Malware Analysis Report

2025-01-17 21:24

Sample ID 240603-qtpr3she46
Target 91f736b65b502d4a73d7d28bd4f227ad_JaffaCakes118
SHA256 860d511a13f98ccb750c80ca68c78b6d1833df48fd4a7cce523b1951b8334871
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

860d511a13f98ccb750c80ca68c78b6d1833df48fd4a7cce523b1951b8334871

Threat Level: No (potentially) malicious behavior was detected

The file 91f736b65b502d4a73d7d28bd4f227ad_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:33

Reported

2024-06-03 13:35

Platform

win7-20240508-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f736b65b502d4a73d7d28bd4f227ad_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d038c8afbab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000001c97a5188fcc369412a5b199cf6cc3430c5fa0914c60978a5adf30ef5eec0057000000000e8000000002000020000000f2ed1f87dda990739c2b3cd61dade90e6de965e35f592a76f0a926f4e8ea651b20000000d32e826fb0eb7aa93ab5efc68d631869065df57a1c718a392956aca9b4b4d450400000006b6cd3a4a1fed005bb1c2cc9ee4c48152ecd8e7db9aafd67493796d612a0b21e62e6191204a786a7ef0cbdb1169a89b8e9c1146a5d9493e9c3c33b67c23179d0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000820dec9afa813889603b2d97c3521480e0b774a54ea4c3fd39e7bf2b7c87c2d6000000000e8000000002000020000000764576349c0466730a0978877b948e40ee80bf50abc80a6b81b8f34dec28768690000000d88d9e95829df2a72f02904e3e9bbaa23fa0b5cd2e678f734a3cfe0f380e8e1a7b239b99679250f1901c48a506b57e77a3db246df2e0c058795807d959fd14bf7656c797c208c479cf361260e6c917d8fbab1da102adb623f994005588b5dd6c5778747ff59c29c76c9147b30b316bdc3613f59bf7d84d825045f2eacc579aeb05aadf3d68b84433b0e7310c74802b5d40000000c7567c47cae118d1451857a941ede3bc375b993b5a8b9467a1ba64b35d2cee64a370a4bd5e6d2aa32be1671da7673b9bc73dd78aa5a46ae5ad86c1f19b7fbb7d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583471" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA11C071-21AD-11EF-BA3C-D684AC6A5058} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f736b65b502d4a73d7d28bd4f227ad_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 indonesiasoftware.com udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.18.71:80 s10.histats.com tcp
US 104.20.18.71:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.27:443 s4.histats.com tcp
CA 149.56.240.27:443 s4.histats.com tcp
SG 128.199.244.24:80 indonesiasoftware.com tcp
SG 128.199.244.24:80 indonesiasoftware.com tcp
CA 149.56.240.27:443 s4.histats.com tcp
CA 149.56.240.27:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 76369ee808cba132fb35dd2953aef2ac
SHA1 5aae992dfcd78b07841751c08d97a0b1054bec96
SHA256 28390e57c7e0b7c170c8ced7b71ed1a34d5ea31ddb4ab8cca3577ebb77e77483
SHA512 bebba2ecec4aa60a4bb42ff0c895c5eb8c2246238dfe46d63327321c7db57e5b84ef8255267e81c79c4bf736218ade3dc87c2d5c8bc2e012eba859c679da90fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5410eed16d90ad5ee6f4b2ce5d42db96
SHA1 ca292da56838a6326d172e04518562d112627606
SHA256 b305fd04ba9117c7557a33f3dfd280b0ea1ab39c7a9534964513f4a991dcdcc9
SHA512 2b931d80ebb7ab743069565c7dd67f6a10b58a88bcc43523b3eaa897cd5728a440c112427f6edae3e1a5cf2ca66a39a6b1d8edc7ffad9fb72a29de74f3adbe5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 65922f42302c18f405e90efb34ba6664
SHA1 077f1ee7e60e3bfc1fcd036a9b2c5dfccb612af7
SHA256 eb666bb7b8d7d8af6be2d8a813fbc67aa6a0d439cbed37e64a771eefe53d78c4
SHA512 9ca5e8b461877561cd42247841453e02474ebec52dbd076a57ca44151752a8a56d8f68e2b8458544a0969af034525f907e1138a9f03ab0e3d108b9c94634781a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 05c1695ba361c09529831ca20d52e571
SHA1 4d4e8a5bf8d0ab2980584f2d202a4a527a8470d0
SHA256 6c77d007067c16b1c51859caa169318ee94ccd20ba4d35ed51810d4a9050f9ca
SHA512 57d1a0a259ddc0dc55c33d681677230ff277fda4ea0329f5b2e7f2e8ca4c4dd67748be2a0adf769adcbedd7a2e6c2111261222e0e42de63c21e2dfbbe6db39b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9

MD5 4bdb17ceee8da5697f5c5ed16f370153
SHA1 f5f0a0e90741261f6f6fc80c6ba61c19479f0a7c
SHA256 9bbc34c7a76cbef17a514873d2cab4f7fbd75b48a222160293cff960bbe873e7
SHA512 c4f83220ee36b37d55b88bcf55251fc49174f391d7a94b96cb17aa28a44aa869521d2d4fce79a0874b33aca78389350e698b1bee5213866c281f59182da55144

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 5a3616a24ca6aa5eff31eb2103e07d24
SHA1 e79999e73c9197e134a5e7a6a104e2c24604d2c0
SHA256 754e92510e61b9b1b27ddad97f47d77759dfd4a08f0fe3b6d37c660b49ebc450
SHA512 9f446406ba521bb5ead1170e4cfe42dec25f63a5b46ad565a901bf59fa289aa4886ca6885cc4b077409d111a1993a40d60619cf4f7f0d28c9fc7d794401865fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9

MD5 d15af181df28a93d3dd0ec8748e1fd4a
SHA1 a3f4ca80c6c94c21fba95801b8171186374fe808
SHA256 897c589d175c21601455adee18069f1ff0b0701b57d11a3f3fc1b13c2f9bea6a
SHA512 5dd966491348ba2d0095e208233340e0638421f0314363534e8e97dc1688dfef943c6185b47e52133d83ef7f23a4a624c0cffb89d6ecee6d57fcd4400e708bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 c5e84dc608310ce50ffd4ca6402fe037
SHA1 5948a7e9bdb5c29fd0552faf9cc4a9193ff2162d
SHA256 cb0993000a92a735eec86dd96cd573c1f62a2dbb18ed8fde54e60a5ae7df69ca
SHA512 15def75d838e4dabd3708b249029daa24312c493dd28f43d844db1c15cebac77d2d186a26ffc37deb21cd7a2719399be357e98966a848b4528d7064dec20b88d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b645e80658c09da1d4036fa283a6ceb5
SHA1 4f4336d97bb94eede2dedb255498a43c79dc91fc
SHA256 49cffbe780a30b9cff38196b149d3fa247075b67c494260815bda117a1c800dd
SHA512 36ac78463a75d349316985a10f03985a2ac1597f656b44e5a328fbb12dba1522cb8e57a97d72d895cca581b7dedec5b3c6d5d7d8dff4d2943959f2f9dbb51413

C:\Users\Admin\AppData\Local\Temp\Cab2E90.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2E93.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2F16.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56f73fc4a29660b8a71e456a1ff88f4f
SHA1 ce168555af78dc43de861003707a0392f61944f9
SHA256 5129bb9d03eccf17bd1f5264a94be375eacfe1028cd92e6fd259cdd56210fef9
SHA512 ba29d0ecfee590f1951501783b67f4313ae633a96ca7caef7ac3035e3690274b9db85c41c6bf35243bfe784f04e21096c9e50345ba76bedb216c65356721cf09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0929502cca3fc5f9d3c5275739dd6301
SHA1 dc45bfecb9b9621f6eb19e79306e59c356108c39
SHA256 d1718c39d131a9b2f211f2a468902a5414ec47ed65fa4e3697ad87c644ae4a55
SHA512 c1b3fdd1178771c6d1d527b1ab6d7b7ffd59ae70fc9d89203ee3ae913a269304805e0e0067737a4f034777766766b5753902e9afc566692bf3debdd936314083

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db112a6cf8798421a383d986eb336b41
SHA1 cfecee4987d307273740320856ae77872e6c096b
SHA256 eb89a9b40d0e8cb6ae20d04cfe71a713bb0773d41c19e36ef8b8594810ad5b9f
SHA512 835c892c586d3d820b0e8c1a2d41a5a0f0ba2af05e2fef647326278be9b190edf24e4fd9053bbad67ba34c62fa620e40cd407c4d402c6a0f7e39d84cbc49c3fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cedc1d45c63dd75335b97a4229cd168c
SHA1 cc80cef30bd4108d1ccf8a88bc96231373a6f89f
SHA256 1379cd60f0f634d7167d9fa1b069c9c4e0b5581ccf1fd5de259b74b7e6e709d6
SHA512 4f96792849e1dd557c4ef6bfaa33578dda8db2d5b70c9817e2c31db889426773cc369416f3af5c426ff906234d3bccce94a51c19f26732d1047d82269336290f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f88c8358cb4718d84b2f7a9e161c2bf0
SHA1 e2a6a2e440edb24f82ed069207697600485a9d3c
SHA256 783e09678d9079988523de8712a97f07c2f8052f2e1b717b9b91b7149c300e3c
SHA512 977140f9d2d016415f0c7d1ac128a22260c41cfea4b5e427870c9a6f5243de378124641a2ec003896b7abecb529ba8b9d9ce9758668accd1eaea5b2790fb5bf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b08571cfc91e58e3f39e2f76f53688e
SHA1 b27be3cdcf753620a90596800fa5401ef1bc3bc6
SHA256 4cbc635d0711f035b6f11493221f872431dcf72ca87397b2263dbd739e3aa71a
SHA512 f354a02a0d9e17f9c58c5a327cdc9805eb0df590c80357df46246693ac45d17996e659f68e96fdba6b1acd7dc76ceb8f6d1a95edb845d840b59b65e430c4caeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13029fe0374afdbfc4cf480afc244104
SHA1 f1071997fbe01d94c7652e1e355edab859b67cad
SHA256 8ebb4b6df54f74e6dfd619a35b5a9845686f99f4abe275926c70f8c8aac54993
SHA512 0f259213460265e1093b8351e2dfab5c5c065b930e5a0e185bda790c7ab4649b9806b1b7a2cb9c07bcd742497b2830e259e84319666a1d8ba14c327a48a0eab5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc13ba985b02a679e6b21515950aea67
SHA1 63a5b5faa41c9f070ea2d7d8144219960c03d0f4
SHA256 cf37fe482b0b94d5dfd012e3636096fc6a504a2f6532f66842831ebc4583a58e
SHA512 a33c269045e28c56b7cb991c9aafb96f9799516c561213722ad9f3fd054ffdb045f96cc2401925c8e38143aaf4f34fe06a9c7f7568902f7bc8bc3b32b346e9af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e4464d9d4a6a8f8c0ed45b52883392a
SHA1 d8ac9cc81a8b38e0ef40daae8141fa61a7b48b52
SHA256 a8b5f902447c8bf8486fd3c905645ce55268276e27866dee73917f0029a8d0fa
SHA512 284cc3f3e404b8dd521d879ef61cef29723bc24cdf23b029af4ddcd02187f60d496fdbfa24c466112e50269af93533d401c361d595c3608cdd6aa9f9828bd74b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fc104c3a363d7c9e7fd579aa1ee5ceb
SHA1 61aeb53a049b5d15f4875fbac311ffca184eacd5
SHA256 ac97cd1cc47034d166e2b964656ffc8e45f69011cf5d95da2e77b0b6b3e793f3
SHA512 072e267a9e6b610570d5d0ea3518008d51e1863df386692328e55ee8e49c9438325eca5457384b0c69559c5678f26065a447d37f43d9f0e127ad88d3dd761e00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c3b6d4925755b1063dc7b83d4a03bee
SHA1 773156eed09c47bc57cbf37734beb23e04ce2908
SHA256 2877efa70a5154803218b0734d43928d592f6f8db8f35ef14053619e1274278c
SHA512 f72e8919f526e27ae25ebe995364db4fa378d828e6a1a92a98fa8ec29ca75f4714e0ffdbd68dee0961042f96a6d2d82f8306548616ce8d4dbbcc00c76cc9c23c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78d907a40a4241815b6ad24d3fd00545
SHA1 625d10dd7e7da0c00db6bfa96db123456ac10302
SHA256 d09ffa96952b8390dcf08ef6725b34d51a0a5a13d19e7b23c5de7690b8cdf396
SHA512 094135ca1b0248d5eb616ddb9379a89e5ea6cb53b052df0b325098e27e2e95d42d2e46617de6a5362fbb608c7868b2de4aaa4036a723eb1c488b20d571e2c909

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23af1317abdfc7c5f5cdb630f5ba4555
SHA1 15749e043241f18ee54aec19b1f9f5e63e49c4b9
SHA256 ab2eda37084ea1c048ff3c2564eb7942eebe74a4e2f850ceef6d8ab68d791878
SHA512 e062f6bc27f796033f27f1be419a3dc4db111adb91343a2e429f3607320f8fe924f37990d16008ec7166b7f2e42991510fab6a02cd76300d4f2a1b154aa0b2d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3285bd9c6a9893d968aa4cc6ff194ed
SHA1 e01f5c28224bdf6d1afc89d8852663e9aeca76c2
SHA256 e192878c1b7d1dd419055564f6d62fc1abbbc6eb7f87c7b19a2b0d4b0402df25
SHA512 a6f44f51c21396786b064f3bec4f353a05869392b2dd60b8236945458dcb0ec2a7ee17ed87521ca49341fa50b0937f4fdf670fb6ac89ab5b0d9efccb9e3daca3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 295d38f2ab63aacac5bf0a00b2716194
SHA1 aec369673ce8c769cdaeaa7518707d918e37b08b
SHA256 84d2d5e1161277eb5debf1d31fb845e08c91441c66e8aba4df57199379b42362
SHA512 ccc0ba795f3f5de6ba4ee24cac9d69c852f79b0ea3213c6c4efb5b9a756fb29d51bdac2f8b1bb63d37609462038c8d8661e7efe1deefc89b68f540a07fa01bbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c82c28266a065bd5a90ecd398adacba
SHA1 db7100ed729897c7b08d54374845a378f2e4c7d0
SHA256 b52b11672f9eb9a514cf10e81ec9861c98efcb0cc2598e1f29a8ded15d4f1581
SHA512 152017eb1a6d7b924444dff2f3eed08c3cc9d8089ba08c6a4581c7c0bb6145aa57ffb0bbbd6599dc00ba80573d91806cce56a8f9307b8e4b0027d637890724ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdbc4baf3b17da99910ffd4e72075c60
SHA1 44a8b2c856354b6066b7b727b4e63eb2600abb5e
SHA256 6e24bd57203cc4c5bc95614cd4f1208578de48d6f67ea52c720f2c1658c897da
SHA512 10c260df2a76c89795f5dd29b3b2d03c027e28a77ec553257deabf63faa9b17e866066da972a094332a93c22f8c1021afe528c7e1f09850a6dba32ae2a698865

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa4aefaa474e51576abf34e3d0362478
SHA1 f430e70dec4f7e34f0bedb065ad550e4356c4d4c
SHA256 f4861f5c275d5b0039aa0137121d0fd5ba854a1935a4358fce989a4b1b6e94e1
SHA512 73d4b6e4e93849dc5c7a0342a672c5bd5039fed216728eeeb9e7e1715e2beb9da549e93a9f420ac9c4e735b02a8284bf3c25dbf18de31cb65de33c8c19af433b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3abfa46922989e743abafbfba8e6c503
SHA1 ccd98454d08354cadc325f85021248842bffe74d
SHA256 65c910af2532fe03e8c755d8a44660c0cbe5a19cbdf1290c58bd892b32b61800
SHA512 d6a83600ae9fb5d7388098d8b57e44f9eef3d7ddd9d50ad688a5481e2cf2db0a196a59c00417c04ba1c6a11a2b7f97e98b15723fdd748dbad3a21c21b93b7f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f36e04bc4964d2845ec6f7c1ca02631e
SHA1 5f4acbff3c1ee94b9542431c667c6d43747be2ed
SHA256 2c32020bf0d7edaca9f1214f29e35bc2347b20d12d7e37921baf33f241467b4e
SHA512 47a224ae7cfc77411373c8509dbfa588d22852bbf7a45531866d6aca24633e4ba1eb33d95df824b6654c7a638497dcb6fa617b56e82a7634741cb72ba33ce93b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:33

Reported

2024-06-03 13:35

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f736b65b502d4a73d7d28bd4f227ad_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1576 wrote to memory of 600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f736b65b502d4a73d7d28bd4f227ad_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,5344618253952257332,3442106171308722968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,5344618253952257332,3442106171308722968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,5344618253952257332,3442106171308722968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,5344618253952257332,3442106171308722968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,5344618253952257332,3442106171308722968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,5344618253952257332,3442106171308722968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.42:445 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.10:139 ajax.googleapis.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:445 3.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:139 3.bp.blogspot.com tcp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
US 8.8.8.8:53 matauangdinar.blogspot.com udp
GB 142.250.200.1:445 matauangdinar.blogspot.com tcp
US 8.8.8.8:53 matauangdinar.blogspot.com udp
GB 142.250.200.1:139 matauangdinar.blogspot.com tcp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1576_LYOEMPWGATCAGMBD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0e546cfd-e94c-4169-99d4-c5763a08de96.tmp

MD5 17d90fcfe83d3a6e6dbd02eaf9849645
SHA1 9592fe20117b6dc2367f4fa84ee6d41ed1df5b0b
SHA256 542de60eef07a419b1d4d36ea40803512ea91c6f874e06733cb606f586289067
SHA512 0506c81abacfc432a6ce91be166f4c662ddf57742f7f222652f6b77aad857c9435c8869b72fffbaca9bc285fe8d2bcd57fc3a967b952ea2e31cbdedaf888df74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1adad7b0704d2dabd20168b18cabceaf
SHA1 affcb785a3820cd5f38606e450008da8c65f8523
SHA256 d7496ed29d947b795c095930e5ffa40e686f909bca1c18f95fc7e6482a10ad29
SHA512 41adaf5775abe9efeecd1c898268333e751231129cb382dcd75f74538b342d3417dc7d13860655ed4c932d71ef24b26c1d77bc091a0bdb496c8be7a219cba787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc1118c3c00f0b22ee4f247c0a12809a
SHA1 72b712ec94c07c592f59fe70bfc5e5f7754bdebd
SHA256 88e910b4ebf90362ade30f9940f7a0352df4697799e4c6791257ca9506a62a6b
SHA512 1a72837fb769499744afea1b2d01dd0ae4b53d0e06297a213388639f5bcb3231e00563af9705e4bfb2d163a51108ee9f6b705047b5f111f068955816c10b1d36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1617b1444d2a350c04bb0a10cb1a7aec
SHA1 67c26da5b2aeb530b32e23809ea6912aaf4b8e64
SHA256 a696614fc33613d13d36369e2837cf1ee061bc8097b292c9df259b9919836670
SHA512 5709601021947c0c424e6bf8bf9a61914908dab86801843327d2fe0e7e4bcfb18b9a4ab814de601a6a57b554b7d9550ec3011071ae80f101f55f88fca0199238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ff5a48108d67517380b95efb6458604a
SHA1 59b9eaf91691d004f0c82e7eb5e9b1ae2f1eb625
SHA256 466ab311fc3c661c3a4690093188d9ae49f2776040c640a5e406d4f0e3425df2
SHA512 b099e68b80d8bbfad4de0d6ba2aaf5aeac22e7b196d1484532bbfeb2481373fe128bb33bb0c357e9349530cbf0997ed245230154605b207005717bfa032513e7