Malware Analysis Report

2025-01-18 00:01

Sample ID 240603-qp8dmahc97
Target 91f2d235bca238718eda7df4c29c9a91_JaffaCakes118
SHA256 24141a0f0afed16847792d194ab1cddc1caae137cb21376c80fa4729d10a72df
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

24141a0f0afed16847792d194ab1cddc1caae137cb21376c80fa4729d10a72df

Threat Level: No (potentially) malicious behavior was detected

The file 91f2d235bca238718eda7df4c29c9a91_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:27

Reported

2024-06-03 13:29

Platform

win7-20240419-en

Max time kernel

140s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f2d235bca238718eda7df4c29c9a91_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0119E5E1-21AD-11EF-ACD5-DECBF2EBC4E5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d002cef4b9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583108" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009fa1fedaa5d2b3e7cae8d0c2e081bb51028a26180ee8ccd916924e932dfd012c000000000e8000000002000020000000154e2f7ef1205701c87e3ceced0832b0e4c11501c0c45071b68b1e5368ecdf762000000030ded42ee554b2564f25abbcae847e60541e972abd6daadc3b7d43254268ba95400000005c787984b8de9d94b98a548c5733df6d2d2ac58da1c8e5529affe0d4017ac9375b6a01b0e9994136828cd21aa7b34f8b26d01f2d0a4dea90a447512738dbc82c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000be45bec5ff70843bebd01605f83d68e4c6b77b10275ea07d8a1e648cd501278f000000000e800000000200002000000023730c97f701c6cfca419ce76eecb6c7e61a1c18bd88dc973a357f4b1fd7a0f69000000070996cac48f311e8c44d710c7c8e5455e4339b933d7f8761307b56210826a7557aa931b8b978ad4b2a99fcf9a623b6e4ae1c930421959718d5564e82ae838dbef0713e9a6fa5fba6492924e68e6d357d41a3d4a114795fb8010d748d1b62a3f574bfa43c2fd731f9cfcd9a8838b1168de242919a06ba7719cd02bd67150c0232867987231cc6b60f5e3fdf2dbc5fc06e400000002b7b3a22f394319636699a0149083d38eabf10768683001bc6372cf09dfbab2b70c742f5693c18c2268005e6ffd36b35366cdc9e987bdf2f827c80f3108b6f68 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f2d235bca238718eda7df4c29c9a91_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:992 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.limadetik.com udp
US 8.8.8.8:53 i.picasion.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 104.21.235.82:80 i.picasion.com tcp
US 104.21.235.82:80 i.picasion.com tcp
US 104.21.235.82:80 i.picasion.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
US 8.8.8.8:53 pictures.picasion.com udp
US 104.21.235.81:80 pictures.picasion.com tcp
US 104.21.235.81:80 pictures.picasion.com tcp
US 104.21.235.81:80 pictures.picasion.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
US 8.8.8.8:53 www.bollingtondropincentre.org.uk udp
GB 88.208.252.9:80 www.bollingtondropincentre.org.uk tcp
GB 88.208.252.9:80 www.bollingtondropincentre.org.uk tcp
US 8.8.8.8:53 www.bridgendcentre.org.uk udp
NL 160.153.131.203:80 www.bridgendcentre.org.uk tcp
NL 160.153.131.203:80 www.bridgendcentre.org.uk tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
NL 160.153.131.203:80 www.bridgendcentre.org.uk tcp
NL 160.153.131.203:80 www.bridgendcentre.org.uk tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\style[1].htm

MD5 1304294c0823ca486542ba408ed761e3
SHA1 b2a70fb2d810ca13985882e6981f33998823e83e
SHA256 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
SHA512 67430e967118d2b2d8a448c583bde082bf512da88eae75b0501ec5a6c2b0bf46936306317bd3ddd956c5c6e01fe0c7dbed43927588efba06c5f84d8a557f7b8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66e67a2090ad90c51659868abb665bde
SHA1 10b38d8847ca2211a9e3a337aa4a12cdd2d1fbb6
SHA256 390db138b04920af4416aeddbc4bd9a9d474dc5faf408377e067063761a40d59
SHA512 b1a954cb263e577e812f9ddf0ad8a5bc7118746ebb876ea3fb087bee2bd26970991a07a31ac209c200afcae7348c5dcfd8c34604ecd09a772befb7df7935f94d

C:\Users\Admin\AppData\Local\Temp\CabFA19.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarFA1C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarFB3A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6ed72d31609f6484b4cd6fc307dd73ce
SHA1 8023bbeed5cbd551587ac481b53582281feac23c
SHA256 1609876753b57c435fe3aa2cfcf16a5b44e90bbfcb3c316915f0959dc3642f27
SHA512 beebe932be0ac85a3eca58b6aa1542f696f77eea2ab783f69547de93c4bc59c4951cb380691a575e31bb48812e86584b26da6c7e3e137abe691c6ae1d7ff7061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f107a3da117bbb0f08a4a88729bad16c
SHA1 d52104c2e6eabd260616b53c0048ea5afe99bb98
SHA256 ea17f1e2eb4020b8bfad3b00feabb980a40bb10641b3b8e11930482ef8367b5c
SHA512 03c0c17147c29687056654452d1748c258a6707ebf3e884466ea621f6747988c34876fad925e4dc06178ce1b35197a11e92e1c52724590b15d05c77694a3a59f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41718c3b09ff54314aea126d5279eed
SHA1 8b8fcbb895ec0f2148d214f019fba9bbf1d44d7d
SHA256 a77961e0d16feb7066aa6d422b199ee0125d120bfaa5bdf560180df189f42fc0
SHA512 b1ec695ee936e15db2ebb46511557d1c6440d5443a9a056af14a403441d025526d992994ea6301319ac62e7795dc390e2429741394702a3d0af73d0e227cd23c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1420c5803d2f9a93e50288da60a80791
SHA1 a3f6f83122e5aebf61e5dd7b693407ac076a8984
SHA256 25b5dc1117c49851ea35171829f31ab417714d3eee1c9e332352ac5fa2066393
SHA512 b6d769ba522913f68c7246c91126a96de5c0dcf4b64ec162fbd2d5be7209280acddef152daac88b2b7b368ca10a09d471f765a3c98a86e652f3737f1525d9aa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94cac7a2df13a8452bbbc6e1720bc7a5
SHA1 51344849fdf0eff627b091696fc67254abe02e20
SHA256 72fc66d5a686b459ed0f90c83b7c12de86a740182bbcc14fafa9f02742b085ee
SHA512 e1802c1dccc4d7621d85cf01a7100b969354aa16b83e74dae6eed5544655646387580f52c9fa786378e9af37f532ff17b3dbad99bfeb6b5e754fbbfb909745b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fe6d76227c18908cbc1a7c1713a7923
SHA1 bf0946ae0e4d0a62c535f94fb11e7b3a060948d6
SHA256 3289eac451592c8c95c25f85a81a17a3d584f51a44315774d6eb35e542690a1a
SHA512 09381ce66fbbc9e76eab75ea1fc25d32c090edc7e30dd1ff40ff5cc05369feb7de2632b8a4a2f0b74f5e5caa83bb169491f2565ceb6128543ab43eb6cbb4a372

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 011d5886284111976a677483ec09bb7f
SHA1 e3ee350409e1aa23fcf68b0a6609c647dcb9b84e
SHA256 54d8bf034724107f5e94be06c52319e9695dcd5d5ab7f0adb4063e6079ddfa74
SHA512 bc8d680855fd2389616ae16a22d70315471926f74419bd145b2e941aef18158693c29ea51ab714cf8de9e1f2fa537ccbe4635be59f0a52c93e566b4ed3032e29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c9d3c9067ea0549ce28414dbc92c0c67
SHA1 b2cea83b1ea064b3cc54525b1ee93e922ceab465
SHA256 ede92ee60727b8c2cc42ec2db1a9903094ce473457cb977f4723594767399764
SHA512 d53466f986c21d8d76b6d717cbc5ecba7d8d764b32481b54db500762f156dc03a5925ee86c470990b14dfe9673b4cccf0b042f3d331dd3e65c2f6546d811bc75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b898cadce49d3021fc250a04b8195ac
SHA1 dd6f9192ae11103884eac9db25b5c4b49d1a280d
SHA256 162c30137f28c266393bf42ed2a5719df01e766965c240e4b50984a439a7d2ef
SHA512 f53e5dc59fab7648092e5cb5afbff06cd37b21af2c092f89b0359544214a8353ac5056df54c46404a568cb0859092c2302f25b0dcc60982055abdd1007a67d82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44dd3ff81eedeb841e73606d3b7ce56a
SHA1 4bf118d9ab5a38a1f5c58880ab6ef03051785453
SHA256 e69ed8b99acff00522af9358f71ddd0fd914fdc56d16a90ff083876a59ade2a1
SHA512 d00805b8e86cbd7971b614c983f572b1ac1d0313d968efd52f1cc25ed757944b4864743a7914636dc53646800ab63118d000054720ce9cc7c8391c2d03687448

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3977bad31d6a464c5449371de9970fff
SHA1 b851dccaff19b7890a6d0b9be23af9f013a339f1
SHA256 71db92c86b09b652a06203c99179185d6a5498f0f84e8c14e0529b4b8d994a48
SHA512 8c989a84d877edde95568a33510e54e30fb665a2b214f68a8560a8875101b0e0ab15bd02420cafab4266ce7ae93ee95df15f7ca28c8d7950fd3da2e037d20d7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24b4375641a658e6c069a492a505c515
SHA1 1d9eeefc0debbafc8b7bd6515396c84bbfba0bac
SHA256 a4ef2dd10abbc289b978c534a22848b4bd9117a17a1c8867f288fd8310f3fe3a
SHA512 2e5dced5864b2120a5848e7057fbd1205214f107ee1547f9497f6c5d763484a789e457cae328de39b22da2a3c5a0379968566ac96b579f9f95120120e6721a73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23bec98343bd79cf1949ec0f63df09f7
SHA1 356709047e434785282d9c7482d4c956f9ffcc59
SHA256 20c8d5184f840b5af3c554a8e149e5a8836d22d32a69f42d489f8bd81dca6c0b
SHA512 34d5a98435e2685212fdf00b15ab004b9b4937cf22e905628a8d4c3d4d4cb168be69c627307f3eceda5e60cde78cdcd3875c63c6f555d4d06def6b69d7bea180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76958792eae6cf30bc2a8f9380cabefc
SHA1 ac5b12d0ecb8fd5949c3851bf7bac5eab3e44281
SHA256 607e7b6147e3966c237840c0ba03e0fbb9fca70f4af2d055e24a64606256e9d2
SHA512 d9cc51d2b983215db8fd80e065f19103968a4fa805cbac19ecbe74e7090e27eb36b3abfd863bc453d0a5ba170701c73ced4275477327bb3ac430da6337e64456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff65502b8f47786cfda5ae1e1ec5b9fd
SHA1 ee5866317a2c59b4a3cf45891839d45dc6b7ae7d
SHA256 593874aa9f9f827de7fbbd8d80782ef8f05d577857a799977abb364d96f04a61
SHA512 8632930f0a56e4e11537d342cee2bd2cdbbebd7103befb9f9b03c83cf62840eed4ee90b18c941f2cbd61d1b3c48515f5616efc2a71c0d2c9f8d912470b0925ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cc9a77124b1ed3d4b61292d0354a0de
SHA1 304ba7e9d6ec9298207484a4393959d138854d98
SHA256 a3ddb00a929bb79e2cc8d571a8fd0b7cf37d8798b1df7e4b43d126305b7f46aa
SHA512 fe6c8a2a372a99cf2b1243c209966aa5df59b171965af12075311966da31748f7af3f2fca198f671c3d3c2cecc7615bb6192267ab517c7001bb3b04861d87060

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac90160eaadfe46844152841f6886d9c
SHA1 ee174b2e0123fe3252f209f858d6fe6c2ab083f9
SHA256 a72014eb03adce730edb0505367f9432fa8f0c5a4b6201409968e4d66fececa9
SHA512 8a5914b2f21b6712948a44e9c47fbb172a41d231f6a52fa53ae8c4028e7c498768b03a4322b854a726a43c5387dd6cb1a1d0d1b494cae3effff7c578c23a7957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1ec129644f2f714df1c76cf73f25d84
SHA1 4979e3d16d822f7bd5d0e4bad6d1f41980ce6014
SHA256 fc3276228dc8811470c7d7e22876fcd941546d7593d7be66b88278685019cb9d
SHA512 24d8220df9bab8f00280584ce71757de7bd780a722c4df4c2644eba8792e6dbc5266254681e619c47d62f69181df11797e666d31e9c09b37663e93becd41dc51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7927c91a3d9173e4a5dde1866b5f6ce0
SHA1 e0594048784b98b501ead56011baaac6af94167e
SHA256 d8c65c74f9ffcd822622e2fbe292df080317bbd5e2574845e94830900cc16b1e
SHA512 097e7762ba489db162da7de9d7fbd03d01fcd1c031f17e115893857efd88951156ebf8b1210346329fd7292e758519def1261233e3248d72c9799bc9255644e9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:27

Reported

2024-06-03 13:29

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f2d235bca238718eda7df4c29c9a91_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3620 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f2d235bca238718eda7df4c29c9a91_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ff746f8,0x7ffe1ff74708,0x7ffe1ff74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.limadetik.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 i.picasion.com udp
US 104.21.235.81:80 i.picasion.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
ID 203.175.8.82:80 www.limadetik.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 pictures.picasion.com udp
US 104.21.235.81:80 pictures.picasion.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.235.21.104.in-addr.arpa udp
ID 203.175.8.82:443 www.limadetik.com tcp
ID 203.175.8.82:443 www.limadetik.com tcp
US 8.8.8.8:53 82.8.175.203.in-addr.arpa udp
US 8.8.8.8:53 limadetik.com udp
N/A 224.0.0.251:5353 udp
ID 203.175.8.82:443 limadetik.com udp
US 8.8.8.8:53 www.bollingtondropincentre.org.uk udp
GB 88.208.252.9:80 www.bollingtondropincentre.org.uk tcp
US 8.8.8.8:53 www.bridgendcentre.org.uk udp
NL 160.153.131.203:80 www.bridgendcentre.org.uk tcp
US 8.8.8.8:53 9.252.208.88.in-addr.arpa udp
NL 160.153.131.203:80 www.bridgendcentre.org.uk tcp
ID 203.175.8.82:80 limadetik.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
ID 203.175.8.82:80 limadetik.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 104.21.235.81:80 pictures.picasion.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
ID 203.175.8.82:80 limadetik.com tcp
US 104.21.235.81:80 pictures.picasion.com tcp
US 104.21.235.81:80 pictures.picasion.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_3620_JIRXBNFLVURGHIIW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 065d3aa9682a9218d26b3199fc23bb74
SHA1 6ea48a0908f856c4cb37fd213a19d0783a348958
SHA256 9718b46257d05c2f7ffe1a8a3cdf45479b54e4b8191a5e3e4c9665c821026ae5
SHA512 33b633b953f365c2dbf6734bc25a29b1516d097dd27c6f22551191a8a40faeddcde2d92075480f1ccdc253f437e6cea203da16a592cd488ed3614905bd60f5fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ffc01001889df0609e1d7b62cb81936d
SHA1 dd9d52b55aeb738ca2aaba23fda29664d75d28e5
SHA256 0d32f2b5716aaf84a48fe77308bb71085e4cb83ad21a2c58d6506827fda369d8
SHA512 1e228f3ac33dae0eef0f9a87f9671e6513e0f7e75fb3bb8571d32ec188eb5466accef9fbe1bede98cfc51fbfb8e3617f65ab072b3e058e43dfd9d7e507f0275a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 110b9d3ceb946b22454ed4b34c18dc23
SHA1 873007af37c8c44c0be5637e85db243f2dfa1629
SHA256 517ec3b6dd100fd40ecf6ec9e08796be7c6514d562422c52b0752f2a85d8f123
SHA512 a34038973912c46543f909ffc3fdc5d8fedf7ab19410b729aca4e7d0dc8b8bb1418daf162f9c9fa8b2a815206d0d01ef8eeb8bdb8a8a38fd2b84779f7699c614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3876e0d764830f06fbb5ce81a6d8c8c
SHA1 565814ff29dcf60f213d40b249ea93d73d90306d
SHA256 ee8de0ae55fd34fcdcc3c40b8a97896b6bd09f7d1100019f9d1f589d69f58548
SHA512 039168a37f2601e363e130b5f8a02ac89dd515de8cbbd987eb1b9b8b096fdafb22e7f32a57a09bcae5a78cde4948186caf11438250da0373305546da0a18ea6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4940bbef016d1af5e556dfb81880beee
SHA1 de68680f84be968f0d4950ca0d145ca5d4c31a87
SHA256 514c6d3e2db0f7e20b498a460bafbd066c70f6adf83b23488b3a190fbf23e660
SHA512 d1dcd2945b0bb831ff873756eeb3f0378c8a564e151024e251af4a222744e69a30546a4576682eabbbf6474f0c1833a9c392ec23bfa4f2d83f030fae95f3b7ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 122bb0167325eff28c6fbf0e1952f0e8
SHA1 7b3ba44f80f6e669efe1dbfd9f2cf7bd4a03c495
SHA256 fa9f982dbeb27108d0a038f2041e0be92d7b76b021195bf5adcf47c735897df6
SHA512 9535e8331dc9b2b319304fead18d8be68750cfa8d4017d37ee21fb62ce89696aa66ff0b861fc6f53254c68b081850b164848795e40ee25f414f9e975db1783d5