Malware Analysis Report

2025-04-14 00:58

Sample ID 240530-q9s5faca62
Target 84630143050f2c4c1a22e33738e28136_JaffaCakes118
SHA256 7cc660822d2cc777ba745819cabb3a52fcd16b5b5d82ff8a6130d884b5b1cd75
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7cc660822d2cc777ba745819cabb3a52fcd16b5b5d82ff8a6130d884b5b1cd75

Threat Level: No (potentially) malicious behavior was detected

The file 84630143050f2c4c1a22e33738e28136_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 13:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 13:58

Reported

2024-05-30 14:00

Platform

win7-20231129-en

Max time kernel

137s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84630143050f2c4c1a22e33738e28136_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000133515c41ad0324798c6ec87c9f78981000000000200000000001066000000010000200000001719d6bef2ffc88df8f4e11b1dfc6d9c2d8b446fda8f785d5814c8601d306783000000000e8000000002000020000000187227ea03fe5689755fb0b0b3d409961cdcf668f684b3926a529f4ca0f5de2990000000bb727f4b772ef8b1ba8bd356cc152f76fdf4f45dd38e474b3df77a886ddfaf192cbee46c964fd06efc6389f4a3fba601b1b65792a3a95dd4df123a8fd88c32b0864177960a81b155e4b485c052aa591939b2eab041c3157766be379e2b06354c39637191e7f1909da03ea77e41720d6c5c3c89473809a7ee8fe7d59400de914cd2da669d5bf23ba5f8f3bbf12472127340000000bbb671a3ebd4ec7ab2897434cf161be67ea76e799ad7a36c2164d11b6303fe13a7d5f08bcf955d1fe4b59d5cf0a90f756d6126b1a103ab536238082f1491dded C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239352" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2987D61-1E8C-11EF-87B3-6E1D43634CD3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8004f1b699b2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000133515c41ad0324798c6ec87c9f7898100000000020000000000106600000001000020000000aae733846053927ba0e8c7497d411ae992cbbe37ca20d63a43ad36c89e06db1a000000000e8000000002000020000000e2fcbc880a27d740a4e9954c850993b2edd8a2a736eeb91df2ac45786379f0fc2000000087c5ccd8f0677422f1ce685dfa457f3ea03bdcb7fa90b82ee1e532391970766f40000000655277b130bdfa0547bc88beef2b1f02351f020c0c9ee1d74767d618b1c4a69886689264fd9d1d8d653c264ffbac0fa25febaf52df18dfe29026f5b041334011 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84630143050f2c4c1a22e33738e28136_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.genome-engineering.org udp
US 8.8.8.8:53 taleffectors.genome-engineering.org udp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
NL 23.62.61.99:80 www.bing.com tcp
NL 23.62.61.99:80 www.bing.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 262fee313ff33f992c62dd064c53e853
SHA1 8e077dac6156054e88f0e5d59712e1e28d0ed9de
SHA256 315ef6fec5718138bb25252b26cdaf5681cb7ae596eb26102e8e18f9995679fe
SHA512 25f038b48c7e28e892621a8c5978ad93f5d3b7df91356038c470203fe5b1a4283d4c99b44a95cc47f97d9737ee85dfdf3b842cc2b41979d9bbd2f87f6454a937

C:\Users\Admin\AppData\Local\Temp\Tar19DC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 503e40a676de24cbc96889608a06d2e1
SHA1 11e7c7de19f7938777b4c4afadab62b4d8ae0563
SHA256 72128f72123f0e35ead4b49c955cfb89c380eb9aa52765e9ee24506a9431873c
SHA512 01adcc9c8d6614438970e741e17fcb20079f0fa3616d67ac1b8185470b8c0ccdb22ccf9bc875e77e3dc3cb1f4c7752ec44dde13ac974acaad51a60da7a21b328

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b88f1b2f713d530f68e58b63a4e16737
SHA1 51dd651fde432544a63fcfdbfa71830615f20228
SHA256 b66df748f57ded18b7622269c0efb48a2d538fdb2d4516fa237031f3bca1709c
SHA512 8612306830d5fc77ea2972c24249f65d8b9bf6c25ba2466d1b75a59ff0373cd2778aa7467a4291f588a8451e27f582cb6fa549f232ad43b4a81165237601e411

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cc9fc6a5239dc365c18220f68a5c1c3
SHA1 639a5aa327c34596ab7b5bcd4d880acaaab0755b
SHA256 d963d1019d488d0f4f1f5dd4fc9002369581c56cc9d999fe54d23409f235605b
SHA512 a3d81a440d5018589be6fea1aee64bb40573e69598c9bdbcb7ef5a5dcd02bdc974c9b83acb717d4fe3e0f748abb4d9defe606325c3b5023d748d23be5aa6a831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfb2286ebe72d3950715db428e3a874d
SHA1 419312f1f759fd4e92c4842b455ca11bbd3d2258
SHA256 7f50cdf712cae8becf12c98ff722b692a5b2a602d0639880edf4081c6a55ea49
SHA512 a5baedf20b98ae5c12eb0d39b59d4fe93890726865614bc3aae78fb8e3966a30f6f6138ae6a734188a570f7721e793dd8e81f2cc83fa99f9862a4b9578cfcba3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e928f919c1ce34918621bacaa97dc50
SHA1 4bd65ea5f7ff495a4a8f292f7416fc52f1652133
SHA256 7d2f8284d6e06c630856300dedb1c924a9f0e5f7bf084874c734fd039995f8b3
SHA512 431399d68e22474fddfee05cb592923ae228035927c21592a05e89e171047777b47fe9cd5f5b49bc5319d62d5273d3e98ff0286bbad7ff5379a4f5d0f3aa4a0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c4f957ed37ac139a409fb65e8d5c65a
SHA1 927c3f6a0f4a65af6d745e3eecfd3a9fb31b4168
SHA256 6f1daf5d5832d9f0b70f981945bcfa1b1b29e2236ce3d140276658f176516fc4
SHA512 eed7939de7be5eb95eb228cf868cc6e8276eba37e0a77f352f6a8be56680906fe8d18afd308cf09ceecf5b7a42758393f241194ef2a5c2fee6cf25036f7ba9a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67b37c7873e852aa09353d8866f1b0ac
SHA1 48c2d77a9a11c5b8748c79f663b82f3d17f91246
SHA256 180a2918da5be3e7ea70384f55f8363f961938e2480265409c15b4b0ed2d7432
SHA512 f73285372630f74d05149cc4fa6160c92e8ce2341a022a7099d1552691c38e9fd1c9b6788ce401464a30858c761063e1a80ce079996b5ecea231ae710dc9c9d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a0bfc7316a0f3364e8333720dc3d34e4
SHA1 6b89d14f25614ae66fd6ba1e214750f3ad36dfbd
SHA256 519caaa69e46262a641a14b42d0aa070040b77d6f133b1e6812666a59bfa6e23
SHA512 15eb16c14f75fa673f54693c2a656cd6bd0a0fe622a0b01f894a07d2fb934ffcac998e8afe9f39cf90b47fc44d9fb3863d1613b1972b64a671b07332407a9141

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e47f9a6d1f712bd5a1111ed93c573c25
SHA1 c22433a6ae9a48b5efa79cce5ef3e6759bb497fd
SHA256 be5a31747ff233f460b11df79d8fc3b2e02f6e327508ae7881c9e0edbdd39766
SHA512 9314dad1fa82b43ae6f7108b3f3da14bbab847e79ba20337c6c481d368bbd434c28288f0c4c9096b9e696dbcd790997367421547d7a39f12b52ae588e5044028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 453664dea4058eb8976ddb22f95a1831
SHA1 2a58d722771d6f53e4601a2aa8c6e6455bc942b0
SHA256 4126ce9ccdeb3dd414935429579bf66aa5a790425cd3073ab631a935f42bca45
SHA512 a7211563c63aad4ea2cac4476a9dcdebcefec783aed27c34a0a06c5057c343ee2b0ef1c1ddf2e10235416131317fc869cb678fba53f5244e63cbc9dc781abb36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c626af6d602376fb95f89a409e45e48c
SHA1 1333a675ae5174252750024c4f0965c93506d4c2
SHA256 ce14cffac479f589ced8c047582e5002f9a0145f77e20aed629ffb3d316e7171
SHA512 3b26863454088fc49a8bd1ad70592b1339ab6b6e41479aaadf9ddca27be89b4328ec7c342d3c3a9f684989983b28e5ed2e7fcd74a75a0651e69778ed17431864

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fb346f2773050d937c8f91a83f4946c
SHA1 d40dfaafb9561b2cf27c5ab2537abe79f95c6282
SHA256 debffc37ba00a7d664b5b8ea7c7ccb3da8293dc61a9fcd9780244d447afd5e3e
SHA512 51ea9ca49e1c639e106636ae898133efe05e9ba216e2906556c230892d29a4d7487163ae089ce07c6c7f27dca1089f9211ce5630165ccf1a23d9bdcd1ad2c2eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c9af4a43cb1abd4ae6f4187f7680e3
SHA1 a0fc6e8af90c081bbda398ea806eda8697c17061
SHA256 33ab5ff59ac8bc0a42fa72fd13b73a746a9d5d72925cae4da2f245b8017122ca
SHA512 e6fc9d7aca678c3501dc78e296fde7f97de6e2be7346019863673c7093e61308e986dba8f1b67cdb36aafcf6bffe7aefebc003d18cbdb0343fc4696fecc5dfc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6effaecd118cfe4475c317233d0f8aa0
SHA1 c4c29f05729ae55744f4315700c651932c6847a6
SHA256 4240fe5f8d8c98e14c1566a2d6d5044d3b0efd9ddba5ce834b64d8a0152fed67
SHA512 705863d07c2b4a423d6645a136cf3e421c1eed7803eb951c4d5d5e4f520c4e8df7825b1a8c207482584f8f82811849c77044fdc03df6edcb725f79cc574d7e0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b45ff9e27f5d2f0c2aceb179e8d32e50
SHA1 b2a85b163cf2f294e98c6591fb599d38f65c057c
SHA256 12dba9ebb236c66fc922d9a9508d64186dfe690f8517fb217f1bb186fbefa368
SHA512 219616a44676439259b2a391cefe2118a9988eca0b6a99efbd79ab212eb60ea34fa1bf7303cb3cf1c0a6f329c95ff6be44f6b6ca703974b886071552f5555866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1b824bf75387bf258a35642d9f6e93f
SHA1 fd40a369b8d67bf4217d5d32c29a69f9363d55dd
SHA256 f2bb90e898cbdfc2e78ce7f21213e8ee976ed4254aec4ae29e3822dbfbadd12d
SHA512 748b1a3dbea461b8e885b54101ba9ec03349143bb06a1b1b2b82a3e0260e2ac1b3a655d0e6abfc29207ca317d874beaac4d1b614660e116a9f8170e34e74dc5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 516e06b9c77ec256793e38590474bf5c
SHA1 9696ff7d90c7a5efd8dad76a8fb06a6473d50643
SHA256 6368009da902b1fb6141d2e4d3bfc15be6615529782cd507992601f373b63d3a
SHA512 9795a312f7fb621d301388cfc46a9c6bd5f8fe08a9f012e1cda295d5dc5135ec81c8c1d7666391cc224010e74e353e541f90b9dc85ca62dad1ecd432582e5bb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60afdec0b1f6fc8af427ab81454b4b1b
SHA1 1594753a01fec1ab56d7e72bccdc56ee33beb532
SHA256 554f2856f6be9155f6fadb20360cf974bbafb491c89af2174c1c9a704fa21c05
SHA512 54235acaea28e2fd2f89a40979c4be83af17614b05c6f1bd715fa8664c14a9a2b9071e68121b9e4db009386c9e82cc17a63b12fc2c5e080232a8eec639b7d7ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c9c8509a9ff99b66f1e6d4787d4a0ee
SHA1 781f1230fb44fb8ee92d81cfff93f0680fcd5801
SHA256 d196da78ee991a4c8f66552ee1b609a63e56a00868584b48743a8cacb4409d1a
SHA512 9cc705243c18a63e5837e525df3c465ae2a84dbc8d7a4774a1613e40b282e26a20008f279d18faf30165a6c736e43d1c607ef43365a2220e8ce78e9920eb18d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baa9e8a70ebbdb8c2d189f0985ab17b6
SHA1 002e42dca42775027a69d6c1c480dd2a038bde43
SHA256 8cb3e946de719422110a2713dacdf530d304d8ab19e7ad41caff1ba020b85878
SHA512 0818f697d2bb2bd0b2236c6b8272a528ada436fcf8dd9f54e57b6b89dd1d7421bbde955b9d3c0aaf377c54b96c72e2990bacba59d83083fe56559cff2b74a726

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 13:58

Reported

2024-05-30 14:00

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

129s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84630143050f2c4c1a22e33738e28136_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1624 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84630143050f2c4c1a22e33738e28136_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc310b46f8,0x7ffc310b4708,0x7ffc310b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7248073162841640738,12592118339879555752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.genome-engineering.org udp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 166.78.7.234:80 www.genome-engineering.org tcp
US 166.78.7.234:80 www.genome-engineering.org tcp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 taleffectors.genome-engineering.org udp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 166.78.7.234:80 taleffectors.genome-engineering.org tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_1624_JOFAAARVIEAHZEBX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b2e79b16f8bfd750ea5cd8182ccbc79
SHA1 62a2feb66718464d987731d059e569ce41091a50
SHA256 84379e562a9e3a2c8e711310afe4d42d6ed4ea1de60de428c8e619210333b4e6
SHA512 ed70f1d192ff2624d01fa01fe11682c3dbe91f76dd497eb325018cf4324862ee1b6c1600388ce5804f90fa0dd31bb248352dfe9652c431eb467e025d94c3ebd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85b56e1795112766775c50fea07f799d
SHA1 ee517e3d594b149844936d35e2b9342015bf2d97
SHA256 557b2bfda75847a4dc8b147152f493d73042df8658476c5b18ee4d71e03dcf7a
SHA512 62888dca24f0473eb6a92a9529f7696405e29d89ad79b01ebf815ccd9ba9abaa3a8555ffaaf8649461a2442930d3f8dfb6b3743ea4d39e8b639472f92fbca78e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abc95eb58380f8dad2a31c36d87e4050
SHA1 68e5752cdcc4d5ac6a986fc18666c923bf3bf37d
SHA256 29d829bf3043e33ddf53d0a2d13764e991de2adfb1a416941809711e65725fc1
SHA512 e7c160b59eb97f728ea50d1ca5c230a9c1087263d5c7a07c7d3de45b9908b1fdb4d8c2f49ba3a06f4c38057d0bce008f25e48c478876ca51ec4b9a83812c5730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf9ddc3689ff6023ed635e0073437161
SHA1 ada259f8c5ed9ebec11c5e28beaf0fa01f0a0d9a
SHA256 28ea070ad09dc4877c1f548cfbfc41c53fe2dd133fa09bbe009bc39caffe2c3f
SHA512 1bef466ae21874e075167e958687aff48952ed184f96df36113e2bb79a6dda447251c91c15926231785ed9353a3e4374a01437f0e63eb78b8fd527c9d317aead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23