Malware Analysis Report

2025-08-10 22:42

Sample ID 250127-znybpswjdj
Target JaffaCakes118_4394101d29bd57686b458ce2b4cbffff
SHA256 ed3e3dbaae5139050b8cd1cb61ecbe18a911900275692eadc384544639c6db9d
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

ed3e3dbaae5139050b8cd1cb61ecbe18a911900275692eadc384544639c6db9d

Threat Level: Likely benign

The file JaffaCakes118_4394101d29bd57686b458ce2b4cbffff was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 20:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 20:52

Reported

2025-01-28 11:04

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\ielowutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{58696D3D-DD67-11EF-91C3-CAF61997B0B0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "752179947" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1688e4e155de14da446578e2f62162100000000020000000000106600000001000020000000bdef4682150121ce90de1b180bed39f7c619e0c3584a051ea6535a6f0456d5c9000000000e8000000002000020000000d7e23ff8c4150dd0acd9daefb5fa2d31633bac5b222c220d836464e2d8c85888200000009118cff4268d572b7b8e96331045bd1309fddcbecd4b08408ec68b06d719fcfa40000000c0f4eddee9851aa013396538f5c96ff999292454e2bc04c9045b0d81787566bab7c8fecac2c6f3686e5b546e6d50bf291638793c33039fda7ad835c8d35845a5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158644" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1688e4e155de14da446578e2f62162100000000020000000000106600000001000020000000c869c67b8dea88edbe25bbf1f088f6ae5ac95fb362c3ff440e1c767ac5ca7220000000000e800000000200002000000063c8da4c4af43d8801d7f08a8b6c5b29e8e6a3756d5849f2d05f4ed3662816e6200000006b86271918d6b1554f49d926c072cbb628c162ea7a72326ccd5edbe9a22693bf4000000046d392e43abad43d5f68b235d9b5e450b53866386ee985b91bd8cde4f517144fe371e559c6af6b4ea60fe988124ecb47324d70946db88e9e4f0ea894c118eb17 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cbab2d7471db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158644" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e49f2d7471db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "756554824" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444827115" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.system-defender.com udp
US 8.8.8.8:53 www.system-defender.com udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 88.238.56.23.in-addr.arpa udp
US 8.8.8.8:53 112.136.73.23.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp

Files

memory/4992-0-0x0000000000500000-0x0000000000505000-memory.dmp

memory/2752-2-0x0000000000810000-0x0000000000811000-memory.dmp

memory/2752-1-0x0000000000400000-0x0000000000500000-memory.dmp

memory/2752-8-0x0000000000400000-0x0000000000500000-memory.dmp

memory/2752-9-0x0000000000500000-0x0000000000505000-memory.dmp

memory/2752-10-0x0000000000810000-0x0000000000811000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 41651a1ab559bb546da993167b959fb0
SHA1 6d374a5c46e8446eda3b0b145a70005dc34d2408
SHA256 444eb0c5e2a9103f477684988a0c35363b93ee215422e015fcf7fa898a749214
SHA512 2890a47e5d02236e1b5903865b08cbca5c4cee8548081d881afbadcc3e904f907df0da0ef72644c58db7aed91f29f4a8092097c4bc9fa79d8a14512ab1cb0a91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 475c66b9af3c16540234fd08c8b64ee1
SHA1 fbf3a350a46429077838d755006c4c2f8e0aab7d
SHA256 3f31d71c018f407fc7b46a5ccd3ab6a8473359fec94505232a3d2a8c86f30e7f
SHA512 fef96a645b5c74823d8ccc53069847b71437cd083851bcb11791cb7ebe4975806253abc6068d12dd5238920682304862c01ae1f4a0e0a1c2b0bd9af2e515a846

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMGLWGAG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 20:52

Reported

2025-01-27 20:55

Platform

win7-20240903-en

Max time kernel

141s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c39b886350cb64d9d915c298dc7fe1f000000000200000000001066000000010000200000008c41db6ae5b8facec926ebc97ce4902b87fcf1c60327119476566af363d7d964000000000e8000000002000020000000219bbc0141e5bd882141b9ce51673492783ebbfb5504a35236b5c07f5f1a7024900000007ddfcc9fe8ab7c8b327736492d688c070acf254ff06c97b5567639a931d4554e1d07eab264a7172b3b73455bb0a04e68339863d14da3c7e4d1f1f32de8d8c480573e713f2b118ee38470741f2526ce763c1bf583a98549e568a3dbfd4983d13ed9146fae6ac10dc4dabfb5000f9949ca1bdff87811e617410976710a4a293325a6acdba17932162459e2dcd312c9418740000000c7489cb159ddf2a7e548209914d11c2df3b4ce3e246cc6da733bd08800f3fffdc8a4338a5bc88bac22108f59fa12076ac2d3f0a01b338c0fce5e8820bbef5fb5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444173016" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c39b886350cb64d9d915c298dc7fe1f00000000020000000000106600000001000020000000e6edd9e281109a110414135017049b3ae39691be84a85675a90474fbc1876444000000000e8000000002000020000000155bb96aa0147269c0b8044f857f134f73afd549a9756f419d2594add88639a7200000009c1943202c532cda94944c7f95c58fa0399757c18873c5b6eba40df35381436b4000000075e2f1110907dffe1089ba3b5e6f2fd2f1a7dbdf9ce3b26c17da7b11ab245c246f0e48c825ccdc35cbe2262fa63e2efddeb73d96ae247efa06c897984e7918ce C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b1de74fd70db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EA7BEF1-DCF0-11EF-9C44-E61828AB23DD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.system-defender.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2396-0-0x0000000000500000-0x0000000000505000-memory.dmp

memory/2524-2-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2524-1-0x0000000000400000-0x0000000000500000-memory.dmp

memory/2524-3-0x0000000000120000-0x0000000000122000-memory.dmp

memory/2524-8-0x0000000000400000-0x0000000000500000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabC0E0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC191.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0953c0189079f53f72561f30f4a96f8c
SHA1 cfdd04f38b9ede53c906f5ae5d8358f5a75c3cc7
SHA256 500ab4efe3be24a78cd422cc03b6ffff2f980d0925b62ebf8246eb67c8520766
SHA512 874be29b13283b2f426fed966f782f06187cd57d6ffacbf48a84b369c8fdd1d116157cef014fa771446611961e16a082668b22f6f2bdd78e65c1b2cbe8155723

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d4ed21219a00a4bc39c52cc850d6cfb
SHA1 d54a309feef1f94928489e2038a162182f06e422
SHA256 1b625c3be6368df1d9ea1fd1cd7fd51ee73b97881148c3968ffcee230d6f968e
SHA512 7ec5f46cc7d3ecf8be166a60296bd7ae6c09d32e03308c2021f23989634c987d7cb0eb562ada7e7d55e7e905f1ebb8737fc57091271d07e1329c2ca8c98c4102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 520ed0bfae9e7e4ed426c48042b1fb85
SHA1 6335a75638980870a0fa97c41dcf043b2ea95c05
SHA256 859f6c8b4ffee921ceb2f0533f0b2cd4045f466ef6e2510d4748e1b165d14acb
SHA512 f82496b4ef703ee82f853af41ab20f54af1674f42087d9a2eee4ae2cf4c956cc28a1dfadbca7c72b9780c488f1344946af3e33c2b01536836ab0dd84176f9880

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a17bb185307e6d57ecb4e493a5cf957
SHA1 93b600671dfb05af1492e3d6929d3c91b8466404
SHA256 6eb40f2c5f0963974841b51266c4c47da17e3db41efd24c1674c07b43406984f
SHA512 04246e80295e4bc96212bbb336e55ebd1d5b354f2356b6a623e9d9c428bffba8fb9ded1c331ab5142731963e561f79b651646fe46eeed6f54c0b5db056bfe1ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf7ea3bb5f9301abca94b42727be56d9
SHA1 5bc53463d27d100307c86ca24918044888f775fa
SHA256 ebc41642e5c78048a2ac44af53a6bd2cfa2f8155b1d98aeac077ffad78da8cc3
SHA512 7755f574e33385562a09b81c07661ea1cb58cd09c7bc674c0f1487837ab933b3c2ae2635e309fb6d641c42d4af7aea877166cc16c45e954b55770bf94670e1e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38906017fb6bb600b619697303eb9132
SHA1 f9a5b59cdaf3c5cb1b4bce425a3fcb2e3174e5b9
SHA256 fd8b39d7a87bac2b88165ea6a709022770bb9ba02c2cd64cfe3111a8b09c7067
SHA512 546e378da48ef303a35a4d641d23235961a3657c21ea2e768f7f52d72710e5db40d7599bb043c3aa01d0ba5bb92772430eb7ee09d3eff0d53e57990c5a77803e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e3b9409fb5c1598d70acfb6663df43b
SHA1 9fecb9e8e75b412bac60108943474e0460e9db1a
SHA256 b93cbf750f9420ff0ece2b9efba52f50adaf98ed743fd689d5af8c085b31ce10
SHA512 e5811233338ff6833b4a5f9477ff0add88e73eaebe6283c2cce4db71d7618f9543d98fac9f4fadbed61a7c99fb4685812dfff6d4d96eed832607a7ace264e8e4

memory/2524-347-0x0000000000500000-0x0000000000505000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a6383c3544651a4df6c462f721e2cc0
SHA1 073a77d242feda73d8de6bdf2e36e2c8570927b4
SHA256 8e05ab779871f5aa5080d36831202ddb208365d5dca1b0512a5775afff45aa80
SHA512 529d0d8c5f88563e1976f011349dcabccfe46d91efca1f7cc627360ca8755ab383a7a6031317ed2478b820545c48cfa96ec092d08cce147205dedfa29a4862f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66e946b409200130819889f7983f8edb
SHA1 d7660a08028a3ba058e833a0db66de24f5bcd8fd
SHA256 b489921e03181aa0c70e7ddfed926c30c54b3c8016ed132de5d7f5afc2cd853c
SHA512 3b015d15d1b35541f7b8b9b4930e339159280961352f7cedb9fc6d86f59619f15bf9cb218888aa340708fd56d7a9d6764262eed9f4cce2286848cb0bbd64670f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47398dcb7922c38d8a5f8b826e2c29cf
SHA1 c8bd40584e970da2b6fd5d019bdab7950c25b21c
SHA256 0f3e2e699d99975e2c2e21ccdf9f1ed75ccaf4e3e3adebba852e077f2336c4e8
SHA512 2054ffd4b92a13789d2428537a066f27ea144336add22c20c746fbc39718f688861ff3647536df01267b4422424ff7f2222274d3c72b5d11ae1ae71a337ba244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23fdb839a507ec772686714103bc1bab
SHA1 ec058590d7f81f8698818867462271c27b243b01
SHA256 3f594f02948467f72dc2269f569db055ca7cb3c693ff4c39ea862cf4c68a3197
SHA512 b985d3269bd395901eb3495adbc451e108ef32db6989051f2bc5fb97b78434c83a207902580e2da0b8f332e99d74e376e2b58686f98481007b10f9495778a4a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ade838ab1f0111e2054e74d0229a530
SHA1 cca2353d399cc3f0e0dc1fcb43b1b8eb19536fb5
SHA256 b77ddeb7899a46ebfd039a170878feac7b6687d0693df6156127fb2e324df663
SHA512 75e4daf0dac77cb2a75988f31a4f4a8b1bfcbd0e64d324ecc04b91e1915d69f2a179fad44922265c6dd9afc7b42327edb818c68ac1a37ae4a4de079f64cc7a81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cddc15250b411e1eba484d11e8908d8
SHA1 45aeea2641c81ede595ccac922e4828a3f93428f
SHA256 2ccde73b6e323b1f166c7577aa1989619205209894a29838c3c148107e4b6c8a
SHA512 5cae5e58b46966560dfbaaa0549cff01572a31b5c64abd51fc0ecf7cf2e22ab543f60320c938e3cfeeb9e3135b6303747309a226420e4b9feec51cd3a1fc1f8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31d09184ddc743e63102ff70645b6fcf
SHA1 6462a620265b89869f214ba5f0fa4ceb8fcb3ce1
SHA256 15c867f3c521444a3901b80bb206ad580f9f7c51c383419217dab389709b6857
SHA512 4d0fb60869e33f85b5a269ae248967f08155719200fe6396025280c8d8b5c288ad3b09610fb5bdd6d9c30fb1d3cd5c10c2c10a76dae3989b8686b68d300c07d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7f31fc8b9b24e1047ead63275d5b851
SHA1 b4e06d8a96993dfe9a5337d1193d21ec0de71be5
SHA256 64d7733f9a3bc795ebf70a06581d652c148424d44c98f3a63201d838e065ef2b
SHA512 582aba93a53081b5272549c23d20ff52e7df7e38468f92b31544bf4d0a4e51b2c5425856880a52dffe9ea2a3811aa956bad1dfac28ec37fb9fb27f425234c130

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fab4ec959536d1622058b35570f7473
SHA1 8ec1af8a1fe642e544aa3e25e88609776a38b9e4
SHA256 d1d859e33eeb2450be0f69cd6a7383d4dfc22d9120d690ca98f000aeae547ed1
SHA512 10380de8eb8599d4207ba5ae2a0a4c896866c08ddd5ec28868a7bd324833363b946e2fccf2a0b0cb0863845077524d177a683ee3c5077f9e1dc592e43b357b35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34bef99fb7d32fdc27aa0b91f850d594
SHA1 a6749ad6f914ec193893e7d858aba039b5b82dd4
SHA256 f641b8211a8358f0b1e06fa57cd39daa5e48ad9766560c5129a1bcf5543b7b35
SHA512 a899ab24aae4b8310d38ef998b382f1034f745f641d24ffedfe2b78759cb47bd69ece56a184c7efc97c57e82ce1da44c4d5cd445f08619b8b5734ecb3d4bcb91