Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 22:28
Behavioral task
behavioral1
Sample
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe
-
Size
224KB
-
MD5
13b3cb819b460591c27e133e93fb8661
-
SHA1
33157a630a00078ac106f05ebd90feb1e61fb46d
-
SHA256
618a75808b11fba4d1501587f2df23c6bf4094a474497a1f15fb85bbdc6cd593
-
SHA512
d0853c6f3734ccbce7092c233c5ae582aba7ece330459b2a280199e19b7ae10fcd844307a2bb85f81b2b0d46235ca3241286740027cee157deba46b621ac43b4
-
SSDEEP
3072:j78yHpYetDrHNsbqrf29rGHWwsMr7w2nu+PpAgxs9D/sv9Z:j78yHp9rQ85RZr0ku+cD/cZ
Malware Config
Signatures
-
Drops startup file 4 IoCs
Processes:
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exenetmgr.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk netmgr.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ netmgr.exe -
Executes dropped EXE 1 IoCs
Processes:
netmgr.exepid process 5052 netmgr.exe -
Loads dropped DLL 1 IoCs
Processes:
netmgr.exepid process 5052 netmgr.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115288" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5E015990-340B-11EF-90FA-C21B8D59DC13} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "847115767" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115288" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115288" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115288" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "910240909" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426205864" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115288" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{89B8B6F3-340B-11EF-90FA-C21B8D59DC13} = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "848834725" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "911959973" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{61E852AD-340B-11EF-90FA-C21B8D59DC13} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115288" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "848834725" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B181F618-340B-11EF-90FA-C21B8D59DC13} = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
netmgr.exepid process 5052 netmgr.exe 5052 netmgr.exe 5052 netmgr.exe 5052 netmgr.exe 5052 netmgr.exe 5052 netmgr.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exeIEXPLORE.EXEIEXPLORE.EXEnetmgr.exeIEXPLORE.EXEIEXPLORE.EXEpid process 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe 1460 IEXPLORE.EXE 3684 IEXPLORE.EXE 5052 netmgr.exe 1888 IEXPLORE.EXE 5052 netmgr.exe 64 IEXPLORE.EXE -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exenetmgr.exepid process 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe 5052 netmgr.exe 5052 netmgr.exe -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEpid process 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE 4280 IEXPLORE.EXE 4280 IEXPLORE.EXE 3684 IEXPLORE.EXE 3684 IEXPLORE.EXE 4600 IEXPLORE.EXE 4600 IEXPLORE.EXE 4600 IEXPLORE.EXE 4600 IEXPLORE.EXE 1888 IEXPLORE.EXE 1888 IEXPLORE.EXE 4856 IEXPLORE.EXE 4856 IEXPLORE.EXE 4856 IEXPLORE.EXE 4856 IEXPLORE.EXE 64 IEXPLORE.EXE 64 IEXPLORE.EXE 3388 IEXPLORE.EXE 3388 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 38 IoCs
Processes:
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exenetmgr.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEdescription pid process target process PID 300 wrote to memory of 5052 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe netmgr.exe PID 300 wrote to memory of 5052 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe netmgr.exe PID 300 wrote to memory of 5052 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe netmgr.exe PID 300 wrote to memory of 4720 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe cmd.exe PID 300 wrote to memory of 4720 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe cmd.exe PID 300 wrote to memory of 4720 300 13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe cmd.exe PID 5052 wrote to memory of 1248 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 1248 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 1248 5052 netmgr.exe iexplore.exe PID 1248 wrote to memory of 1460 1248 iexplore.exe IEXPLORE.EXE PID 1248 wrote to memory of 1460 1248 iexplore.exe IEXPLORE.EXE PID 1460 wrote to memory of 4280 1460 IEXPLORE.EXE IEXPLORE.EXE PID 1460 wrote to memory of 4280 1460 IEXPLORE.EXE IEXPLORE.EXE PID 1460 wrote to memory of 4280 1460 IEXPLORE.EXE IEXPLORE.EXE PID 5052 wrote to memory of 4720 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 4720 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 4720 5052 netmgr.exe iexplore.exe PID 4720 wrote to memory of 3684 4720 iexplore.exe IEXPLORE.EXE PID 4720 wrote to memory of 3684 4720 iexplore.exe IEXPLORE.EXE PID 3684 wrote to memory of 4600 3684 IEXPLORE.EXE IEXPLORE.EXE PID 3684 wrote to memory of 4600 3684 IEXPLORE.EXE IEXPLORE.EXE PID 3684 wrote to memory of 4600 3684 IEXPLORE.EXE IEXPLORE.EXE PID 5052 wrote to memory of 3772 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 3772 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 3772 5052 netmgr.exe iexplore.exe PID 3772 wrote to memory of 1888 3772 iexplore.exe IEXPLORE.EXE PID 3772 wrote to memory of 1888 3772 iexplore.exe IEXPLORE.EXE PID 1888 wrote to memory of 4856 1888 IEXPLORE.EXE IEXPLORE.EXE PID 1888 wrote to memory of 4856 1888 IEXPLORE.EXE IEXPLORE.EXE PID 1888 wrote to memory of 4856 1888 IEXPLORE.EXE IEXPLORE.EXE PID 5052 wrote to memory of 524 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 524 5052 netmgr.exe iexplore.exe PID 5052 wrote to memory of 524 5052 netmgr.exe iexplore.exe PID 524 wrote to memory of 64 524 iexplore.exe IEXPLORE.EXE PID 524 wrote to memory of 64 524 iexplore.exe IEXPLORE.EXE PID 64 wrote to memory of 3388 64 IEXPLORE.EXE IEXPLORE.EXE PID 64 wrote to memory of 3388 64 IEXPLORE.EXE IEXPLORE.EXE PID 64 wrote to memory of 3388 64 IEXPLORE.EXE IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe"1⤵
- Drops startup file
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\netmgr.exe"C:\Users\Admin\AppData\Local\Temp\netmgr.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1460 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3684 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:17410 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:64 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4084,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD55f0847e5a15af2d7923393c3cd30c5d1
SHA1326c44f2bc29ec6578a400d6d46361efcb013540
SHA25628766e681bf500e9cddbcd3275cd898c4165354ad087c2461d9ee374a7e2221e
SHA512a83751183cd1f2ac063a0077f8edfaecda72a4649437070c83f88151c822ff42d43fb8a291c123af2598e10d15cbdc147cef353b2149baca9462fb02e3d67a06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD510cdfaf5a13511467401f163fb7c5dad
SHA168069bef7994dbaf3d890acff2868148c65195c1
SHA25618c5600cfd022d07747ec5fd03839ec882f12b0ebf318b359a6ee22d16af678c
SHA5123f9f86dcc4e18ae29339db2c49d7373e25b1f688a32262c8f541044351c1efc344afc13d16ac265ee96cb909367388e067e05590b65c5f6d82f95ae4f416ee21
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E015990-340B-11EF-90FA-C21B8D59DC13}.datFilesize
5KB
MD5ed4cb3e038f2fd12135bdcf80d481e64
SHA1641abd11c6ecd1f100d0fa77700ae529f20bbdc3
SHA256ec9e75389908043a42d818aa493c30e69732790b81bd06062f8ef532d4df6d19
SHA51239cc41aa433e9f5c33ea985475b0144d835d42732fa4445173490c8b0729161030d5bec8f2777fd1c9bc12ede0e211b96020e03270a162961af53e990878c1cd
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61E852AD-340B-11EF-90FA-C21B8D59DC13}.datFilesize
5KB
MD5f2bded359c70af197490b05015a2ff11
SHA1f684983617b0536e9fef1d22be09affbe5d7e4b7
SHA256ba7d85a9aea6caaf936d6b1588192c8da2af72005b22a527f338f32a3873f4f5
SHA5127410c7f64fadabe3a7ab1614bf0f61cf12ca9f692200a7704aef4d758fdc1ce0e9b3b4083f8b213a34fbca9550b224859318136a9830818b16d9215efdc9a925
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61E852AD-340B-11EF-90FA-C21B8D59DC13}.datFilesize
4KB
MD547c6df5d5e7b33fa6a3af33c55437449
SHA1b299f35637b703d4122d09aab13e3bc588bd51fb
SHA25689a97d5a86ff68805caa064636412b80c4b4590ca5e2c40a3b19157d37fc5d8b
SHA512a030ec4974c60e59dc8bcbc32e4c0abf0ea5a724d4214b8b480058f8d102d27e743277962bd184cf63f642c2b9c121952d0310e0f519c91fd7aa303fdee3871c
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver79CF.tmpFilesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Temp\netmgr.dllFilesize
130KB
MD53fdd7a1ac800d5f0ea46e3a5bd46a6d5
SHA13e68e322fb1eb8489fdfbfb91edc4839076d7b0a
SHA2564c84d0c716dca56e0c4b7974895e2c65672760f4dc6df77824cc23419911d993
SHA5129d249c39b48c843c489b6f03978f0b7bbb19868be1f231871b2502ee20ab2a81c8be6f9c446cdfdcbc96a2cad2526329f8636b4992b5b009499568d361f6c9c2
-
C:\Users\Admin\AppData\Local\Temp\netmgr.exeFilesize
16KB
MD56d49cdbade7541d46be3fb47a0f563bb
SHA14ccb8adcada3fa48b8241cd935db60fdf55a3704
SHA2562635a89660d6c99fa852258704e00f097f24c10343bb523f1e212dd09835459a
SHA5126cf79b4cee52db109eb45d5b3fceee832c9a5b223fe843c54aec84516dc261d1d1f5942fb3a7377b63d347e170edc5e76f542fbbe084d377cb48292410b24246
-
C:\Users\Admin\AppData\Local\Temp\perf2012.iniMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\perf2012.iniFilesize
137B
MD5f9695c9b318bf4e3416ad9a087473417
SHA1767c3076f2328313ae9b36f510b6c002d964f161
SHA256a82447489c446fedd980fd52f43c645394adcde827a9aa6b0c3530705b5e2484
SHA5120e714fb203ed606645648e7d5008bef1fdcf6b1162d154374340468fce805ab3d2d9d363416b8c64790c47b4653ccba32f58a00346542e09db3a1e909968bf13