Analysis Overview
SHA256
7c786998dea9d5ddcf250a24c9b0aba1355c6211031664923fc12945c3d03169
Threat Level: No (potentially) malicious behavior was detected
The file 90fee0823b3622a8e97993e50695a67d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:45
Reported
2024-06-03 07:48
Platform
win7-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CB2B701-217D-11EF-818F-FAB46556C0ED} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562618" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1768 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1768 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1768 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1768 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | blog.optimalupgrades.ca | udp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab16FB.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1780.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0018d804ce5a2573cb30f286e6174db2 |
| SHA1 | 4165a4a37bfca8f30082fcd5898daa1cce8abeac |
| SHA256 | bce5f9c1529b550e00190441d2c0f66816fd487ce2f3bdd482195a26ac7c0a5e |
| SHA512 | 3babc6011c4e5209537ff7f38df12ee3dccdba23eb5d906649ae4d64d63f86f72bcb6e693b5c7049d90f960c1fb59e218a51cae5c43a67ca6603ccc0fbe5728b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 023a601c551a8046df86167ca6d90c5d |
| SHA1 | 30c899205dab0ae6641e1c6bf4a5bb0c65e36668 |
| SHA256 | 564de85267a89e42372f6bab3d430a9e0d1c8680597b37c6c5d2c4d01a82a5a2 |
| SHA512 | 248b7e3a9bb228befd834410bed52283f3fecd65ab4411894a99428d21a066b299a3341f15faad00cc646d1b33bd0f4e32b07233ab8954461a0640e5ec0279f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e19c41e0ad05313caeb1cf2986fe6e5e |
| SHA1 | f79e128ba6f1190bcd29fc4bc3f9d2f9c7df0074 |
| SHA256 | 8431a7e19ec7815ca612d22285d0bb6f1978524c89b447e67137b298d35233aa |
| SHA512 | 81ae96b1b9738d4e81ebd19f573a5ef0895448489966d47de314cd2202bd93a83d09f793133a4f459d4bba2030be5c69120f8d956f805148a490cfec57869084 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ad4940f17c924a3122f95babe1352ed |
| SHA1 | 00646c5ac9f2c13068e6875cb660d93bda4c44be |
| SHA256 | 42c36df04ca8ca4d05d2e0dd4f0d63028dfc98c03fd7520462989fcd3257a83f |
| SHA512 | 00f63de26679cb1076b487168af1eb791d94666d55eb3fd812af2eda5776efd8b87db5768b13f905736b60a79f964ef0c8cfd157e24cb12e6ea8001899101394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9504fba15ec4a06c635ede89cc76d25a |
| SHA1 | d32e341885a89b05fae224e89867efea5fff4491 |
| SHA256 | 8c1b6d6e6daa0fb698208d46d874afe9488b92a5075a0b9692585fb7d1e8425c |
| SHA512 | 034b286a3133346f188710b463d303dbf351e23755654c3aa1bc684d4297375ca07024073640ea02ea0ea9a2a5d4a28e0a11bbc3881bb9de2ba0dd5f13268e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b47bca9bd3768b7fb8d0e6d7e76b995 |
| SHA1 | 9f4f619befde197468f8fd34b231795d1554a7c6 |
| SHA256 | 6922a8ecc8e77f81b596fb7a44edb0c3ca2a3c6fd73e9a90fdc63844b0cc40c5 |
| SHA512 | 2f26381a8d2447fb26056924e939667edca37fb58768b7281ad6e000c8951c47d1a7e7fa07f0b3b3e277152cd28091ee0c7e63970d00143aa179515e4307279a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:45
Reported
2024-06-03 07:48
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb166d46f8,0x7ffb166d4708,0x7ffb166d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | blog.optimalupgrades.ca | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 50.63.78.1:80 | blog.optimalupgrades.ca | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| IE | 34.242.6.0:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.6.242.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4980_QQQFHYPOIYDAAYJI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b6d6915c43cd94d8b6f7326dff6b817 |
| SHA1 | aeb627b7c1d1a7eb3dd8648e79fc0fc31f750691 |
| SHA256 | e8d637bb02ad32110e0370e1a14018115278bd2cfc8464648b9e1305dda53330 |
| SHA512 | a69dd24f504d5c2a0ae0970197e87a6f904574129af0eefc4514e9390f2b18d82b8c4bb5bdba42c8a9259d3048dbd84d30cd8fdabc2266f7633c2fe5cfe15a9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05abe00ae0ed964dcb3c27a2584cc065 |
| SHA1 | 5bc98f604deaa9bca95a6e753aec0bd31d7c3556 |
| SHA256 | 0c0004e1db7626023e50d4131a1be972bb38b99c782d4e3d084f81015085cabd |
| SHA512 | a9b70d83b4c779d029999b5f87ee502772d4083795b2cc98656e2447ed72fe2745b1aebf5320b2e9e37afef84429b0b5a686d14316d707ce21aa968b5999e67b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2fd0cbbc8ed5c8be3aca3a9a0d58a77 |
| SHA1 | 177a74cbb32cc23b26475c37174bf08fded9bbb8 |
| SHA256 | 3d53fe204bde7186017174a9e6f7268a7a14cceea610e6aee5ced5831177a480 |
| SHA512 | ccabd8066ed6c555faafdcb7d249aef65d87dc508457de61931adfe5700dd1146fe8fc6836392f20147b820bf24af9a7c59b7627edf840a230237702ad75cd5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20dfabf5c9337edd2d9f25339da81dfb |
| SHA1 | 4d2849398c3048edb2ba990c5d73e7b117d280d6 |
| SHA256 | b5e30500c9c83e7b8cd0c0955c1e3afa7f98ace0cf61cd53573c7a396ce925b0 |
| SHA512 | 9e66ca77b6a45c887f2e0a5e40cd7de34d1e104206883bfbea68296936ec9bb0b0fbb2b05d84586dbe7677445ffc19a0e2e65a22c5e14641f65d37ca9403399c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58266f.TMP
| MD5 | 8bd3b7f10e5d9ee5bed76aaadadc931b |
| SHA1 | 98a9e816ec6c900fa0ed4ad7cadd537a130b87bf |
| SHA256 | 2e47036a9f22c343a594d2e858d0f213fe1c6ef54b8c31a265be0016979441cc |
| SHA512 | ec21bcafb595ee7ec3af76105fc1f6b3fdfffb05c4bca69c8607c1a3eaecb11d986c2a9423db68d685b8a1f3dd32f6b83331c822e7f8ee3b98df5c116892f2de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57eb9f09e387676f135e5ceee83676d9 |
| SHA1 | ce39ee447a068b44d0c121a5c72f026688fd14fd |
| SHA256 | d99b80373ac88d74e22e5e325824e7ccbd3848e3f43a27434ba354b8b9bc1e67 |
| SHA512 | a098504745aadf645d29fc4a904d75f9ce519aa4aabc083149ee6f6ad8d4ba0017aaab22e0c436f331ab36a2356be3d08842f29e005eb762183208c0dc173b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5c1019a2fbbae64fc4028cb6454df74d |
| SHA1 | d20fe68f9ce22bfa8c0b745a9766ece9609b58ea |
| SHA256 | ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75 |
| SHA512 | 9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab14b0f292711e4a9c93b75b2ed77871 |
| SHA1 | 657ab65fea7467841726bd13e817ab50268dc807 |
| SHA256 | da70815ca9aa3d449616ffd25813a6116bc2a8edd5dbf6e65e3d442a65360dd8 |
| SHA512 | 4b8aa8caa3903694cfb675f4b5fef60cca013e2fcad858edda2353137a3d34c8adfc82054f9f7dc7a5461409af6729d9b6fa9189e920c43df93bd23c4a218c23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6628a100e62db8f9ff3cdf75e816d366 |
| SHA1 | 74044e3fcfe8a60445a0da5311d9dc71b1627825 |
| SHA256 | 9a84df5fd1b0ae6cbde45d45340de7860e437467fcf4876a1b2b3ec022b43af1 |
| SHA512 | 817e2c617162e86f7ee627d098d763d67f7335d4ae08cf95672e2dc2b46965cb4395cb385a73e3fee31a4ee6c7913a20b075d57989c53c88442bbf9888cd049a |