Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ktnxwshe6x
Target 913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118
SHA256 3a2fe1375850e0e608f3991562a78f968c406f5c2b4ffb4659705482841a4077
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3a2fe1375850e0e608f3991562a78f968c406f5c2b4ffb4659705482841a4077

Threat Level: No (potentially) malicious behavior was detected

The file 913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:56

Platform

win7-20240220-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C995A301-2186-11EF-8554-DE288D05BF47} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566694" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 sks.60fn.loan udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 ui.s.toocle.com udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9A4.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\CabA90.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAA4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f554f208aae8bd93b5e611c29f10f41a
SHA1 7c6ee559fe63c8c30b44a91b26ed11aa86dc792a
SHA256 135c3af7226245b1ad59b07b58d57a0741ba751078f6ad305fe0afef680bb429
SHA512 54a79ffacc295b0814528682dc9c993ece6db64d355c34ffafa6cc68bcfe231c8de5e1f84e9b7c05feab821e8d2f954fa24a25c9b0be7dfccc98d79b54c9861e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c5949b2468554f981723da31a84f568
SHA1 d37a58bc95db323052cb1e216f4e1c662edd4dc7
SHA256 38a71c64b8b1ce243f50143b9d150dd11d2fef6feac14387a57c0444d461a5d8
SHA512 b843b1b0ddb4ea987efdabcff68e1498d8486855321fa6b05db4a60498522d4d3762d8798648fbcb8abfe27f5e5c74361861c45b9add536178d28ed08628d826

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 856f84c571c32f25e1db2981aa68193e
SHA1 4aaca6c77c71068bd360a467265dcf26a7426ab0
SHA256 1df5e522fa3d05d28214b82ab00a16ec01f56d08b4e93609efb69b63bc899b27
SHA512 9af1020d582b74eba3ada1be6f7cf71d8eb783fd45238619fdd31763e828d153445d61dc978353e792cad7e0ae45b9a3039c70aaa7503d9ecab3f80a6ebd4a25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56f1020075ea63fc537ac1827bfdc732
SHA1 178a50c45114637ec9ae6b4bb5916c585919b876
SHA256 24cda6f1ddb9889d04d12c245768fec4763a1d93e3ce9d32da43ea8bf9de5196
SHA512 1bed8ec788cd31412a4901ab5a48599a159e6891b702323124a37341002c5c5fcf31779aa839bc28e6e2a687c29b724d40270c91c7e8c3db518c398a7343ea77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25d712d072656ac6d710858189aa71a8
SHA1 a0810a6f528de78910c75149abe4041f039ca811
SHA256 2c5c5d10381803aba5ccfeda56747a17d022ba0f50ca728faa00c45d80612022
SHA512 60a44162c0b781170eea5140d7f62030b5e641f1451f61b576ae97f1badaa9694f0a645765c19a3f8260b761ca46d07e8344fed9203d4cacf437ea5c2b9e1356

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d03a637d2e8ff49732a306c4cb7e1082
SHA1 279011c405e09a6e7e60e71140c820861539f642
SHA256 a0b5f5211eec839955a2dbb8c69c036047824abdcb9a4a8f0a6c0e0d501eb54c
SHA512 2460f8196da17c0f0fadc877e493d55d08001309b5c0c599761f963c92241b4cf1649b7bc6f7e79417d3894f0095d05a35531f8a6ef01db88993863aa695e562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63af8c6e74afe420dbc26fdca3b0e166
SHA1 2c29eb353daf8e45172b4abacdcd62488a970019
SHA256 e5b973cf533630fda337be8be14b707504e1ce8d5a5d994cf26ff95a67c7cdc6
SHA512 fa39728159029f1473785c36fa8202438665c362f06b2fb9008a3d1d21575db3bb54fceeab02a34b02e2a06f3c27069a4b85c01f929fba72affd2b5038bb30fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9db99fb8757391abd881bd33db03b43
SHA1 805591fa7fcece808ceafbc50f2d69bf480f9c58
SHA256 466c8d80acf6e380e5828e8bfced3c59346bfad10355db4fcb5965fad7e05cbf
SHA512 a2c8f61bd8daab721423e12a91a674b12ce2771ff3b6c744cff93a2703891acd6b25f984d6b90252227c805b6626d9698ad8422cda535bb125acc3e48855f6e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc50754007a8b3c72fef040dd20131a9
SHA1 989b16b568dc27d1374c7190d94b6399a4d8e13b
SHA256 569bb01fe309b000d494cd6f56c9c5ebe25d50384935068daeb4921cd51c75c8
SHA512 091fd60509392f29829aca2175f585b6da4f963ebfd326ad7191f10e44da8fead2ca3d0b021a7f8e9707f7849f51f02eb73793583ebd2684a95eede513b7bfa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e1bf2be135ce1a9182a2e5c31e912c9
SHA1 85922aae8a45f20cf4801a304a3a4b02a11962c2
SHA256 6b7dd4e01d5cc3af0d5b106b37d48c5f4b8e9143caeb200ededb750fb6a9d2e5
SHA512 845fa36b954d80ddc4c88ce44b3face54af8850324ef95f57f608adfcab60707be16a49fb316747680fd9cab3393d3a357b7ed1c7194458f017c95269609696a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfade7d673260d392aa37ddff860ae5d
SHA1 127a0b6bc389bb14b33bee3764924ba9efe91be9
SHA256 721862b3dc6c97e1fe461d913c07dd0fd49f9eddbb9101fe63b823253677fc84
SHA512 8ba64bd0464fa0a9153ef7651275e6d4b5e9c29bfe822936f0a45ce0b58718af2ef361e28948d7a82e5fd88223f141805abe5cf24c6ad4fe4a4cb53a6fe467dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 035b9d3bdeb4699eb9aa1598271f95f7
SHA1 8fe8edbab7902a6551c82450222b12e59c4ba811
SHA256 7a5982cbbd186c9e19c0bd372da27e829854607b7dd657ba1fd6a3dfe058f4e4
SHA512 0007c14f6ffc1d073d3097ea1ae9b768cc5656fd0a8f2e37b8e15591438529cd61540966f2d19ee8ed16883144a0204882d719e8127b5b32f4b18e4b248bb21d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d19eb86a184d53ab08ce33d421ec8ac
SHA1 36cc675a472a89ed7b26e7a52aba06186c7ef454
SHA256 144fe0a152cf513640f78fcdcd2fb125d2e115e70a0d410b2f4d736f6ac3e170
SHA512 dd67484d480d34ed15182d74dc0693cbaf1b211cd7315116dcfc49be0285f9bb00faf941d7561623920ae6ca13c6c3154af7fd9cb2bd1b522636a00cbfcc67e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4530829b5ea5a7c560f54d58b11fc57
SHA1 815f64bd149ca6e789814b592e6d25dd76b73688
SHA256 94728e0df4e2e5c5f26fda1fca59ba0fa275c6f106d185720a27ce5cf69df8ff
SHA512 06cfa1b4e09bd1adec1394216d2d326bd75d5a19a3f89357813fc3803dc2451d18a2d3adea19abd009c6d8a60546a4c2eab33cb3df8f6f9a0e48858d9d68f25d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e2f3d71d651b8c8338ca3250ef5d2c5
SHA1 df5856fb317bb2c55ef17f57d8b5db000681b071
SHA256 59237106517e9712ee20fe004f6a383867932e1f42c5c103673cecd8fa6a7e90
SHA512 992eba95444aa4a839376f7fdd0179af277fb187651440df262ebb98b5e21fe0d991dedc8ab62e718d6c781725c8e056e3a1096ef4314ebc660a127e296bad6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 502146411422984360ce0f32caca8f19
SHA1 dab3fa62896f76582d313c57d82c5611a5d991df
SHA256 0f3398010d52f9eed819747be509d8e984fb0e06bd0c87694d40d3e93e50f4da
SHA512 bb5badb5f945c7732ccecfff8ac99b11c914b296e6e131b28b88a781f005ad51a25671e2f6d4684e76b9d5b1283fbb54110482cdabd971100c4e65fb2d3c5e36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f142a59360a44b116138f0737915def5
SHA1 b8486ecd2dcfd8fb5473a28f088d270cf32834d0
SHA256 386aa2be7296b0c458946631aede1038de755dd2015f524b0b6ed0219c9b7c8c
SHA512 fa4143e6397a42119501f8e9feaef61a8cd842177553aa7a0d5a02a2e33952cef7c29c0e742afbd5f10860946cb89500487d148ba70754f4c5897f499becb62e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 457f533100e50237adb54822abb75a86
SHA1 d095972a3f278e168de91331afb2db69973d0f64
SHA256 bf813357047cf28bbab40234591184e224c68d2d5948266ae6192e2bda101ec7
SHA512 28031a5d717d180bb08e84f99f211a3565cc76116590f6176a6b75fdc2af80f03e268ab6f6c7a54dca23c664d0d4f8c0f766932bb572cf49a78e30b83634383c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7a290f9a480a315e0306f06106ebdb
SHA1 f16c489ea8129c723199f5c65abf927d7f38383b
SHA256 50ed2b47fb92af2a3b94ec9dba4257e5ed6227861000c869926a59eef0ae5229
SHA512 de43337681c5dbf6c892766090884684cf949b236605905b8548c9c6186831dd230d78ee66800bfacb50581c5073198bc4c5485d78374dfbb185230eaa35ef2b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:56

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4040 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff42724718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9739133485162461664,6677276378766137503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9739133485162461664,6677276378766137503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9739133485162461664,6677276378766137503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9739133485162461664,6677276378766137503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9739133485162461664,6677276378766137503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9739133485162461664,6677276378766137503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 sks.60fn.loan udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 ui.s.toocle.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_4040_XGXFYSQNECXQSRHZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7ceb1b1bc71d71b39b95425e2f6a091
SHA1 0c93f6b427f0535f1887a726d03b0ee7b6b48046
SHA256 ec6af8d8d340042fb9fad782c342db27bd55277a79b3818c2082f3e45fd478dd
SHA512 66931696a941d837efa53d6da44053e6b192d2ea976a3b2e603d19dab930c15fe358ce79e9c00d3616086ef9ad1bda8d76b1b55dab3a006bcb33c198a7329e59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 629000fc7dc9a5ea2455117d3efc68c4
SHA1 17f6f0c6751da0d741611b91bbd596916787faaa
SHA256 f40b30161221974af9dcdacc67200b34820d0871700b6a1f4bfda22abdc252e0
SHA512 9d45eed1eede88025826d71f68ccad85a3e0deb005d30b902168264f537a308b8dc3c70e21c449099343f0b1d2b698a49be7945d804044b41e0eef50eb482063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d3bc65fb4d119f1d9698ec53abd8419
SHA1 6dcec8ce711a47c8a60d2ab694e7c8b8811188be
SHA256 a1286a92ab306fddabc4dad4d4a9d6849dc5e03c8257b4329523e071ba0f2667
SHA512 1c59f0ca1ceb88ce7efe9e861677b8de87822c5dde883842240090b6563f0f3588595760b9573e4c99945a88e6a625fb0b7fcdb2995381f93d81977215a49b4f