Malware Analysis Report

2025-01-17 22:48

Sample ID 240603-qr44zsga6z
Target 91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118
SHA256 04a62484f57f18f1b997feee86f230a20287a18a31af9b346fb82cdbf4bbd1c0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

04a62484f57f18f1b997feee86f230a20287a18a31af9b346fb82cdbf4bbd1c0

Threat Level: No (potentially) malicious behavior was detected

The file 91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:30

Reported

2024-06-03 13:33

Platform

win7-20240419-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000000a98338ae23e6ef48b0f9a0f73bdb185ea20fd8ffd78c541fe8f8be8ecae6280000000000e800000000200002000000060e771d91591cef6d4a3f7c03afe569a30f56e10d60f58715496427dfd64083c2000000010461ddb40428b4d665ba720ccb95cd5f49075631f58c4ee2100a62b680e4a0140000000e06b6c06e34d27031ce18615bde40cc1a37a240693e50c904a296921ba6467d6e1dd5af63d360e7e3110c16f28d48f5386447f22efc9229229f3824952c1ad3f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b8a064bab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{771B3FA1-21AD-11EF-BBEC-C662D38FA52F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583306" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000008564367350b260ebc103cb1100f44dd8f79606832a90d3c920c68a0d5d18379f000000000e800000000200002000000082aee98fded42959e30d60b9256c23283e04bcb9a2ee4951a6565c8a41c5f1f3900000008f79cea8f3a84998e62abbf0371fc808cc2f4afb547aee1420c050fa68725d02243cbeb57d19dc5d51762f98a472f9a633d1abb863da5c3d0784e31576b01214583f91ba4e4eadec24d57b94859bac63c0e561f7199cbeafc34b385de381f192c98ea4e38841b9ce445cba29e86931c6bd3fb58f0aab14aedae65ac5d7c37267070f90e29f5f2f8fe13f2706240634f940000000866140a3fbc6c805ca1e4b9e35523fc04595b46504c6d6ab75f2607216dd9919b3a2f6f161870cb1ef5da6c92a98677ef4aeb6b03eba33b049a12c7436e06ab9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 noklips.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 uc-portaller.ru udp
US 8.8.8.8:53 1319952915.uid.me udp
RU 195.216.243.149:443 1319952915.uid.me tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
RU 195.216.243.149:443 1319952915.uid.me tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 uc-portaller.ru udp
RU 195.216.243.149:443 1319952915.uid.me tcp
RU 195.216.243.149:443 1319952915.uid.me tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1B11.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Cab1BA0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1BC6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 854bd4f328a278fad43c0ce4b6789651
SHA1 44096887946686ed47d7287f27b398a9acaeede4
SHA256 8b391835778d251d82a1731ecca969151ed5325a5054b85b792c364606f2ad38
SHA512 012108d0635d92ce7a41c366428ff120eef2ec93698bc7d29adc6f1b88f38c29eb819c02ee75646ebaf2022d8ac57b60bb99d7067c3efee317105fa52fe6f137

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31e58253ade87df6e4577aa1aa48b637
SHA1 44a36e7b547a5b7574bf507e13946cfc3264435a
SHA256 53df1a9aa8fc170159a962cafca37bb6f7f36bd97f5b6df9dad54308ed9b1ef7
SHA512 d9034d1206e9958449426868236323b64247bc4c6beadbb12e5bbc809380c20812f989cf48a061938d81f9b950f5fcaf1ff8de8bf5cdd35beecd33f47f96a4f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36312863d02ba7986144efd2bea7d8c3
SHA1 c9a3b0e0c0e065f5fc2cde45b5c333652bd6a915
SHA256 7dd91c1a43ac797cc6960d623972fed4218e6ff6e964badd1026fae021e42b1d
SHA512 5d98f48cc997d169a50f91ee89d8e5dfd03928997d6f83ffdcada90b493f40635969948aa746e1920b582542821d2b219ae26be13a23d8d25f33585083cf7a34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58c18e11a7abfa07312dd0724a695ab2
SHA1 e9750e05ea31efc584a1d4ccba54060a602176aa
SHA256 51dfe65ec1a19c76b32cd6910434df1b10d19154c016054da1d1abc0458844ea
SHA512 4212f9619582ec8d89c4ca04a08d05eb5726af7580f4824cdc6db481e185bff7275a7082ee839910062bfbbf4fdef01e795acdb91269e9be0c7b5e54bc47d15f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c87b4ce0201fb97561d52e2ab656e8be
SHA1 54ec72c969b2f9831c1a4205ae5b7eab49ab6971
SHA256 afa01c2ac41a2ceb383b73b829348b568f51777498754098759bcfa672cd9a2c
SHA512 5fd7078fec6a74b0b2251bfaf873bd493e6ae16b68187c29d8e5064f1ef7c9dabfe04b583d6d4dac77dd38f0915e6eb7f7209d1b8a8e552d89c7442a8a9f3b3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 763b9c6b37ae4cf37f5f3c7a6080f8b6
SHA1 e15ef8cd3bce55110b91fced89810c0b76290245
SHA256 f6a645aff86049d4b17657851ba5401ee014081c5532692b38b7be0ed42f520c
SHA512 d436770f5457b9c55e2325c6d448ae2c6dc983e757c16017a686280ac76f3a0989737483e0461fb9914343f949e5dbae6e5b119473d514090832d8eabd091e8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 d52eb8a556e6a32dbdb05766f58c7db0
SHA1 f7ae6dd63f65db9c549fd9d3730b33c1249604bb
SHA256 191c1c5c00bec59092ef7e3b927fbbe9cbe4397b5e86b698fbe50b1e2477cd8c
SHA512 b3fce16cccfe87cc827175561ddc382db0d1a57f3de8020a59f8dc370c9066a85be5345e225e73d634a15c11a89b14ea841fc98cccaafbea16bf39c2a1ccdf31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acd25a6dedcfaa1a631069729ea04135
SHA1 1369a9f0867686e097135bb8ea8b14b6ddbfcabd
SHA256 91a3d7e8d2dee93db053ed373e537c200e628bdb01e7a6a4d7a1236dc743f781
SHA512 e486533c60f1d370539b1f68b97dd12f0beadf4571629b8203a26f9ffcea32017620a2d534ce77d077db69d31b4439021b1272409012283602ebe3d886fe3d75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b926592d30d0d4b8720778d3b307a5d8
SHA1 87d84e9b321cb85a9e1cb3ed934fbaf769240b84
SHA256 f3229518e4c20126bebf80749fc420ad4e924b8b985473ef6933fbadebf44dd6
SHA512 281beabccc9ccdb4a1432c2e3462885595deb444203d44f2cf4638c1157f1c09a28590501b9bec6a22af870cf44f39071283965146aa39b0269ae91aa42a367c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf3285b945e27b962363bfd431a0e02d
SHA1 83c8d986567f5ef163caf0355416ab1ea1a1f2be
SHA256 69c36fa6391bb1835ec7af94461af075ea058057967096d26ed69a96657e1b6c
SHA512 7ccd60f56cc3ab50054798a6e0c981933ee906a09093b2c321ebc9498c016ae714c58f827d0caa9cc6f0426eda1db5f4b3bf7352e33084cbacd365bfe0131ed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de4154b4232475160ef25d199c27ba00
SHA1 7311712e2cbaaee116e1805883f39e2941099ed5
SHA256 7f882b6aaf8fb03fdf7cb0b9ceb487d259ea9f1356bcd7720e4d02c880bbe76a
SHA512 9ac1962033512f339d2040e7c475eaaf4eb1697c34cae9c744019bbe0334ee3847a34faf2dd448f637609a71b5abb399a75c2f63dfcbf743789a64af4fb457ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1edf1fef1cb418f737e2dcaba19e31b7
SHA1 d3b80f71ab5583cc89f26867bd9806b4d6b774ac
SHA256 76fc70805211349c60b80ab177db5e23e38b6b84241cb0964ac160b178224ada
SHA512 8a78de5407188e11d74c2301b53b7ac64e423939bf025b30d1be918580d2cd5837152424bdaad232e1527180d6e13bd6b56ea0411a3806b8fcbd72d93be27999

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b5f1637554e582de11e4936f094e4e5
SHA1 09a461fbe043bf335e768f353120306f52454543
SHA256 ca5483246b85ed42cce6f0554f50a5b0eb0f60a62eb7036ebadb4ab49ae4c815
SHA512 a3c38dbd9c99bfc76daa92f56bf520539f44b5a3c415886623a57ac8cdf040aab146409323139d8e498fb3cd3655b1b87d98d0a624bb22547628b0ffd018cddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 881730b5ac9dc68b838c65f1cad4fc2a
SHA1 6c66d33240abd4ae7f62d360f4fcef1455b7218d
SHA256 db4180951257b482d368cdf0de2a14da659c22071880c9bcf34fbc119741c5d8
SHA512 c169484d8442ef2946c88939616e6f4d79da05c7dae6076aedaaf284f71329f8b3bad6062e89938522bfbe2593c37711deb74d27c747b86177f1e1ca1de8ddef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4b9db204cf08828e5ec0e4604c3338c
SHA1 a4f29f057cdc5ac358748cdd713ca4a11a611614
SHA256 bc56e40789f9cfbb668019eec348d98db4ae955ec8550b7bac223d58ab8a0b29
SHA512 e674f61e53613cd2ae61d07c53d725b4f7579c04d47564bf9b15d17d4870d9144ac0ba3f60eaee554a47172bf9b3805905cd588929c2843b49698d95db8ff67c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbab8c5ee1ac643ab340dca2e4083a16
SHA1 ae92ded5b2ec33c08cd97956a3626207dc900860
SHA256 9bf74a9ff9a715f6739364df90092273cf165dd52dcc0b8685f9f30fd49ea97f
SHA512 dcb0418d78e4e39f7fcc6519482a7999c0286611efec0cb81c461d5a41f9c88f6d3120742dea11e806c715f29504fae9c722577973e93b7960fb4fcfaf306ba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d5cce90eb726d43628bdc92bfe92f34
SHA1 fbb1e9574b6a8924cd0482c1ca0b13fca1373008
SHA256 7def5a908f18336abcff10ac9764a574abf9901a0eb2aaa2fc3c8262cb42d8b9
SHA512 507daa2c8f51582640160976cd9e2e55a1df100311acecb082c7a5bd12eac96cb0e185d29f0b65da506684ecf98b21d4405cbbb1696e888dd73b4251f90a833f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd65ff09a1e213bb3da629df2a68d742
SHA1 2aa4b1746f0e591fd8cfe175bce8504683073b7a
SHA256 9b5032435376954d05a14fc825e86260cb71a119c90bf4128b8956a6c92e6f1a
SHA512 0b92ac701810a75ca067b050deba13251c2708e5922a222d9b7b062c0b437ec01e696f202d1b199379fbd58c64b4a24a2a4598917fc1867d735d0172028360ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b8099e8f8019fc0a906cce700f18f62
SHA1 6749964a86281ef9cdd7f9f7d9a775dd0e16be60
SHA256 60a9d7e1589f3fa7b28f749a408f0364b2a2a17994d4a862df10c6252d86bc9f
SHA512 159c064d6cdad609f20e5715ef133016a14159f9be09eea0cac0d0fd680fc7877800e7295e5239ec065ba01ed08b94d2bdefbace6138597cc82a2a3cd600f080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fad21bb91019f5a5f581d4cbef9f512
SHA1 a565f14bb90c12de67c6b1197b2ef6429b85767d
SHA256 7b8b5fb132976ac66f6f5d231c1848e60cce9f5416c890c81a5952c00f4ff07e
SHA512 6dd62e1574e2d6a48109a36018b197ec32d8571c1170231be5a28c32b28a56baca33aa8eb2790b55523c9101c4870b3a63217da963d3a715c73233ff4ffa6ad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d516405752b025b762b2a9d11fea4d23
SHA1 b42483043e26ef683e851e309d3027b14f8a5b42
SHA256 72c1cbae6da9628b44dfb9c38f220f4eab5be60b0e0875527701448f42cdb66b
SHA512 af6ebd987b3972b763ea887e9dbd15001266a0766770e32e72030998fc414b85201d458e333d03e7755639af7d288499d13cf6cb3aa6dce2c91db9a9230fed73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60acfd82c4ca0f473f857112fcd039a7
SHA1 0e4c196f81991c55021ff53dcf1bcc592bd9cbb3
SHA256 a44b915d0ed0053926ffaf05876aa70bf33298c81cf8d7248db54dadd86357d6
SHA512 0c2e5ab1102ed72bc830574c9eedd54b570b71e7c54c44a5171ef8986f96ee9053b1416c943573274837bb946425a960f5fe792938d9d39eda2819e5bbd5cfd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20151292791b0a40e6a9e8b9b83ab3b7
SHA1 681ffde93d66c5009e1718b7cd95c9e88223f754
SHA256 e839f4169a5da898edee5360c02c27e33622cd4101a18e6ad40d5dd2eff20841
SHA512 c4f4fb2a140f228e5e5904ae80a729d7b73ed466dfe7ad76bed88ff49a7c0f50a77bd674ff4a804c42b20cc3202aafa266996558959b8f2bc9eb945edf19e8f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e96c315ad4a9a58d456d33356f5ccbb
SHA1 0cca6c5f7395d46c92911c0ab47780d45e866477
SHA256 d6d466c4956a1eee63388aee05ea7c60bd5c1cc194d5935b0af97b745b51d927
SHA512 6e87326ceef2fef2dbfe54e25d89731333ea2ee7160e0adc825911b75b0ba91727f84f43bc3cbc34ac546b6b60dac3f4285a2dd63692e8b5231208acba2d022a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d77b254fbcd6ba3fbadce6727ffcea0d
SHA1 66f65a3c93cbcdd2fb20b0b3977db0e027dbd69d
SHA256 329dafab2f56850164460ada2a437244a9e6ea3fe84a3ecf6dd21327bf81c28f
SHA512 ef86209cf092f2f21ee39d1861bdd024b4748a64e2ea92ada82a9321f9cc04ed2f3987960f26fef96b8ef8cee95966d55d71f4cd020aa616842e1d532a57ce34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 777755a17250fd1c9cd431a859398c8e
SHA1 d2c99116557ccea1747c39fa5d1487d37fa1d9fd
SHA256 07f054561daebe422871ac616292b27e136ef42737319392c2c4bc2446ff5b60
SHA512 e9932dfadc3bfe6ca02ffe21950b09ab709283c08230158e93cf9622a09f2f2eea2873b9b10e88df07b410986a171e89b6c468992478ccbccb9278cfd6bf23c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 241cb643e27839aa7c9ea662510bdfce
SHA1 5dd4d1706e138bca4014368d8219a9b3a36f9fed
SHA256 f77d6ae91f2c84dc3c7dcd12842fccc9c2f134276d016df99d3b6626e0985098
SHA512 1aade93d9489f65bb34fd02e4285e0848d96aa8867ebfda0dac8a2ed9fbe38da75f2a78d85cf690631b8189bf62f2dbfd38f1c5d7c3c64214d018df8e42e440d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a3f324dbf7c3ae6facb57d516113374
SHA1 f993d635e890099026172daafc3c4b389407524e
SHA256 2d827403d20e099f4f8f709b6821999ee2a4280a3352b61541163945299816ce
SHA512 ffffac152463596a0bcd5cfcc368b30136770eac1c702d8cab5242f29a50b29e13d1d2d59e8088e1cf3023b5e882b9fc903b1b67fc3798ed380b462856b2f5e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 886bd03a2122e6cbb2005b68de88919a
SHA1 1e1997440b3291909f25c706f5b18480226b228f
SHA256 0fae5d831802531618f3f2c908cc37bf0735a93e85a530a75236cd2272aa4ba4
SHA512 0c9755ee3de1236fd320683f6709b23fb70e288e97956137ff54cbdc13b89fbade8779301ec29a62b7383c4537a3471e2aa3e05b1a90c77b5879d0fefae5e413

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95eea67043d399ed56df0bbd53a169d6
SHA1 d11000772167ce370f75de0eac0f86fb2317b0f4
SHA256 aa17336b07223421bc989ac9f914c9bf93f2ffb3f91a63e2ccde54620bb66a79
SHA512 80648720a9aa65c6dd9958a6eaabcadbdae6dd3d493cb984d981a083e522b85a5cd159748f715f2a639390e1dfc97a73d1bab53bfcbb72fea4a1fc9d97654728

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee3fcb558eaffb2276272186320984e5
SHA1 9c7a0988dcb35586c7fc7f9cc944e650d45cedc0
SHA256 e71578b99ecbb8a176fb1f0acd66a06a44173e77ea980c3c5aaa02a0bf15ca95
SHA512 0b69ce59ce5b95881d9805e77c84e54e6c275712a16bb37ac9e950b42976082e589fd6cbbfd8bbbf41e7c548898b66a01ba13be767adfd8605fd1a55bd38c0ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94287acda1e8ba384406ec693495353b
SHA1 f191f946c56d0921151d6bfbe9960b8303f82c03
SHA256 50ff5798db68cfa0efbda58f18efbe7ff0b13d51271be33954772f780e4a29e4
SHA512 da19570808ab9364fcb77cda180b38fe4375ea3857f6322f6ebb00c709253fdbc0ed27392f61466aa5d827841cb73935bc87996a582447881ae8f2c4ea8a33eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1df3b3447381f741674b807b3989b95e
SHA1 4723982abe64b2f93d1741acb6a6e5c4bf21e5ab
SHA256 e97a0d2cb6ecf77142ee07467a0d986e352b0c8b2556a74c3da49175abc422e2
SHA512 b8c15d55daac76c79ebbd44c3bd429d19378ab2476daca8fffcb6e0dfcb774052d17a84105d843bcaa46c9e5925595637429378d2d8de2cad378968ea2cc2a3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9ee20b6648037101c09cdc47a5126e0
SHA1 431afd263823a282b09729872805324f593fef6c
SHA256 f669c90299243efede9df0fe1fd5ca06be65aef59897f92cd7a0f91e22d86f5d
SHA512 483583432d6f50fe8854a0a82b7e2095c05bce690518326be6c37319cc8506dadd82070826afb656ef3c1c41ef1c7e6a69020066c1cb5d5c5345914e54f1139e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c92eba58a794887d0d5ca3f82544151e
SHA1 fb4039f3a0539fb9f14920bba31e5bc8a538fe95
SHA256 899a82ca837a77d04c28334ea7806a42a165fe01bd25d8f591eed57a1745751d
SHA512 34599a143fbc91c5d087c6376208c038c2b96df8e3d9d422e6fb2d2a71781a7eb97336f739c70b5011927a6299bcfc5d0ae49240ddfdc38dac09f6652dc38831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6be4ee34a3cb361cf682b1c547488761
SHA1 f2d8144e54ba552afa6c56036d8834578f84b20e
SHA256 ba287d96e1dc6cfacc7a84837b2f31c0b65e10a4e2ad0f317b3e30fb84c45cd1
SHA512 2b0be9eb6fda034d2a8ddcde54ba9cd9540fab6f891386a2cdd43b8e27e7763cde70e93704f9aa170c32b18c556ac3a8bfc4b76a6b38561db5c64ad9571118b2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:30

Reported

2024-06-03 13:33

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1616 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 noklips.net udp
US 8.8.8.8:53 s97.ucoz.net udp
RU 185.129.102.190:445 s97.ucoz.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 uc-portaller.ru udp
US 8.8.8.8:53 1319952915.uid.me udp
RU 195.216.243.149:443 1319952915.uid.me tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
RU 195.216.243.149:443 1319952915.uid.me tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 s97.ucoz.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.202.52:445 counter.yadro.ru tcp
RU 88.212.201.204:445 counter.yadro.ru tcp
RU 88.212.201.198:445 counter.yadro.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 recreativ.ru udp
US 8.8.8.8:53 jsc.marketgid.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 172.67.141.144:445 jsc.marketgid.com tcp
US 8.8.8.8:53 jsc.marketgid.com udp
US 104.21.46.191:445 jsc.marketgid.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 104.21.46.191:139 jsc.marketgid.com tcp
US 8.8.8.8:53 franecki.net udp
NL 89.149.200.234:445 franecki.net tcp
US 8.8.8.8:53 franecki.net udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
NL 89.149.200.234:8041 franecki.net tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_1616_OIGDYGWDDBWMODJB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f824851eae1f6c46a4d54196fb0cb0cf
SHA1 5c3725fdd7eda584caffdd5337e9766f387e89f9
SHA256 02788bd38079d352be0b6b53c0ebb9d0b951654e7f574dd1315f1e66ebf2ffcd
SHA512 d840679a39ee3eac9053931ec92e9041589f670d01bec00ba625ec4ff293037ecec497eca61a203515923d0acb0db347473adc10c09f31f733f036f05d1459e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4ed374124f40021a30446e60d185067
SHA1 916e570a20ab830819c9920adb9b64aa8b4f79a0
SHA256 6ddda86ddd1a833eae530c968b0b134a0964799089031a050a0339cbf1ea237b
SHA512 517c217f2e5fa7b31420a701ff6a10839470017bf17c2aa813e92332199fd74c4ee97e40ace94a4e10a65b23fb837f5d000eb67bdee904911ea1ed945f91d283

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2065a0d8caed496e50c58a0516f800d0
SHA1 56c8a1425555db48c6a622c423bad68f0d4ad322
SHA256 ff6414eeb4c689361177ddc92f3710d9a46abba1ca7c71fc3c0fd0ccb0e622e2
SHA512 81b9b49455bd5d9c78b7e780ad083e0a0393fc02103051c909fb31583710e737aa8d65c5e09deea623a03538777a3067145a8ac5948f22f16b9af08f194ec5e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ccf3fa9544bc5fcca4634e576dc21d32
SHA1 9242b52fc851fad6f76baf43866f85f48223094f
SHA256 008954e1761516158ee6966ab8096a6b59d327941aec9e078e648f0d6b758f9c
SHA512 acdbaea166e9d5dbdb1ee3c87a80869e49ef43a213c3b058e40964e716c95e0a52fe247116152a4a3e5ac4dea614ecc70747fb630b69d30844b0f3aa63e80316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6717a44fb4925ab7012640aed9f08019
SHA1 5b8a95ce555bdfb33fccbcd8ffc4cb20d101ee64
SHA256 ae4fc72112e3f8ef7a02150345aa418ce5b179dd38597b617a4f6b46452ae062
SHA512 b9c501c168b9574b9d0c68fd4b80553f818b544e172dc0c65f692d5c0b37283df84700e317d81d5fb346d09157eca483745ff557411af1aeba1d8999e086e42b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389