe751212973f6f3aeb93ed1398386cff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444151717" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00c441e0cb70db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2524 wrote to memory of 808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2524 wrote to memory of 808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2524 wrote to memory of 808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2524 wrote to memory of 808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be31f9acd0bffe829ca9193867ea6f.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.rentpartyhalls.com | udp |
| US | 8.8.8.8:53 | tek2games.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB5EA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB699.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3822c8e8ebc72964199186b9e1fe0219 |
| SHA1 | df671ef16ee1d90c8b8e7008aeb33ad8c1ba486c |
| SHA256 | d5426e4d7f89423b66c32c824b15abd0170852a930ef6a4e8f3749cc08631264 |
| SHA512 | 8f957096ed35db99dff64250dd49a48f57aaf29b5727f8d0238afe493f1e5bd3e1e196c1ae18708943b1cbc0da261a479212628cd4eb7eaa201e59327cbb19ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c2a0668183af3e0b3e18e8c810fa33d |
| SHA1 | d64510a46f70f9f18495c5db517c49f0d170d300 |
| SHA256 | 2b55946b1044a9c63a384312f5318e8b551f37ecf441733aba79c99bc413de48 |
| SHA512 | 87d0b3c95d0b2fa48f628e852dcfc7f08bbc9544c9b1590ea5f5d466c04483a2f66e6216ffba67c08cad8be5b5be38c3bbae1a7a0a4f17cf1d33696f6d8b247f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31ee71f5c1f0438dd18468e143bd0e5d |
| SHA1 | 2da60a78eae6ebf061932e4688cd902e11762683 |
| SHA256 | f0c04f64e86b202e80bc99489a61ca609dfb8ecbd07694715cbb3546e11c50e7 |
| SHA512 | ff84aab3ae6fbfa3fa05cacd5ed72d6f6e1280c83f8c98cfa3d080390529af5144f9b9576b5c955af74815e11c899452822b7b4355236388a9c7071d36a16cd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a5f59e90d10d63d9ac2db85855882bf |
| SHA1 | c0bc331d827cd2eae99146c070a5ffdcc8adf100 |
| SHA256 | 71676db40ce2f487dd027726cbe38da34f36782c76b2d5fe900fff71f669c5d0 |
| SHA512 | e155d1110721abf37fcbaf20f702809ec32e1ff487279b09bc480c96dd92b4314de8367c7aae5beb47508dedb47b4f298c4d0808ecaf5e8c1fe8123f65c2f7ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc3f82919cd0b3432bd46b7d614760b3 |
| SHA1 | eee230fd52ca5869a40b1f707dd8107dc78679c7 |
| SHA256 | abcefad0e91f85ea12b7709cf7ae6c034f41c6d593689be8045cfa0f36788b56 |
| SHA512 | 24a8a589d07fb6f8c7b3685b9aa3f23d8bb235fae835bc09c885ae665d33ca6ddc8a34365e33cb59ab9a694eed066289a160b27a9ca5a8325c336bc5988169df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f49f20b5086672e08983c83ad42c1e74 |
| SHA1 | 598ce3627aa37999d70f58ead03fe46c32a19364 |
| SHA256 | eb69548be23ec7e0d1e0d7e07e66be726f536dae06ce5ee66c86c17f771bc8e6 |
| SHA512 | f5863d8e77d86685dd4432d0c8cbdbd9167d7ea48ff7a161e0873953b08d65dba57f2d14cfa518a31d1f74106688b77e4fb934eceadedb7350dbca571106b412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d9632ca5344895a9e91f38a3c5c903b |
| SHA1 | ce0f08ec4fe0c2d2c8fff88f49cf4d91b6c06c8e |
| SHA256 | adefe408e496d20c45749636afb7de7bfa20bd8414887232c55f5aaaef72e218 |
| SHA512 | 9cc079353bc6a4411d213136272a70b236f8e468b42446da9e6f7257550328ffad3d708402fab568a7cb601cf7f07159977d0273dda97b0f6e0620972f3435c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec2656bb367a5cc9aa50c2557fe52889 |
| SHA1 | afcabd5faae1bcfb7e14aa0fe922cd971c61df8c |
| SHA256 | 23d5b3bcf73d3e0ddd0f961c8ed8fb169f257ec79c71cc512ceb109782857ce1 |
| SHA512 | cc8fc230b90f76e59ec5c42916bea423c3ab74fdf3096b9187f5a7f7254c24d585f3641f46f2324c81adddf88755afe651ff98d0618cc1edad74dba78a9beb70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e1474d7a2bb9015a9ef3b20b2694f14 |
| SHA1 | 3cfa4330473ebc914f74530604646d5a5a89198a |
| SHA256 | 68d44b632bab8888352b28ef1dae4415dfe573904e278c1736152246dce913cd |
| SHA512 | 7bd2bfa43508de2576b27950d3b2e4dbfa2046190d280df61b344603e1b7ef63b07165540e292e9ef9442223194ad958f4a04a094ded9306968b57015f918792 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a23f7bcf7e45590247d7fea2c8cba241 |
| SHA1 | 5020271b2ad1721a6c9f47051d0727bf82549926 |
| SHA256 | bf9a46b550e943034d2a4f1c5b643e9fdf6bc05e1d123564dbbd704321b2414e |
| SHA512 | d569d298883d97f708d67278dad90b3abd5495d10d4bae72048c3919cefbaa84ba71dd99821004ec846d79cc773e4a00f147207b90f6cb72c83b497923634a02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2de7564a498a67f1b05f0a1930fd2d1 |
| SHA1 | 70fad1f6b417dabed0470f2568f620d74122740d |
| SHA256 | 7d47da07904d47b64885764ea1a9db5ccba1d74748ef24ddc881ac3f256dd08a |
| SHA512 | 013e54a7c8773081d81ba91bd08fe3918e81d832bb0125bd3f22bb282c31e86ebd94a46716340c512871698fb46ae6a406bbf885d01e7b5173ecece0a0c25754 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f4f6209150950b8af658e2e6dbaeec |
| SHA1 | e1e99aa402ccd24c904a5b1b85ee27ea619adf6e |
| SHA256 | f38fcee7332028c0feee552e0fd73f616b19d98f056c25abc2c1ff58d0fc453c |
| SHA512 | 7bb1028b516769827a8106cf7ffc61cabcc6e1ed495626acdef3b3f27fde1d0570e935693cc5a46a98c1b6289bc2a87b49e534405d2498c163c4c093a0c3e779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44d8e070f1ccc8a155717a0213772fa1 |
| SHA1 | 8dc64497c721e67440f3e01d0536121c2436f0b6 |
| SHA256 | dc8a420989ba1202962444af51d78c7588b5537aab2b467e7acc30977497c6e8 |
| SHA512 | 0bc462c31da5ec2cc2e48f446af525078fb96cdb8f0cec56c7d17d4a249582bd3340ca2934319b0a08905ad1a92ef23b45de38d733617d7cb492f56f1fc49deb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3150c16366d40f46b82d2d7a169e2b4 |
| SHA1 | 40a8b423b8d3305e2c34e63192f3e93014068a42 |
| SHA256 | 33d48d8697a193cd5b234c8091c071921cc8ce3c4552cff7ebc498b956526b21 |
| SHA512 | e9de84fbc88dc2e501bf6c5c09f0c151db0ed53ffa200fd576cae4701ececc10546e9b02d08e7e46a30336392c376668debe7a9d66dd207e8b0816498f1402c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35f319fac15794d12216742d565fe1e5 |
| SHA1 | c83e12686baa55cd7700e9a4e27d3ac310c9e3a9 |
| SHA256 | 7cdb144dca814a8feb3263d4ba5325f7f179257fa30f08eddb28912b90fbfa2d |
| SHA512 | 6ce09ebfcc92dbc8a0b1c99986aeb6a57c088429f8212595b389257fe871cac405fa0a44c41656b0bd375dc067c3776cd119d7227df35f0ad6acb57e2782f600 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d35261dd5006880589eab9b017b1df9 |
| SHA1 | 7cc675b9f63812315eafb12f1c9bfbe34b1e4aa9 |
| SHA256 | 862b2c6125cec5da39dba2dd6fba8948af231f698e32e31d1294cc52b3053bc7 |
| SHA512 | bcdce899561d3b9184b81fad13f1a80fb43b9f0e1efaff2b11121bd2d74d824d32560339b17e40ec6ec6a284aec81113c1597f26503f766be037a11fc627447d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 082d95f9a49f72a8afc8fb52f9f8a66d |
| SHA1 | 82eae041898fde00bfba79f086ba205adee1636d |
| SHA256 | 995ef7a51b0655bba5eb50714f9f5cae2b17d675567058c62f9cc9e7ed60b929 |
| SHA512 | d8eadf30c23a3bcbe84813be8d557963dda228a32cccd33fac2b5f6088d0522a3cd625fd1a4875481d635e7265eee5938e3d3429526121f44232b7c8c4a68968 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d779b6c84d8a25d636b8f143f5eb2d6b |
| SHA1 | ea4cb03aa793dfecf6ca0b0295650aeede83eb08 |
| SHA256 | 9ca27a59d141c49392ebfd5b4467c057be5b164b33aa8325a7c22802ddfab128 |
| SHA512 | e2f4e8287e4bc0a710dbff75af99c1bd2f5991db01e47dc4072652ccc67ac37bc764ac596275f2fd77c21912f97e9ea839b3397aa92e6bede75e4347c786beb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 683fc8d1bbde5f8e6a9f5c2d6ac46585 |
| SHA1 | 2393288a92dd48661e7769ab2dbbb4a6b83f181a |
| SHA256 | 2135daf0b4689b271b0a1d0d586241d1584b308bc9aadb013ff2728d8eaf6f04 |
| SHA512 | 1e02f69cb8a9eaeffa0b220b92a38128bf914de050d94ae0ef83ea53f75b7338601ce8b8b24a8dbd5930cd5603c447372701b58d6d8ddae12dee600ce2742966 |