Malware Analysis Report

2025-08-05 15:52

Sample ID 240529-ka38gage3x
Target 8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118
SHA256 4078a5f0a34f5d9b7839ff5aa1f6785e90966c5f526395b7b1366747cc3b73dd
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4078a5f0a34f5d9b7839ff5aa1f6785e90966c5f526395b7b1366747cc3b73dd

Threat Level: No (potentially) malicious behavior was detected

The file 8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 08:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 08:24

Reported

2024-05-29 08:27

Platform

win7-20240419-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7D19C71-1D94-11EF-AB95-422D877631E1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423132953" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 anabeautyacademy.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
VN 118.69.80.52:443 anabeautyacademy.com tcp
VN 118.69.80.52:443 anabeautyacademy.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
VN 118.69.80.52:443 anabeautyacademy.com tcp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
VN 118.69.80.52:443 anabeautyacademy.com tcp
VN 118.69.80.52:443 anabeautyacademy.com tcp
VN 118.69.80.52:443 anabeautyacademy.com tcp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8C9.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ebda14adbeb059066b8d90258a57af52
SHA1 d6f15cf100e1475316756bdbd45f7d263a5c44ec
SHA256 35c413b88052c4c4c573d2a73f897e96c53d1f5516131924b854c6fcdffdfb3c
SHA512 9fb59c377ce33466088fb831f6295e1e4fba192b673288fec3ba9c735e96ee10e257764c43f46dba1da4762da90b76c88f8cf957ddcfcfa028e3199b7add1ed4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9a6ce2d8d958f97f33e4c90383555b0
SHA1 1dfc439a009c45eb482547d65aeee88675679279
SHA256 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03
SHA512 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar97C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c292448f68064b5a212a2b1be2e5d2c3
SHA1 92884244f1af2648097bec8fadefab4da22baef6
SHA256 3f49d42c65f91c99bbcbd7f5315433e6358a51ed388c6d8830217c349dfc5b2b
SHA512 cd951b9671fca21300b67b42951e2aa26c32bc648f6c7bd06551307e725cbc652e40eb6e46d7a62889b2f1cdf5dc167dc3c9ae3a9c930d09d223a5d9ccd45db1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7525378f0307e7feb1d83a549e00912c
SHA1 d98629c754886775cb67cc868a8d34c72c3cb45b
SHA256 b771f16460d8a7722766075ca5094bee875c81ad54b4693560f2041f21969e97
SHA512 f3c3c631b0594a216f29b9d7be03fa8f509f5d4305bfdb2be8ffe11cbeaa55375791d186c7d2e9f6c11c0014bc346056b27573d6b711c064ec30bce488718244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83b16554be3b8fb2ed289e809f3b71f8
SHA1 2cb6349302f8e6b7b5c3e74e17d5e62c3d8fdc49
SHA256 d98d555e5eee3c8b564656fefd0d6da574b964f12cd658449f8dc0a5ec37abb9
SHA512 65fc1acc4d83ad580c329ca19a4fb4c85c686c117e60dd20b55ce8651904496a47fbdc5f12b4765ce2a7b106e835478c46090b72f46756c8493a3a81c83f50d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5E837F14F794F662B73472787AF632F0

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb0874bb85f61186d83d77788eb09f05
SHA1 9893a2c10e47fabbe9ed46884a5aa1d69389adce
SHA256 16b2b6d3558f13832f8a6a5a323b5615c8e365765428864cfc3a6a7c887b2fd8
SHA512 4c271156e1e218d4b6e5bce854bf87b768a1e6b64dee691ff451fa06a2fab4be41bd82d1578e4c4990c08ed46ef34d4006d1f1a8c331a1487b677da597f83658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b115dda6e6e9ba8db40336bdcdb8ae4a
SHA1 e2a3b38a6ecbb6a561de29e5a9713d261b96b8a0
SHA256 4f34cb4aee04f24227dca2ae639f53e31f7b22d0d31873999cae5781172f8510
SHA512 7f5a550761378e58a558badc33af625aedd50f6d068c7da7ea6f30273c22f4b26ed1aeb571d43fa40d0bc1fad9ae3dbd58c8c26cce0e39ce44a926df3560f626

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5E837F14F794F662B73472787AF632F0

MD5 66e9eeb9701af6ba2e8ec0191d432638
SHA1 1227e7d1a1d9a2cc5a47c1534d6496d2fe1735c5
SHA256 a7f0a5b2d0c4fc2e49baa13b6eec1ce020b18f33b50f70b9f1d922a9280f0ee8
SHA512 c9648a07ef720ebe31ee4bdb75a0923a77051b65e5bc6cbc4359d174299bcc8c89ba93c66eed64843f4d4496c74ee980f8d3ed57d5e8825d2c408273e2c4b872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 138fdfab134519eb2257114657c6396f
SHA1 33577510974b156503809d0a8e8c650265276966
SHA256 b316090a433e9bc0b2d40f7310cfcfabec85f251ff21c1733e3a02f54fe877ec
SHA512 af0b283e8e28080f1b3094383083517243a1b5c6e9471390bdb3aadc7a235600db660a3672a14f3c3408cdc61eae4129f30b0573d7b9f74b66ff36ef87504750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5f07de69d53307b29286c9c63557d7d
SHA1 c78639e55548469878b9f16ec3eea320dbb8c50c
SHA256 62b78c49e4a2af33576d9c69f774b8f93c58cbc38605eeca185c67abe03c6603
SHA512 26f2df9cbad40ec71f7f9e52600484cc752428bb973fee568b9f2f74d86466ccfc3d20397e9e1fb6f4e9a20a5bf6be7d19554153f0141af0297d684753fea69d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0529fae39e80d4b4445eac86fa2ea611
SHA1 094c386c046dd2f876b37e1fe8790d03be65ffdf
SHA256 76924e4e18c061fe96c31ca07c2eed3ff23bd1f98f908483e9cd135fb27f9826
SHA512 76eecca67b27888a89f8065b4ad5e503db04030bc966918729006fe989ac1f5316f513c73eb39f9952c9891a28e90d16964f8997a95d419df1d38a3c7f219919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7fb6f7fc71ae11495b61974e9ea22741
SHA1 b0baf9b3f4a6383dc86e0540419f125b426d1d25
SHA256 119f09a875f3ad5e50b77615e2962570c9e1eb5250b2cc28d0dc52fc089a4e4f
SHA512 b25dc7f14433aaebbf18fca850ad4139b64dcdd94ac3a6212b27950a08805f3525959c3e864a6d7bf65039f184cb87c48650b241bfd7aa22b0b498f17b6edc7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e788d90ff1284de5362affc31d374b4a
SHA1 a22f9ee819fc6f522b8de864a16b3c0427f09aa1
SHA256 603a3b2cefe45d1f7839353b12b9f36f41639461d80fdcacd38bfff67495d6fe
SHA512 40fd92df1db29dd49a2eb3f64ecf42cc8d1ee409581fbd7e9d2e90060d90653fa9417c824006efe0bbc3791c00f11a16bbfe6cfd2866a036255de5cab45e8710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd547187751d21292089df92850e2652
SHA1 3b5a4bee5ccfcf965d141cffea950df2dd509e46
SHA256 4dd3896c64df46f9b831245796f0e83d2ec064f9c3f49de9ab4b674acac0f4ef
SHA512 483bc8e0198f43c2b75825471d0920fd7cefd3c88f24690d2f99e273aedf5cc63d8b24b88563491d256111f166651c29a73c43f23fd6ff86bc5d9547698d382a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 093964a37740ad73e47b53bcad1b83b4
SHA1 fe5ca0fff2b3f36220d5cf839444b81f76705a4b
SHA256 17dea688a0432f8c6c3beda455283a2991db9653ffd1935ecc7bc8fa650bf3b3
SHA512 a11973df018fcb69acfad3731bb9ca2ae18b99da60960cc341330a74c95bebbfcb41ff29331700da8525b011fef6f09acf47d4a7bb60e34e8f1a7c9498c80726

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e65a7a07e78c4bd5e6c9293f8671b197
SHA1 3fce56ddfe2ad248a32de1983d4cf229911c0737
SHA256 1208abf384b06fbe2d4cc36acf052310134408d01a31a3dca0e068a31b643de3
SHA512 b0c586fb0347e331cc6b801119cfc2f6ab2c231787aeba2f010545979f836302077e74309671b2dccc39cc7478b67398902e156dc94a2dc36c8bfade11efed56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb358fec404422dd719962e7a79d8b5f
SHA1 87ebcc801a08879b37e043b370b48b3fd5689eba
SHA256 49d9a9b0a50ef6bdd3d327edaa00f210c24fbd12ac711387b5c8aa845fb49b68
SHA512 39f6a4caf23562dbcf3e22694de79ce2b11d7efe9f322bc03de56454389d564a9c7c8cac916671e977edd3e08932abcd7472b8eb465416d153c91f25fd82aad9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 33e60c8745d9019f6b403b3d11bb763f
SHA1 780363ccee7ba4ceff622a4a55d8b6a6297ce9b6
SHA256 1f4954a5a4df3c5df454a1714d4d003cb47810abbc35162a71c6ba37530af103
SHA512 6cfd8349683bb9c3292c8ec0753f665c7f9f528bf3e106f5231aa7d01bb555f9ae3ac25f5bda0956a38274bfa10d20890aa902df79dab708a02cce0599a7ef9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e9e877f4315d319676f21d40a1bfad4
SHA1 575559e5d7b6bee7f57f2332aa10a96614dad576
SHA256 de7e2a819e237b65c6a89b5a10e46e7d8a09c5370ab0d963533e91a000b142fa
SHA512 0d787ebad2a7120e37f1364331e7e0b600e4c568ee6ab94b3aa4bf6f543f0e834b5bb41b47d8ed70cd44edda616c5253a1fca8982ae883cc1c9cffda042e9aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c1553e8eb76e06f58a7e041daf71ef0
SHA1 722779003e227bff83553d2b75c5b093e09ad8e2
SHA256 aa05cc031f990d9556c10c3c185c108d19b41570e4b6fba5ca3ad9d843877cc0
SHA512 4038aba0ee4c1be8eca415d3974a84a98bc0f0f3887b02de42e27d449659580261c5d918e3372a39e1ce11975373e25055b9179da3afd1a50ce940b7229ae297

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\font-awesome.min[1].css

MD5 269550530cc127b6aa5a35925a7de6ce
SHA1 512c7d79033e3028a9be61b540cf1a6870c896f8
SHA256 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
SHA512 49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\jquery.min[1].js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 242dbfece81cf8fdf30b8f31947d1827
SHA1 ead17affb1f40c63ec98cda1ecea3697e145b457
SHA256 4406c305af99d8d90cb731cf6dfd633db837944ef2d603c949e443fedb9b919c
SHA512 ad30631acf494104db72a30f44cd105f848dbf8fd2ba9dfa4e44145c4be63e7a96a4e86a2f953adbdcffe406916ec3414a2226e20b1c184aba89017b925b5f57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3de3da1120c16a0db063a262d0f53c57
SHA1 a896b7dee2cfcf19449fa1f4fc37abf92283c7db
SHA256 034eddb596b867da4e33699bd3441f8039cd11bb129b63d32855ad65872bcd10
SHA512 40ad6a59c7bd19150adee7da1cc79528b5c15d15aabfa5eba5e4ef21c05062602c8a14bee360861b8456227fd1ee7b0ea88548b490d09ce75596436a73f3587f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55d1284c240e89140dc1826aac63a80d
SHA1 c962ad81dfb6bd4e4aaade050663a45eafffabd8
SHA256 7e87dd2767f8fc06a2fcf10b3f1a0087fd672aa3e3410e788611ca63e4efa3a4
SHA512 3738ee00afc10bb0abfcba2bb341662349dc55c42c94a980b7522e6735d7cad1012751c537b9df3e78160b6adf506dd9ff18c02e68251437e8b383a70f95141f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5E837F14F794F662B73472787AF632F0

MD5 5bf6408d8892fb68b0afb25622d0bf14
SHA1 bf0b644f7dcb620d000d7c606ad44d664de9905e
SHA256 1546dcb7747c75c4dd225782ce5a7190e0af6fef83dc654eb6bf0444cfdf768b
SHA512 5d92280f12b86d6efc3c0af4964bbf6fed1facd573deda84658f24718fc5a155ca34cfe0004e2bdabd335309ff82123a84683024ccfff0fbbeaf60caac4aafe6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a539044658d61c8e47e8332771e5113
SHA1 85b184a3088fbfc849478bdaa84ca1129ba90ec4
SHA256 d51b9b5a93245ec4e7ac4437f3e002127d7cffb25709598b1c8a9fc2ec22612d
SHA512 615d229225399da2e994f449cc93fc6678b7ba80c037d44e768fe010973d1ff664d0db3ffc29387c228af7b63cefbe13cb753d164c289623092be0167bc95f49

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 08:24

Reported

2024-05-29 08:27

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5004 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 2084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 2084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
FR 216.58.215.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 thammyvienanthea.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 thammyvienanthea.com udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_5004_CQAZLUHLWTJGLPER

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71838728cb5c1bfd6ecb93cc344a62c0
SHA1 4c422968172b37b74ef5334371c953395266ffea
SHA256 ff570d7a73057dbe3d1eb592027ee14a514a2777c13fe1204c61058da2be0ac5
SHA512 357c33a58e24f6448fe1598f196c82de3f971304386cbbcaedceeb7a5a2a4a37736d5ca92e01a70347e4f8763b90410d61d3408112c98c1ac3780ea35839dad7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 0f83cadc148d2ad7e53c91f6c4ee05bb
SHA1 90035c5fffedf4b0f099465f6b929a030b46c92b
SHA256 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
SHA512 c911420875dcadb64611550e83f9a525309eba69353dac17d3d40a8350a417f337718a24926df62f9f69136c94962110c897630e9ab7c0c9eb480b0775613c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b103dd873da7e3c9d2ea0e635df4828b
SHA1 fb4657185d0eb18055b973a57c4c451be2c4527e
SHA256 4b146faf4296a0586bcb8a34562ba214875a3fc7eb1179f55cad9d696156ea27
SHA512 86df0066ee43f111c7ebdb4bbc1cf273f121f7e6e7920beb4075c48238418bb4b325be26af23bfc235692d5fb3121242deb4cc6c23f74eb616258a0283291918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f6498f3b54deb1d880de34b9e92c262
SHA1 c085bdc3546accc54a3fd9420c95f5990d023805
SHA256 9f37cd8dd4a6998ad322e9174ed536fe5c78f971809f4346c07b1f6addce80e5
SHA512 3fa2eea15eda8d7894ced5e0ec2c83fc23ac25f741a70814aa729016a2baffd60def2914646d2d018efcea1c22b212ab9ba50b0fa11b8642bc10c1a404a0dd9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7439e5b3309294010ff4409baf18bb2
SHA1 1603059f8f124194f5ab1e20d8f618035264b6d1
SHA256 964765bd14e5664525ddee95573305969609e21c56a0b5e5d5ad9261f409d5d0
SHA512 0df84b4d40cbf1ce0534d5ae8be8be777740d0e44c9dfc94c61084edc64f4a87c7e5904e952a32c6a7bec597efe209ee160536f1ce278b82135268ad6751bcf4