Malware Analysis Report

2025-08-05 15:45

Sample ID 240527-xtbc1see4s
Target 7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118
SHA256 d6a7eb1637e40aedb3d30ebea7a1d42f37337113f353b14921e206c487819604
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d6a7eb1637e40aedb3d30ebea7a1d42f37337113f353b14921e206c487819604

Threat Level: No (potentially) malicious behavior was detected

The file 7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 19:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 19:08

Reported

2024-05-27 19:10

Platform

win7-20240215-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7982D8D1-1C5C-11EF-A596-F62ADD16694A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbc55bc36a01d54aab9d4edb0f47d30b00000000020000000000106600000001000020000000d1f03a25ddd5b3f108e7acd647fb0646d4685770ac867ada856a0295fda50acb000000000e80000000020000200000000acae0955780dbde99a86a0e8aeda0dbb601cfa31c948708dd23d606b1d99c869000000061b06eaef7f0ec1e6bcd870798b63063915f94fd12eb6c4b9e28eb38b44755fc20f13c3c4e9395c3e559846f97d48a96d1fdff86f2765b254cc0a49356d84d236e768fe638600414f23e0142e7dc643b0fdec503d68ba374603b5950f910fd98a53e93c755c89833e4f6b4348a5c0e7352798b631f669d78188d6074c1a45b1e55e199ddd9e90e539629de11e1c9d8cc400000008c7ce82f9a641ac3733783d2bb5a922b7c71410ff94855121f43a10d99031db3b7ebb447edaea9b792fc41dd41fdf383cf7f30f3f2caa66b59cdb5fd6bfa7dbb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbc55bc36a01d54aab9d4edb0f47d30b0000000002000000000010660000000100002000000094b18cec2038f9c18f57b4a46d27ae43655188e862c65df76072ed6cdcb1e0be000000000e800000000200002000000027213234317d1e3575f8120038f555a327dfd3b18a5b139c4358bbc5b5c8ff9b2000000012a97ce5f03f641ad52b99106e9a59a19179cc4c5b0d3d4e3e782ec2f09a7ffc40000000bb6ad1969dfbb5382531e5eac3f2b6628a9f481d9fbfeff378634194abf4515a089eda75f903ff116fe2dff74c2febcc191a9f5b0b8c10420cee2d39f738b8e1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603e136769b0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998764" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 90.156.132.125:80 masterhost.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 90.156.132.125:443 masterhost.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabBE5.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarC28.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76bcadf580f1060b5839289e7af12a74
SHA1 7a6b75dab2acda7282a21d006aee563383ccfa37
SHA256 fad6ec83f7b34ee7f36bd3d9dc7f3f74ae093e66503d1a5982a887081dc54217
SHA512 0787d42ff5016570d58c2c7acf80d06cb93d4ec70a19560546cef90f6c39d00efd3cbe1e4cf3f4e8614832f76258fe75d98b2f52621010ae5b75ac85cfbc499f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edb478cab001c1582100f35c67d099b3
SHA1 0b4a63aaed2eb5dbf2b34dfb516e8c03fb53bd7a
SHA256 274e631b9d0e3036d08915f1a37bfce4fdf181dd7c3f588c188f1ff826c41340
SHA512 32c946b1fa86fc21858c79a59780c9b401edc81548e6a251cc49fd2d198ff4689999de413b40be0b380da2eb0772ceced815fe36d4d8fb83b976f6afcfb27a8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df705bd5b75422e6b5fd4b5f17f12d61
SHA1 3d34b401656d0136101ee18b753f3aa4eebcaa50
SHA256 cd3e424faca01404578c2fd1980d64af05aa7eaf3834b526bfe2bea7c03b7ac7
SHA512 36579287e926064488fa14ccf94f3d943a439682ecb52fda3aa4d47b053118605b042e8643671fc171a03b506f52e74211ff8282ba3254a0712fd133a5451e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 777be0066ace25136995b106c78056e4
SHA1 11383e53e58fd9595329b209ac0d8e9e8deadeb8
SHA256 467b679355e3c699e3416036f334aa98f1c201f1a114a321e01540bf966f5545
SHA512 a6057a200fd78d6e91217962932c9fe04bc172fdb968757f50f7889c79dbef5d0eee8730cb09e60f08bf8fd2c81a1f07c98fcd3cb93ce20ab02a0f17b21340a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7ac1aa841b0978b747a4f015b159c9
SHA1 3389e2f1788bd70e3eec344c2ac4e012e5d0b18e
SHA256 1cade54bbd2f5c29897fb95106cf2c2d36d9d6c411bbac3e94fbfc97ab63beb6
SHA512 61c4bf9f91f29ee79217e24918d6536f8576699514c837b11c1fb1127542ffd4d492a65568e316ac5b45ec5b94d266a258e773139860b7625bacd2d5b6721016

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2be86af3dcd8cf2116da56625e745bf8
SHA1 325cefacd1b5aa179451edc490830e72968e22d5
SHA256 0296f222f322041a5b164e4d25888c39b5dd03e7f6724dd36386d3bae9b6ef65
SHA512 5bb090cd1e9cd4c793b0b94d68aafff2dde50a392bd0a12a39f73d9f92cc2183aba9d6a2349d2c34f20346c38306772e9713f2b62a5b217a43210b9185398dc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4f0ee605603d8d82b45c71d5b3e36b5
SHA1 fc7889c28c9c1b32c53d873d043e3f5cedd27792
SHA256 88a01826d24604aeb26be3ca7a1c04c50e8c39b3e478233a825e5bb6c3809505
SHA512 76de3b9ef2e0d42f1f78972b6a07a0043e0bf5ce07c55ab7fbecfd57b7cd5715709353ebfbfd649a2ca88e1e25840aa3110b956fa2d35fdf053279f418131bb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba0870a8942385c347207c0c49895ad5
SHA1 88a9c66b0a75f7c1c418335cfe0d4dba56cad149
SHA256 e669f1d411e8fc7defd25913e112c47b8022f525b9ffaffb1c05497687b2cc64
SHA512 be9f8feb1f48b0b1aa70ae12846831a68bc44fc583936f2bfa4751b523c39e0e2a526bfb6df20cad948acd0df0e03dc79ad2b4ecf1920dcd2de5aaca4986151a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdf211ff78a86dd713cf73eedc90dc86
SHA1 94e7dcffa2c2acc283c48882e5f296abebcc5ae4
SHA256 24b5900988e66ad7584c49f0de0b2392874388feabcef7e74eaeb2d38b6d8ebf
SHA512 1d3becd7fdc6329b35639ba42f4f1e685ffed5e5b3621327f640d9a04e341fdf406ee9a2fa0797dd137328c3d91307f966f5617b849da5f8c5792fefeeab22b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d10128ad9caa5ed90285302cfb4f0f65
SHA1 60fb15951ac753d1b99574646419dff639dfcacf
SHA256 a40eeaa08cdafa8484e01f323203a1dd82ed4408b55652a9685d32a34e3c634f
SHA512 d72b42cbf97412a52a237f68f8fbe063dfd1c433b11bb71db246961aa790482c35882b763ba809b456533e0c55cb5e71144855e04ce39a7fc3640a035ecf9e4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7fe949d779ab203ab55c7d3c9d6f581e
SHA1 fcc090e5c4b3a7ad83e6f5c149db3cee359e8b98
SHA256 88af8906a4b002a6a8a4fbeac940f0c5947c41807284810fe78d9ab7c7941bc4
SHA512 03a7760d0e027ab51fa83437c0c94c8804e7d16c8a889eff78ef4146c510f3f63823881f2881ca70a0ce7f03f3c26b05a1b7cb69ca823fde358eca6274dbdc17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f1d0146ff9095c887cd42032e94f7b4
SHA1 b3199fc2352eb022148122a8daa2e63ffd20aba3
SHA256 a91636f9ba424a8e78777819d0e7c4d8b36d0b2f798e070f908b93d076ed670a
SHA512 2b735bf72395e3651d9703df9dfe728460c80fb679f63a61d3d1bc386cf76a0ce0769c46898efc8e1d65fb26b08275e1afe4f1a1ef750cf93a9b13c83a5989f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcf980b308f1bc99c872da0fa1e4d5c9
SHA1 8b697ea9666745ab2ab27adbc0405bebf51c4b36
SHA256 f873643119e2b4c4eceb70a8442d09d3b7b7ae459daa9fc4b187921656413685
SHA512 1aaf469c04c16f382c3b1e62ddf08ad288a0ebdf112e768a4821b0e9a87e07caa7f426221c309b233c7d14768b232e9e999189c1049e5fb399d0367b08111837

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ee249f66e3c4d09defb7994b6bafac
SHA1 5fbb8e5788ebe17311f1b66bf675d595182ea391
SHA256 da41545cd6d11efef17ab22cc1ea6d29b9be51887e409bfa2ca05ffa9dd581f9
SHA512 974fca2f03a2f5ea1591443da7023fbc9689666ebd5a3e4d7b28107d18c01c664bb90b7135e0cc5f69b21bbde0c09316b0cfe91d247b9c65aeb279d948e24fd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05efb4fd8ec3063b7be564250decb71b
SHA1 fd662f3ba4f65a61c23d1fd69047748ca5ca27a3
SHA256 e2f87a34bc77ffce3ee4c04749426dcf6ed9231a7217d1720ceeeb3ca7311433
SHA512 7f7779c30723bf3b205d5a9c98df1e597192e231030afbaacc98f692831db0484e2ae04bc1035ec88fbcdfd37d38b7b2e9159dcc51518323c795515eca6b5abd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e1d45a5c0aa5aa17665ef2b31a7aab6
SHA1 b152117bd3f6144b93ebcb116fe9715e6932a010
SHA256 738d32f612f54fa6622ff4ee23bae9b749efbea82aaddc0e8860e5b6fb1efab6
SHA512 c75ce44959d352b3dad2450705e2ffe25d211e00aa569b710d060414d05efb33c5977920177035f46f54dbf81c711718418b5f0cf5de0c4a3b9e3a6f37259608

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a25727a5a9f58d36fa39d0301a963985
SHA1 1ed7f8dba482b2531104fc5e23117230fbf6127e
SHA256 1174a5bdec0fafc65534456097c2d0e2b1063245a5003e1c8ed5045dfc098b4f
SHA512 8d94edb6c43d361803d1db1b5803fdecc07aea7ab2c6e57f4ab6efea4bb195cdb26e378abae806f7a75ee60889f53890d2602c50794942055f4d313264c956a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a53b3971edc8caf3648bb925a8c08ba0
SHA1 03cf12efbf385b4a60de9900e60a1e2cca241aee
SHA256 dd8e205aab4c70d4b44b4531ff3ca8dafb149c04d3810a160d35bd763fbd9b1e
SHA512 d92198680737cd44a9d36a75c8015497746f35a234a0826dac4a18da2bdf7cffe43817fe448d205a9338ee47734aa242d7c93c09702714d22ec474cb8b61d21d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 445d08a1946b90da475511e9b2365c8a
SHA1 6ecb39abb913cec24ff686fd887050a84e0f9ce7
SHA256 4bea1df14186be233da617422443139848ba1ba8789d44cec8dc7139855a95a4
SHA512 9472eefe243390b534e21a802805656a16fcbea6412a2439155dc4fb702bb6eab185c45e4d67a2fa652e320c3a02030d8355b52df3b4d19528bd42358851c2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31480fb458016930ec42d957d6cec9c9
SHA1 cb8302448529d10b6a37252e698600ae889beaa4
SHA256 b16f9f9391ed7ea295b63929c2fd8cbcf8d0af4c871c881d1af55742e76af874
SHA512 85612e5d164132eca2ea5bdf53811caf018eb713d9a3e5eda2aa17a4500dce1d4166d6a64c20386808d3d37f4b71383b8350786f33ae9e14ba511e932b034113

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a0feea6423fe2dd1c8542adccfd6a5
SHA1 deb745dcedf5557403cdb3697b8c82495b98f9a0
SHA256 f9174c59f27852c2b08084935aeb95cc481cb2402055aef11480c6eecb10c236
SHA512 45c781e47220684567657ca84807319ae3efdcaa531c6349918d3efb366d44dc88f685d3ce3c1a935f2587aa550e22d3cedf203863b8312b55d814955c8981bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e7e4d3d7049ec0c48d74f9d7ae65f82
SHA1 e506bbdeeadbd9d2a628544790b7e8c149a05120
SHA256 ec75dff01c0833b433ca0d4ee38e75a6a99e6da1d2df9bdbbc7121f9d091d96b
SHA512 9c39a2501af8af80fabf1afc48e07a30ed7b8712646f852db8d2abba3c2163f9d631dfd5c7d3198bd18e03f9089cce0670eda2cc2085fb823c0dd8d693159f4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38422d949a0e4abc037d3ed7189e3acd
SHA1 ea2410e81074ae4424094911b3c393d62aa774a3
SHA256 763f8461cc7640d7a320c6252a838c99b29173a16867114be28550b38dc5a670
SHA512 d1d5eafa3776951597a1a4bfd5f5bbfc52a05ed92a4f8efe15f9fca7f78b40ffdde4a8419eba7208812f3be9c8c72c61d97de1b389698ba7bd0c169ebca5bb3c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 19:08

Reported

2024-05-27 19:10

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4792 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 2564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd8146f8,0x7ffddd814708,0x7ffddd814718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 ads.serveuser.com udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 masterhost.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 bs.yandex.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 90.156.132.125:80 masterhost.ru tcp
RU 213.180.193.90:445 bs.yandex.ru tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
RU 90.156.132.125:443 masterhost.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
RU 93.158.134.90:445 bs.yandex.ru tcp
RU 87.250.250.90:445 bs.yandex.ru tcp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 77.88.21.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 bs.yandex.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:445 mc.yandex.ru tcp
RU 93.158.134.119:445 mc.yandex.ru tcp
RU 77.88.21.119:445 mc.yandex.ru tcp
RU 87.250.251.119:445 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecdc2754d7d2ae862272153aa9b9ca6e
SHA1 c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256 a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512 cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

\??\pipe\LOCAL\crashpad_4792_HSARVVTQRBEDQHDS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2daa93382bba07cbc40af372d30ec576
SHA1 c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA256 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA512 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9251c8eb9ce47beb8fa51fee0d011c1b
SHA1 7bd2246f0bd053b936bd800b442edea798e434f0
SHA256 006977b29f10fff1dfc7f443e68396d81d8ea22cf79f1276ab72a232568a318c
SHA512 2a6fa86f0999c90c6029fe07540418f7bec09a25ad450775e66778811c10b7dae5eb0f226599ae53164bea4951d29e374edb70dddc80d12787a4118a5eca9744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b7f5b93fe9b08464fb03009c0ec6bf8
SHA1 b46f53c9218cc971725cb51efce88fdc145c5b6e
SHA256 5c900c2d2a3e7b155ce7d02e7453a7629a576a6a94074eced6aba21e62a46d22
SHA512 7acf64c10d5a46ca9e8e12591d1f58ab3aab27b82702543095a24a0b0ca16d4e4856babff4ace67d6da29db90093d66f4a0e00181b21608a5efd00fe25e6817b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ccd3fa2e5804f5128fc60830487451b
SHA1 557d1cbfd350d766f8efbec5aeda2a4c3817bafc
SHA256 de354e2f54dfb4cce68640f395a47856293bb1999a4509c2a81e9962114daa03
SHA512 4613beaf99fa61bec298d78d331a9370b04bba3496c6b078035ccb39011e201d5da8f96918cdf811ed4eb00ed9be29bc7f0fdaf92a9446eab1794d4ee7006dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57f8b1ac98b7f5bd734bc61b63cecd27
SHA1 c1784c175a7180832d3a09ab347ed4a00dab82d7
SHA256 e5884ca7e48be782da680a1752f87dc16074906cba87c90f6f378c9dd71fb869
SHA512 90c223ddfbbe5efd60896e1f8d8e54f3c187a4d20655d134d7bafe8343ae86c62167b26c37b93343faac3c1a311557900ee54ccd46880b1df2ec734003070b13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 84b28e8ffed9fa0b8f6a91b5b31b308d
SHA1 efaf4dff37c34966c481eef0caf7dacee9e2a78c
SHA256 cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c
SHA512 a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9