Analysis Overview
SHA256
ed3e3dbaae5139050b8cd1cb61ecbe18a911900275692eadc384544639c6db9d
Threat Level: Likely benign
The file JaffaCakes118_4394101d29bd57686b458ce2b4cbffff was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Unsigned PE
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 20:52
Reported
2025-01-28 11:04
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{58696D3D-DD67-11EF-91C3-CAF61997B0B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "752179947" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1688e4e155de14da446578e2f62162100000000020000000000106600000001000020000000bdef4682150121ce90de1b180bed39f7c619e0c3584a051ea6535a6f0456d5c9000000000e8000000002000020000000d7e23ff8c4150dd0acd9daefb5fa2d31633bac5b222c220d836464e2d8c85888200000009118cff4268d572b7b8e96331045bd1309fddcbecd4b08408ec68b06d719fcfa40000000c0f4eddee9851aa013396538f5c96ff999292454e2bc04c9045b0d81787566bab7c8fecac2c6f3686e5b546e6d50bf291638793c33039fda7ad835c8d35845a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158644" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1688e4e155de14da446578e2f62162100000000020000000000106600000001000020000000c869c67b8dea88edbe25bbf1f088f6ae5ac95fb362c3ff440e1c767ac5ca7220000000000e800000000200002000000063c8da4c4af43d8801d7f08a8b6c5b29e8e6a3756d5849f2d05f4ed3662816e6200000006b86271918d6b1554f49d926c072cbb628c162ea7a72326ccd5edbe9a22693bf4000000046d392e43abad43d5f68b235d9b5e450b53866386ee985b91bd8cde4f517144fe371e559c6af6b4ea60fe988124ecb47324d70946db88e9e4f0ea894c118eb17 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cbab2d7471db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158644" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e49f2d7471db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "756554824" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444827115" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.system-defender.com | udp |
| US | 8.8.8.8:53 | www.system-defender.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.238.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.136.73.23.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
Files
memory/4992-0-0x0000000000500000-0x0000000000505000-memory.dmp
memory/2752-2-0x0000000000810000-0x0000000000811000-memory.dmp
memory/2752-1-0x0000000000400000-0x0000000000500000-memory.dmp
memory/2752-8-0x0000000000400000-0x0000000000500000-memory.dmp
memory/2752-9-0x0000000000500000-0x0000000000505000-memory.dmp
memory/2752-10-0x0000000000810000-0x0000000000811000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 41651a1ab559bb546da993167b959fb0 |
| SHA1 | 6d374a5c46e8446eda3b0b145a70005dc34d2408 |
| SHA256 | 444eb0c5e2a9103f477684988a0c35363b93ee215422e015fcf7fa898a749214 |
| SHA512 | 2890a47e5d02236e1b5903865b08cbca5c4cee8548081d881afbadcc3e904f907df0da0ef72644c58db7aed91f29f4a8092097c4bc9fa79d8a14512ab1cb0a91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 475c66b9af3c16540234fd08c8b64ee1 |
| SHA1 | fbf3a350a46429077838d755006c4c2f8e0aab7d |
| SHA256 | 3f31d71c018f407fc7b46a5ccd3ab6a8473359fec94505232a3d2a8c86f30e7f |
| SHA512 | fef96a645b5c74823d8ccc53069847b71437cd083851bcb11791cb7ebe4975806253abc6068d12dd5238920682304862c01ae1f4a0e0a1c2b0bd9af2e515a846 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMGLWGAG\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:52
Reported
2025-01-27 20:55
Platform
win7-20240903-en
Max time kernel
141s
Max time network
128s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c39b886350cb64d9d915c298dc7fe1f000000000200000000001066000000010000200000008c41db6ae5b8facec926ebc97ce4902b87fcf1c60327119476566af363d7d964000000000e8000000002000020000000219bbc0141e5bd882141b9ce51673492783ebbfb5504a35236b5c07f5f1a7024900000007ddfcc9fe8ab7c8b327736492d688c070acf254ff06c97b5567639a931d4554e1d07eab264a7172b3b73455bb0a04e68339863d14da3c7e4d1f1f32de8d8c480573e713f2b118ee38470741f2526ce763c1bf583a98549e568a3dbfd4983d13ed9146fae6ac10dc4dabfb5000f9949ca1bdff87811e617410976710a4a293325a6acdba17932162459e2dcd312c9418740000000c7489cb159ddf2a7e548209914d11c2df3b4ce3e246cc6da733bd08800f3fffdc8a4338a5bc88bac22108f59fa12076ac2d3f0a01b338c0fce5e8820bbef5fb5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444173016" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c39b886350cb64d9d915c298dc7fe1f00000000020000000000106600000001000020000000e6edd9e281109a110414135017049b3ae39691be84a85675a90474fbc1876444000000000e8000000002000020000000155bb96aa0147269c0b8044f857f134f73afd549a9756f419d2594add88639a7200000009c1943202c532cda94944c7f95c58fa0399757c18873c5b6eba40df35381436b4000000075e2f1110907dffe1089ba3b5e6f2fd2f1a7dbdf9ce3b26c17da7b11ab245c246f0e48c825ccdc35cbe2262fa63e2efddeb73d96ae247efa06c897984e7918ce | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b1de74fd70db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EA7BEF1-DCF0-11EF-9C44-E61828AB23DD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.system-defender.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2396-0-0x0000000000500000-0x0000000000505000-memory.dmp
memory/2524-2-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2524-1-0x0000000000400000-0x0000000000500000-memory.dmp
memory/2524-3-0x0000000000120000-0x0000000000122000-memory.dmp
memory/2524-8-0x0000000000400000-0x0000000000500000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabC0E0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC191.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0953c0189079f53f72561f30f4a96f8c |
| SHA1 | cfdd04f38b9ede53c906f5ae5d8358f5a75c3cc7 |
| SHA256 | 500ab4efe3be24a78cd422cc03b6ffff2f980d0925b62ebf8246eb67c8520766 |
| SHA512 | 874be29b13283b2f426fed966f782f06187cd57d6ffacbf48a84b369c8fdd1d116157cef014fa771446611961e16a082668b22f6f2bdd78e65c1b2cbe8155723 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d4ed21219a00a4bc39c52cc850d6cfb |
| SHA1 | d54a309feef1f94928489e2038a162182f06e422 |
| SHA256 | 1b625c3be6368df1d9ea1fd1cd7fd51ee73b97881148c3968ffcee230d6f968e |
| SHA512 | 7ec5f46cc7d3ecf8be166a60296bd7ae6c09d32e03308c2021f23989634c987d7cb0eb562ada7e7d55e7e905f1ebb8737fc57091271d07e1329c2ca8c98c4102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 520ed0bfae9e7e4ed426c48042b1fb85 |
| SHA1 | 6335a75638980870a0fa97c41dcf043b2ea95c05 |
| SHA256 | 859f6c8b4ffee921ceb2f0533f0b2cd4045f466ef6e2510d4748e1b165d14acb |
| SHA512 | f82496b4ef703ee82f853af41ab20f54af1674f42087d9a2eee4ae2cf4c956cc28a1dfadbca7c72b9780c488f1344946af3e33c2b01536836ab0dd84176f9880 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a17bb185307e6d57ecb4e493a5cf957 |
| SHA1 | 93b600671dfb05af1492e3d6929d3c91b8466404 |
| SHA256 | 6eb40f2c5f0963974841b51266c4c47da17e3db41efd24c1674c07b43406984f |
| SHA512 | 04246e80295e4bc96212bbb336e55ebd1d5b354f2356b6a623e9d9c428bffba8fb9ded1c331ab5142731963e561f79b651646fe46eeed6f54c0b5db056bfe1ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf7ea3bb5f9301abca94b42727be56d9 |
| SHA1 | 5bc53463d27d100307c86ca24918044888f775fa |
| SHA256 | ebc41642e5c78048a2ac44af53a6bd2cfa2f8155b1d98aeac077ffad78da8cc3 |
| SHA512 | 7755f574e33385562a09b81c07661ea1cb58cd09c7bc674c0f1487837ab933b3c2ae2635e309fb6d641c42d4af7aea877166cc16c45e954b55770bf94670e1e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38906017fb6bb600b619697303eb9132 |
| SHA1 | f9a5b59cdaf3c5cb1b4bce425a3fcb2e3174e5b9 |
| SHA256 | fd8b39d7a87bac2b88165ea6a709022770bb9ba02c2cd64cfe3111a8b09c7067 |
| SHA512 | 546e378da48ef303a35a4d641d23235961a3657c21ea2e768f7f52d72710e5db40d7599bb043c3aa01d0ba5bb92772430eb7ee09d3eff0d53e57990c5a77803e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e3b9409fb5c1598d70acfb6663df43b |
| SHA1 | 9fecb9e8e75b412bac60108943474e0460e9db1a |
| SHA256 | b93cbf750f9420ff0ece2b9efba52f50adaf98ed743fd689d5af8c085b31ce10 |
| SHA512 | e5811233338ff6833b4a5f9477ff0add88e73eaebe6283c2cce4db71d7618f9543d98fac9f4fadbed61a7c99fb4685812dfff6d4d96eed832607a7ace264e8e4 |
memory/2524-347-0x0000000000500000-0x0000000000505000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a6383c3544651a4df6c462f721e2cc0 |
| SHA1 | 073a77d242feda73d8de6bdf2e36e2c8570927b4 |
| SHA256 | 8e05ab779871f5aa5080d36831202ddb208365d5dca1b0512a5775afff45aa80 |
| SHA512 | 529d0d8c5f88563e1976f011349dcabccfe46d91efca1f7cc627360ca8755ab383a7a6031317ed2478b820545c48cfa96ec092d08cce147205dedfa29a4862f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66e946b409200130819889f7983f8edb |
| SHA1 | d7660a08028a3ba058e833a0db66de24f5bcd8fd |
| SHA256 | b489921e03181aa0c70e7ddfed926c30c54b3c8016ed132de5d7f5afc2cd853c |
| SHA512 | 3b015d15d1b35541f7b8b9b4930e339159280961352f7cedb9fc6d86f59619f15bf9cb218888aa340708fd56d7a9d6764262eed9f4cce2286848cb0bbd64670f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47398dcb7922c38d8a5f8b826e2c29cf |
| SHA1 | c8bd40584e970da2b6fd5d019bdab7950c25b21c |
| SHA256 | 0f3e2e699d99975e2c2e21ccdf9f1ed75ccaf4e3e3adebba852e077f2336c4e8 |
| SHA512 | 2054ffd4b92a13789d2428537a066f27ea144336add22c20c746fbc39718f688861ff3647536df01267b4422424ff7f2222274d3c72b5d11ae1ae71a337ba244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23fdb839a507ec772686714103bc1bab |
| SHA1 | ec058590d7f81f8698818867462271c27b243b01 |
| SHA256 | 3f594f02948467f72dc2269f569db055ca7cb3c693ff4c39ea862cf4c68a3197 |
| SHA512 | b985d3269bd395901eb3495adbc451e108ef32db6989051f2bc5fb97b78434c83a207902580e2da0b8f332e99d74e376e2b58686f98481007b10f9495778a4a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ade838ab1f0111e2054e74d0229a530 |
| SHA1 | cca2353d399cc3f0e0dc1fcb43b1b8eb19536fb5 |
| SHA256 | b77ddeb7899a46ebfd039a170878feac7b6687d0693df6156127fb2e324df663 |
| SHA512 | 75e4daf0dac77cb2a75988f31a4f4a8b1bfcbd0e64d324ecc04b91e1915d69f2a179fad44922265c6dd9afc7b42327edb818c68ac1a37ae4a4de079f64cc7a81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cddc15250b411e1eba484d11e8908d8 |
| SHA1 | 45aeea2641c81ede595ccac922e4828a3f93428f |
| SHA256 | 2ccde73b6e323b1f166c7577aa1989619205209894a29838c3c148107e4b6c8a |
| SHA512 | 5cae5e58b46966560dfbaaa0549cff01572a31b5c64abd51fc0ecf7cf2e22ab543f60320c938e3cfeeb9e3135b6303747309a226420e4b9feec51cd3a1fc1f8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31d09184ddc743e63102ff70645b6fcf |
| SHA1 | 6462a620265b89869f214ba5f0fa4ceb8fcb3ce1 |
| SHA256 | 15c867f3c521444a3901b80bb206ad580f9f7c51c383419217dab389709b6857 |
| SHA512 | 4d0fb60869e33f85b5a269ae248967f08155719200fe6396025280c8d8b5c288ad3b09610fb5bdd6d9c30fb1d3cd5c10c2c10a76dae3989b8686b68d300c07d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7f31fc8b9b24e1047ead63275d5b851 |
| SHA1 | b4e06d8a96993dfe9a5337d1193d21ec0de71be5 |
| SHA256 | 64d7733f9a3bc795ebf70a06581d652c148424d44c98f3a63201d838e065ef2b |
| SHA512 | 582aba93a53081b5272549c23d20ff52e7df7e38468f92b31544bf4d0a4e51b2c5425856880a52dffe9ea2a3811aa956bad1dfac28ec37fb9fb27f425234c130 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fab4ec959536d1622058b35570f7473 |
| SHA1 | 8ec1af8a1fe642e544aa3e25e88609776a38b9e4 |
| SHA256 | d1d859e33eeb2450be0f69cd6a7383d4dfc22d9120d690ca98f000aeae547ed1 |
| SHA512 | 10380de8eb8599d4207ba5ae2a0a4c896866c08ddd5ec28868a7bd324833363b946e2fccf2a0b0cb0863845077524d177a683ee3c5077f9e1dc592e43b357b35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34bef99fb7d32fdc27aa0b91f850d594 |
| SHA1 | a6749ad6f914ec193893e7d858aba039b5b82dd4 |
| SHA256 | f641b8211a8358f0b1e06fa57cd39daa5e48ad9766560c5129a1bcf5543b7b35 |
| SHA512 | a899ab24aae4b8310d38ef998b382f1034f745f641d24ffedfe2b78759cb47bd69ece56a184c7efc97c57e82ce1da44c4d5cd445f08619b8b5734ecb3d4bcb91 |