Malware Analysis Report

2025-06-16 07:19

Sample ID 240602-b1p9vsed9y
Target 8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118
SHA256 2d088aa05b54bec0564ee4d989aeb5b4f171017f554b14d3dd5db7bb752a1cf5
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

2d088aa05b54bec0564ee4d989aeb5b4f171017f554b14d3dd5db7bb752a1cf5

Threat Level: Shows suspicious behavior

The file 8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Looks up external IP address via web service

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:36

Reported

2024-06-02 01:39

Platform

win7-20240221-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454086" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7f6968ce4a5cf499e38c4767b340aab00000000020000000000106600000001000020000000cf64eb93509533d470a755e30793e345e93cd03a0f59c3ce3ef969626241d4b2000000000e8000000002000020000000c4b7769c5159b49473ec9b6dfee5d554eed779fe6331dc7b1f21e44ecb11771d9000000080c0d571664cee4112420a8361854f96e594a0cbba0cae96f4d48f23eb8738778955eb4318dc10e00478e3c775974580863c1579a5e55465ecd8e8a273206603415b9cc4ed74794db730ebccc625ff0467187afc02c1dca4eeba2fdffba175d89f852061afba85fdba95bd84cd7152aeb41b1e6f4b6aa7e6ea6c4770e66efde3134dccfd0b133383774486a1b6325409400000001ff15b7d8339a205a6b35bd52d5a3f345946ab960aaec59628c44872d3e42086778ddac4f5cf8580db7d942a67c52512cee4ffda8224369500300a9f240608e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5034be718db4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{99B5BD71-2080-11EF-BCB4-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7f6968ce4a5cf499e38c4767b340aab00000000020000000000106600000001000020000000d20d10a32b12119ecb639f7dd931c4a0c3c567175412c316a8933319ff9f4b43000000000e8000000002000020000000fd1c9a889d6611f79c19345f730070b7a0f2cd70e2aa87053b181f065544f7be200000008a1e5ecfed4e4b73aca3192e1d0106e98a41a8e587e8329bfafdb8c01507b80740000000c74f75bfd6fb95f7dcc255d2e4ba3072c986b3623405ec7c22ffc21e5a44d84e444542ad62eac22c463ef696604bc46f05eecba4c085e8853916005c69bd72d9 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 usocial.pro udp
RU 185.129.100.122:443 usocial.pro tcp
US 34.117.186.192:80 ipinfo.io tcp
RU 185.129.100.122:443 usocial.pro tcp
US 34.117.186.192:80 ipinfo.io tcp
US 8.8.8.8:53 moonwalk.cc udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9530.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar96AD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9467715649b54faef8098969b181fff
SHA1 a187b7b291103d1290491249b8184b6216635fe1
SHA256 a1e5b9b6ef5d17299d3e035dae30ed48d4119357b006a6de975d7abc353bf401
SHA512 c5eda6ffcdeb5009c98235eea9168aad72287cfea570f05a42528a6af8f67eb51903adaee6e989b9009eb14b535fd2ac8019a93fdd4387c4b9be916b7d6cf1c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01279a5ff763704e73825fef4527eb1a
SHA1 671979b28003a4f9f9fcbe537c634a947c92d282
SHA256 8092876fe688ab2cde21a684677a13c8cdfb4294fdb35a144c389cfe64564fe2
SHA512 388a4f3165a86d4eec2d2175667fbb585c13e958434c2032c2bb07c1169abe73870420df548d9695ef52a7d29a33528042e550b1c1b1ab6758ac554c0faf9ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cee59fb7ed18a63a5c6ddf066857b41
SHA1 9b83b431a09aaec3bbac56f683c418a06f33ca42
SHA256 60ae3f50bc9b53e2ec49fb6deab8ff219815f4f5fc69c139f30823abaed5719d
SHA512 1fac757bad0e3ae492a937f0ee74a8fc5816b6ad3f70ae362b441599f20d0f49e12738ec8f919f2e1b6e9bd92fdde06b7e52b50f349cb0de85f4cbce1b75cc0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94f076de0b4b5b9b8dbb2959a4b7eb1b
SHA1 234ac17b325082711dbfbafe53e908e0933a52bd
SHA256 6acf886f26cd135b1d0d0b24afa85e152d432b4c50e2c548682e278248fa3dd9
SHA512 dd72dae0058db48febf8e98988055393ce893877f968fa00aa2e26270dfed2d964cac5dff2b996093270fb3ff2dfd3d56fa948a8276edc2263d579f1211f5362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31a1fe83177fde3e5d7464592863dd36
SHA1 6da8d76d887622a54057f961222e7b1f5cb7ceb5
SHA256 94bfe24d064a1006c151ce6b0beb3c9ca6b6e5b63a38009f7a4ffd3aadfd6d12
SHA512 f730b57172dd3e3b50000afc404d13ef7e8f97cda7d8879e54e2e0692fd7fa41cb1e0a979efb34f7ba025fefe6a8a81e031bfb62e767b3ff8eb9a82496c06fea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69a30be2bf399d346356acbd5a68a7b4
SHA1 60e39293a48eeedb38ab139e788bdb0084724492
SHA256 4b431381c879f89b490cf328e314da99ac72879e05b1c2bfa8342b3398392e32
SHA512 d2e08ec6808aef075d50d194295b6e6e9f18ebb7579c11badd27c5797093fa6cf76ddc89de1d342137229d3b0d19fc25eab48b6d6972882fe49032548f69dd29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23e9f5f5bdc4403e4f46edc3f92e87ad
SHA1 f841345e6c6ebf5d3f2e054d1a40a62332342f49
SHA256 422bb2a5e81e31296358bf20da24f8de4521672385dae286f0ffec05e464e675
SHA512 732cf34f14e8c9da381d2f179a7a07067d2593ce2173325ed3c6ba9770367f95b6ccdd648b43c1b7f8b4167182217114ff4cf50dd001ab924580a0c834f8b713

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6171c1aaa7e58b7d62774738895cde24
SHA1 6ca1323198ea74a003bc3a33a2a214e6a0cb5a5d
SHA256 f0f52ab3aa2df5f3fd2e818c6c4ae32a3c14daaa411e819050d4fe5ef79d0ea5
SHA512 19eec459fdc77c7cc949d9dade3179a14de917d835d382dba296ea31dcad2748dfc26af5cf874c8aaca646f1ad4901ea6ed28a99ed321c724a11b0bfd6f7f213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1a371b72fce2244544983a9ecfe0783
SHA1 47693f8125daf7dbda1992d6c5bf91492bbb9b1c
SHA256 f8b1c4e42c444378654682765a213d3a7aca2a45c09fe0da990e60eedd2a00b3
SHA512 f70054b074731cea4db284ffe65da234be92c69167f2443fe9d3065a10f9e561fefba67899321461298d0ec8bb215155b48d8a64545752a0a9c29d1a7b0edf33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ed0ea1b905ebd20748b8534451ca6ac
SHA1 4a98ddf48a0c76f359947e4cf8473fd6acd39d9e
SHA256 a4e9175ffe8299337c248fd131adc297a364c6883b5b91ca26268a8f0c41d6c9
SHA512 298c7c5d5e5d6553342eb4c08ffd626bc3fcc2a9943d433eb7a1e69940daca49050c659a748d21812cb7e4124548c9ae8c120d71dfb03bf1822d396392fda390

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86e5d1bc985d0a5154916e1faa67aaba
SHA1 bf6cf5faf1e933375368910be2296fba13013f09
SHA256 558bc943535607176aa260efb63d71836e216ecaff11a1b0f74856cd13c0835b
SHA512 48834e7b5ed0de5026a739f217bb1029bf94e73da587d5e179bd83a0cc37014e0615c10f94a82eb316cdc0254e2a8ae05eeb5fa18561772bd784452e15d13a3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70107fa29d7a4fcd3081cbeccfdc7018
SHA1 2c8e9532134ec8d16c2e394b4210629b749f9750
SHA256 6d660dfbe869a0e41b1d66eb98da5e144eb7c188f0f8982be9f4c3a1e68e3646
SHA512 c54685accc9178c9c7453dc87b8f0e0ec1ff9a4420ab77b773c14fbf72097a1c81443413c9e017900d8a5e98194d4123c3a20174a32564f2dea5705c860bac63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35eeb480c7696f3ce052791b26bcb5f1
SHA1 eb75fbe8db0b53a6a29a09aa74f64a344e7e741b
SHA256 1d9740c4b4b9429292a5578e75602fbe612c108d4d77bf38022920ffa4b7a0a3
SHA512 b652af5c00275a70ef19f92ff31e86d90abbea0248f81c646b238632cf1e53e422ae8069a17f9f1c82a6661088370f0b4f9dd9a3e8fdeeee838ca94e620642b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ae52fdd9eb4fe983a3822b1fb3a83f63
SHA1 1e74cdb6d7b2fee9cfedd95c6cb311aaaee3367f
SHA256 35f1d1605c0b649d9976bec0423acb6afe65f39c139dbcba7c2ab5186700cf8e
SHA512 958d30940cf0aaea336947b467e59935c0c24a7402a81b85707e56f6d43af6b28eae5459e39a9e1214ae63e57e0412204cdbf7b1bcd9bec2cc4face5eeb7310d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7511421356ca07c8b800e6b9e662720b
SHA1 d152032b637fa3b23bf0a93d79fe72f50f48127c
SHA256 b80c3da5ff4f288bc7d4dea8a8e4ea15de6b75cb7b93b549a86e0c26f3fbb51c
SHA512 530f64b7ed8ad741962caba2150d5944a26996c08905e3b8198f7734a794f30d5682c8a1140c6ef3762c455f344f3f0022511a37ad3192374f5f7d058342bbe5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed6c7fe5dae4c3422ba6404771c95392
SHA1 60ccd90bd3e7ac40522368c4b826964176d87daf
SHA256 8d8434fa3c66d7f1d771dccff013cd525156356a1a87d36722703ff1d8915c7b
SHA512 a031cdf0eaa92e1904a4e111838894eddb2020c3357e23da0670279c5be32a8814fe827522117919c507f0f87413938bff936f2a1679411fc4800c99da77f033

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b86ebad6d12329ea47d64c3b5bb894b2
SHA1 fe0b6db5767ff638a47d4d6fb2edf72b846ca385
SHA256 241cc553e0c8867aba33a7378a66a93e51451c1904b44aa3d706cd5954279ae0
SHA512 50174013f928e81b226cf89741e4ae8dcaebe150af9bbe5a26900e2eb27c540261a8c2bdcaddc6357a04da31f14a889ad34b0e6a1108fcf5fbace96c82126a75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e5e0d30134e4993f92b1144a67323fb
SHA1 bd9bf813102988beb129e085c1429117ba48bd12
SHA256 6fb1cc90bd4284dff40b1797c3e9f3469fe2d808aed590e3867708b69e4d1506
SHA512 627b2af41f20d39bfed128bf90b08d8da8f70bc5c5b6636ce721d64d31cccc558ac17e77c8d48323b24a559529c9f9abb1841c772704db7bf92f77dc5784cfa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fe6a3038275f34e30e2a5e59d487b98
SHA1 82c12935e76091970fe1d719e485900610a23a2d
SHA256 c2dce655a8920e107594feb807a900262620d26eeb4a38b1b88816d35d5862f6
SHA512 2bfd177bee0747d358f0750150fd79802f54f7cb54c2ce7b784193dd3b6198627fb50d49e6dfdf13d01e25ae45ee253b1c65a0563fb5df4c9cb03dd26b02a2be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 04334013c0ca088e1121aa8e0ccfe57c
SHA1 005fba120137361e9c45ea1a4a630b13bff5610f
SHA256 88ff1de72a0cc549c4dd2142f5038c4d6f88030416396c8f76db2040e2e5e222
SHA512 0fb201ac68f8585e9c908a9260b3953bbbf34cb77323f5fc4a56cb9fd6faa7401dc218607c81c2179ba35fc1c4dfb4983b1dc050cf0567e27cfea7f5764ee357

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b74b8ef31e91bc256434deca6d009863
SHA1 75a2b1c9e01c0f53ee814a32ae165f8146af8556
SHA256 89a71f8cfdf77c97d2809adf78d35b0811b104f76450e614c70212b2576ce004
SHA512 687b79e7e863b0013ee2658538a28a5e05ced451cf8b7ff0dd13626b6ff0acdb90a9be9e4b0673475bb3f522a726cb2ebbcd3032f7bee0ad563e7dacd9f73d77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76eb232322d5df0eb2a0ae7df5db7f4b
SHA1 09e9ae58d5c2795bff7854fbf3b9271ee45a2356
SHA256 dc59b345c23e9a509c4998cf4ab9cc6e94fc4c9e2e759a15314ddce1e35f3924
SHA512 665c93828bde6c4415c73c4f006e85e351daf0d92b9d2fa9d88f07b7f247399c186aadf9268adb30986f71b4c78650464592768bd571ab19846e593d15dea934

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc355a8845840974112a662cf5e34c60
SHA1 b57a79395cbdf577bfaa513d59be92199bd5f602
SHA256 ff37ccbdc1f5d7cb3af8b2745c871cda3cd2b306337eb07d03d465624b6d3d7b
SHA512 33688c276375897a2e8950d763f16b54fe1b56ae106ecc5593bcd40b31ea64e06ba479d732500434ef73a3806f9eddb5cff4518ecd24e6663461fbbbc565bb6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 574216d212ebc392d18b4ba0234dca9a
SHA1 21d68889081ea39cfc1ccba9537ddafa73d3c92b
SHA256 4cc7f72358dea2a1f0ade8840cb087d4e9bb522633767ac02767f7e5e8c21a22
SHA512 1a0446f4f2e5d59ca373d87c1d1464dc53435b87163174f59c9f4f31e9651fea6136de922d1dd9494755c5e32ee29e162c6b544210ff26ed0809dec6151ed862

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:36

Reported

2024-06-02 01:39

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3256 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 usocial.pro udp
US 8.8.8.8:53 s81.ucoz.net udp
US 8.8.8.8:53 ipinfo.io udp
RU 185.129.100.122:443 usocial.pro tcp
US 34.117.186.192:80 ipinfo.io tcp
RU 193.109.246.81:445 s81.ucoz.net tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 122.100.129.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 s81.ucoz.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:445 counter.yadro.ru tcp
US 8.8.8.8:53 moonwalk.cc udp
RU 185.129.100.122:443 usocial.pro tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 connect.ok.ru udp
US 8.8.8.8:53 connect.mail.ru udp
RU 217.20.152.207:443 connect.ok.ru tcp
RU 94.100.180.55:443 connect.mail.ru tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 207.152.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.180.100.94.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
RU 88.212.201.204:445 counter.yadro.ru tcp
RU 88.212.202.52:445 counter.yadro.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.webvisor.org udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
RU 93.158.134.119:443 mc.webvisor.org tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 vidplah.com udp
US 103.224.212.214:445 vidplah.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 vidplah.com udp
US 8.8.8.8:53 jsc.marketgid.com udp
US 172.67.141.144:445 jsc.marketgid.com tcp
US 104.21.46.191:445 jsc.marketgid.com tcp
US 8.8.8.8:53 jsc.marketgid.com udp
US 104.21.46.191:139 jsc.marketgid.com tcp
RU 88.212.201.198:445 counter.yadro.ru tcp
RU 88.212.201.204:445 counter.yadro.ru tcp
RU 88.212.202.52:445 counter.yadro.ru tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.129.133:445 vk.com tcp
RU 87.240.137.164:445 vk.com tcp
RU 87.240.132.67:445 vk.com tcp
RU 87.240.132.78:445 vk.com tcp
RU 87.240.132.72:445 vk.com tcp
RU 93.186.225.194:445 vk.com tcp
US 8.8.8.8:53 vk.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_3256_XTZUYLDQLIKOGIXD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 94188ddd14364a3b1093c8b7f90054d2
SHA1 9d1ff0465b3a36753f5d302aee4e4517a30a5ea8
SHA256 4a03b523f7cdf5007cff517baaa474b1abd8ad30b7f3fa7d77a2c7569fd376e6
SHA512 ee001cb6a92f021e1a6cb507202e3016d97229d122272c023c394ee84606b36b5bea192f08bb6b0a007f1d79c0edccc75f6b444e6d411fd71bb9b42d7b14f4f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5684116569ad9871bdd05818834d0a2
SHA1 0ac4683f6e353c383cc10078edb90d660235f8af
SHA256 e3dacffe9e1285293c98540cd0eb11a6a3d265e03d6dfa2322df9b3b85d4977f
SHA512 c86ca4ac15f25ec2f27b41b9a4dd55ca0f04af8f1ccba19d164104c5c92ef6ba0bf25844271cff284a9205db068b77d6f6fa6c29f8b489e80eae6e12b16f3742

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f2b9e5d7a2e26bd82cc3c52a2929214
SHA1 df0198d37638e2b36a8b1b3179a26494fedc7ec9
SHA256 656393cc5d227319e2039d1482125d9fa2710b606f54c23c63619b902d3464f7
SHA512 ddd26d1917310b354832ce2051ddc89ffdc2b25af8e04e2178c2ed8293af805a39496b1f54eec6268ce4a4a020058e3629e832e21f552c7f124675cf3b019203

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69d3501c77a31a1b20e3879ad7fbf729
SHA1 04f2e03c43c56a4950762ccc602d945dc43684bb
SHA256 5d0de4e840ae5970ef8db440f419a1c91eef777e8002c1927c5125d5c0c86b4a
SHA512 f8ccb238e7849a6fb983d2081a8be587dee96eabf24e4882d5bfa2fafb06357ba56ffec2309d7e46bd5c42ad8cd0e5e5a05852c74bd8615d2ebf1cbef1ea55b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1284ff2cebd93c0a8827f08b8c84b410
SHA1 279f34985d9790594f7e4af3589e8e061dbe6750
SHA256 6c52e04d99e1d77ddd9aa2637ec73628c6300b6b13eb0fe2b5e4da3c947a85e5
SHA512 dc1098b66705b857d2cc15cb7690f5f4be94868b3003320764293b1d1fe646ac814d964767f11941c360da4b5fab6fb524f4a82f69b59757bfc285237ed0236b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e14.TMP

MD5 5a57be438fac8657c4d8e03b404edbfa
SHA1 ce7486dfe9fa6bba6a63dd34f74ccf87923f412c
SHA256 36ca32ff4f12787f05e9d753e6177b36bc5b85138fdd6c39bed0720a5988be60
SHA512 044ae89015bb39e4451ac38b221f949683b8dba3dc3335e2f97d2af728b497f81e202e5a8f255475b9bf67434291a1d48fdd04ec44ccb69b2b81d14b68402d87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 faf66425b5c0e0e9a3b7e36c06200e94
SHA1 97d966b217cf42a67323fbbee04078e721c5b75b
SHA256 5b9fa82f91551a728d9404a1e402fd4828c15351ff7a41f96a3270fa52ae0de9
SHA512 6d8b716df41a6608b3380ec3c578301b3c8388687a8a10e3fa3edb2bb4c10c3e97e96a3a9550018c65809789e1f4b7c7cce8064dac560ac1c438dfb49dbe21b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23