Malware Analysis Report

2025-04-14 03:35

Sample ID 240612-23h7faxhqr
Target a2d8db437d6efac2376ba98436b50f25_JaffaCakes118
SHA256 86940990edc33cfcdce74a821f2c0eab5f9c0f33ffead6db92b7a8134632b77b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

86940990edc33cfcdce74a821f2c0eab5f9c0f33ffead6db92b7a8134632b77b

Threat Level: No (potentially) malicious behavior was detected

The file a2d8db437d6efac2376ba98436b50f25_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:06

Reported

2024-06-12 23:08

Platform

win7-20240611-en

Max time kernel

139s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395453" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d006391dbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{635D5FB1-2910-11EF-B98D-FE0070C7CB2B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000075ad3c3fb9e89a6672f5199f4f1ec21eddcccc717cdc703d2928dd4c61cb22d4000000000e8000000002000020000000049a9549d7866c74e151c57833f54301ac1e8c6d95042d33ef5e0633182448d120000000c68e36d2a4a9b18b4d1086af428cc5215823ef5c66435b418fcb9141b664b068400000009a5f293c233fbe0e7dc0d3e8f397514d54e6b4af21fabc83027a6da9f3ddb11fbc69faade315b243d176f0fe1867d07e302b722284ace76d1d73dca7ef8d7fa6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f3bd1746ad878e62958679c4eed2000d56b09cd03e7049478b7cbbb913e74f75000000000e80000000020000200000005aab97cdc3fa8e3003d994172e4e63be34a403d3af2596999b2d1e7e46beb21c9000000067ec283ccea8852cb4f1e943ec865ac4431c163cfa99d12353829eb82f864f9bb836c686181a23743c073abe7f0b8a8fafb472d24b8761452f67800f21a5ba60bc867d59f6910acecc39823940e5dda5823e0d69dec6329d8d8cf828fc4db44bd98831df4b25913e5019f1860804b6d0c1f444486ac1ff7648d6758458b48dd718cdc7ae0a3c922295ae25c97207bb09400000002360a7f48a57a320a94c4ff91923f89bc49e418fbf072741bee291f439f10d2fb216769217c4b0c5a5ff94badcd4b0c7b502eece05f6068bd58dba60f5bc9b25 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.18.71:80 s10.histats.com tcp
US 104.20.18.71:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.27:443 s4.histats.com tcp
CA 149.56.240.27:443 s4.histats.com tcp
CA 149.56.240.27:443 s4.histats.com tcp
CA 149.56.240.27:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9a5eed38542693cb96e77f2f55d0775
SHA1 5f3300fb3f8dbd2baaf64278a8ebbef263991d76
SHA256 b1053d1bc284f551a3d526ac533cd6f78d853b50c2a7abb4f5bd50985aa9113c
SHA512 9a78dad2000dc3bd3bf199fe14f235097ef0e2950d9856a7ff907aa7c5f3dcb8dfe1bc8b6e1ee9c89b1281783e44af9a71fe1fa1aa4f12ce1c15d28378a2ec9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ae4d59bcb6ab6e48c84123b94565d892
SHA1 82b77902e071d909f469078e1eefa349078b2587
SHA256 845789ff6ffff708f6582159bba71f0ab3ca710a48914c2d83c56d002a4995f9
SHA512 d483b95deb00931def6436c4ac7f716fbc65fa24ef275482030418d926d67e23185fa10e7e195f9f552691e7e5d4d5d027d90e4f0b285e590ea828ee5f8aedad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e56e8a78c63bf428e8186c359188db32
SHA1 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366
SHA256 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59
SHA512 d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 28a43dd1b4eb5511463f120f58b4aefd
SHA1 e9623632697d48e8bf55e8bb7a16aa8282bfe741
SHA256 f78128b6bf6572e2ae2746c85e44a3c7e53232d8daa9b729f9e9d81f8989eb0e
SHA512 94b3e7c9f4446d8be30741ecabb73211ab62027eeb71f19c66eb72a9e37f930af9e7a1ad40afebb52f3251432a8d9322f807a6836bee81ba1dac80bd34b55708

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cb=gapi[3].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ab3082a43fb404af107aeaaf972eef6
SHA1 5ec0136c6ad52f3a72b6a67981522ef2bd13ae52
SHA256 43f144b277d13d2e64b735acfd7e8e4ba3b0d24476891f1c7dda177392f6c462
SHA512 f40e7f7586ca610635bbc81dfdf384d2e1ec6c9fb3f4558c53042bcfbf51ea1e3bfaf9e481db21de8e4b3465fea287ce4e7fe1083e49e9529bb6b0bc322685f8

C:\Users\Admin\AppData\Local\Temp\Cab730F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7312.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7b191a54ba78a6a6482c751c45a4505
SHA1 4814f7125390db94813436b5022e72544aab88b5
SHA256 da505a2821f307c81facded124d901f034da3274b5cb2386e94883f4560c4818
SHA512 1a97329ca790b79e9bbaa4c8d96aea97316c32e0a757b180880ca1ae1b236e153ac5f223dda7eb5a1487a3370c11dc19e9ed3a39e3d38414d50f35a0e615c622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555bfa96e354f1e4318e591bae9789e4
SHA1 7669d77c8772ae183604db0d59fe1067e9276406
SHA256 812daa0cd0dee8a502752eb73c0a0a78e2551e1acb091a4fd4308e82d25f1cba
SHA512 00fb52935edffcd2f781a0d0f8a4bda71252ceda0fb9d20945b869bfb25ee2ec2f93a7077ee788c36443e83323e1fa0cc28f33110776eb4c7fecce4aca62e970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b2c696fa7e7cc2f952b0b8f8b909abb
SHA1 4fd032602dd7e2af0982dbeb1350610c0fcda4be
SHA256 b8f78e01b1efbef0dd10e9e382b156c29eb50973c5c736cb5768ff2d739dc4b3
SHA512 44ead0a5203bc89deb466e4e2cf82ed9e44d4a117b714a25fac184b6d2c3435519772807e1b9d166d43bd7986005f74414c8d738ae3da1d9cbd2bd62bf40ed10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2936672b4aae9c8503b5a1103579c093
SHA1 8af3dc77a70f57d91b8cd82e92cbea68c4c4ad12
SHA256 d8119254da76c25301997e589f0e48cd5c57171bd5d03a6dc11c5a50c8aee8be
SHA512 9d1ab107522890d29c42d16154655b7da1abdf3a2c5fc643df9480f06a065d016680485e7559fbebfb7acbded8aafcc7d8ff2ac8cdd222062ebf13b75c51f844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3cd16656683d5d2cfd4c07b8b1e4997
SHA1 fc045f3b675c0c9fdaf6e10a9010cb0a1612a61c
SHA256 be1ad02c76590407931935146b21e725b4b87fca821e3842e904106acff48796
SHA512 5449ba497b6f69242baa09c8484115557557b3e8186aa3d33eaa8f4ae1291185b91b4cf5dd92a92f84074b840d468553504e8aed7093f0d585f108148713a45b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2906dfe107367be6882c505a1a704597
SHA1 a9783417c57dbfa2838173005bcf35f82b970e58
SHA256 1d3a32a60e02eba268f00ebd2db9e712c2fc97f2677afbd8de7e2b296c5d3ed8
SHA512 55e638f84f0770ac2997492dc3ee652f8ea943e799adde126400700ddfc3cb1f4ed7df4742f4fec3039932ebab1270d3481a602608f6067e496c75d11b373b99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9de4dea62feee22acab36afdb7b37352
SHA1 e90300ba58c210c20d879addbd65132291a25932
SHA256 a2467e281db681ffdc858bb0d4ef14b4b9bbaa722ff59b031d906dd9f2e8b63a
SHA512 e649f0c13828c9aa281a62130c05f8fe755a9037224db90a11d1ee2b077a8eb54f82da6f01ca67f9818da360d48668bee3e39577aa1a3ed74a697e95e7c738b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d75892a0630650fa622087225f08705d
SHA1 6d12aaa1f57cf8ce67fa921f3897cfbbee2e2a36
SHA256 88a9fa3e0255d42312c7d03059eaaf66d857f90ac968681554c65fcc80540c60
SHA512 04f48ff49f2dbb81b8e6f02287a255d231759d953716e1d551bcf7f824c33213e4e3428c152fd82932ae9584e9d6c915d1215df32e5f5113ca0a95c32ba09f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96e5e58dcc9bed5f765465499065b8e6
SHA1 2c8a1d9fb239b62c04a2788849d4a087c2408891
SHA256 7babcbbba1110d1ed0709a899656b8967c6339a9259de4c98037a4729df87d6c
SHA512 e291f57f3f4c9b129f7d6b697336b9871ef0831859312cef41237e9039f3b9a5817bfdf604be9c5055df87a4772a793b8ad54df05b5ae89b7ccbe4f0e0f01d96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 306e4184c69078d9036696f3c20e6fba
SHA1 8a12ea7fc4e6d007c8eb33cedb35e2f427e8b13f
SHA256 8cec26ef2b838c5f945e0ce32083b96c039b64d58f1b9d1c508831bb687eb73c
SHA512 88608707ec810e28ea77f273c2d9bca7e80f915473821fc40ec029eec7456ea2387ffe60e99a81554ad6534079e08cdcf27deb2755817e6c4135018cd6d6a4bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9b0eddfd6cfe8afe8d114f8022b27f6
SHA1 81324c527ffb9b6088051a8db43de8cb8fe85eb7
SHA256 c97b5a7d7b2eac0982559855c1e32f2240d335e793e4c153c4b23100188fc33d
SHA512 0fdac690edd6e120725275504a20b95a1a86c3358e34dd251a33a63a2258e23fe6afcaa35bc8b812c58b6212d4bdc109c5146d295138ca46adddc3cc156329c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36146b349253536a88f4076f77b25649
SHA1 88aa72fd6265b58c440ac4e9298f881be36a271a
SHA256 9d61ece5e57165cac53c66c2db7f17361fb0a98c577b6ccb301295664cdb7d61
SHA512 f34739da318ef1a391cf0cbb53045ddf2a24d8fd795c70bb4a6bbcd6ac67517e3fc2e37bbd1441de2c685f808701cdd745d9519751d4f0f7986908898ec42d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0191957fb51d773f0f914b7acb748854
SHA1 ff1e1a8571b1e9ce4d3f023639f1776cb40bbc03
SHA256 353bf0ff3ad13cdd94f51981943e7a53acf24fa1bf362343b2ae0d5e35a4fddf
SHA512 d5d54c7746dd848cea4f2e96b14f2fc45cc9eb23861cc5dea20e60246bac894bf180b073de00c9ee6930c2814d8d61f33b88a3159c5104959f9c8759be27548d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71cd27295e453032bdaec3278723ddec
SHA1 a16016157f2a63decd030e584274c23710530829
SHA256 625a4ad706a6958c6a68488ceacf259f632e5330d47d62634074d7fcc7a0429f
SHA512 25f16fa7aa37900f9af03b940e2faf4d2398bebc8219f413e4123584e10a5fe4cf73565db2dc7a86b020eb8567d78c990999eea430590d103bdebebdd9926301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84c0dcb169ac9737296be30e26545878
SHA1 6a1280e4b4b20222776bd09925fc69b34f32f7d8
SHA256 12fa3db18bfb3e49987de124c8d6972986a365efa4726d421ca7cf3940cc7b9a
SHA512 12f5beec3d8e80ba173fbc8227103929685573a2caac29c0513cb148f6da38438b224be6a6c0e92f4f3b53cf20b7aea5c3715eb2c43d5a9a06bae04b9c9255f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9465c09f3efaec451d78d220d1497975
SHA1 9e838446abd1a7a76dd696c2fa803c13a62739b5
SHA256 50241dfaad36966e406bc5b88fd2e4ec69c8932387616c1f9230d3386d20d9f8
SHA512 46b29eae5b5e42c22ddc90f8fe6e0f83f6f84584afea3ff4e6c3d62bca80a2959ae2dbcc306a110bf5418526e0bc1dffb8785ba89e6be9fcffeeed81e3f5a598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f6c2a224d13be660b1d7192833f10c4
SHA1 927c9b62eb4a7b2bb22cb9277c58412fe923057f
SHA256 dfa9866e8ca246dffb9ea9110e995c092320db1e884f1b39d1b0c94f2a843fd7
SHA512 de632fabef03bd7a8f7d6a075d74bd594050b11db322a012bcf0015fbfec90f7da5df2d9a70c032e9e4580f46f36d227fa1d30b28a24bba8a84740dbcdb3627d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb01472a8dbf7c1a11691959cc551911
SHA1 bfa0d577d9422d7b2736acf1fbe5a7d7efcac5e7
SHA256 f06ba7511087d82cdb69a388ee8a039a3d3465ccec1dc49895eb8cc69885e374
SHA512 60be194fe4c18a73a20ca6305f86dab9ff029213ba6a52c7440a18ba91c3c435c4da92322f68deefbeb5812bc9c518ebffe66565340f0b7c9b0870d87b6556c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 460d97366399221fddc31ac76b56c31a
SHA1 ac2736eee6913e4b1e45dd78bfc1631d88f1acc4
SHA256 30309d6105a27c9c74966b611f2412279363102a0edc93337c4e072edce9497d
SHA512 309a3362caf842972c08f2d32718d93d458171fded87a8058a726931e84c4bcaca41461c8a0b732fe6d31a7d7fdd88d4f0518de590a4083a75b779ed2298b8e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb12247d46dace839817b27104e87c45
SHA1 b76f843ede31de4840d6998219bf470c1909114c
SHA256 232bc21baa5d0f9991723b9b14498a784b7f7cc96668f9f62e05e724f09a2764
SHA512 da283b2e873bfec1f539e36ed776711b41f3891c7ffe0ad4a91941d08de046d52ca382b097d11549782150df8461dab7fd5a3985dd41844f615ca661c5194c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aaca3de51f18cde35311c7e916e4f3d
SHA1 85792c96df0291103668223985d307ff4474195a
SHA256 71c6a233f281ba3571188aca49d8ebc36c9ce8501e46700c4debcc97b793504d
SHA512 e00db8dca242029b0488be013b16ff00374f60d843431a6ee45bba2214414aa05ad32facbc3a0efd07c92524d282ec960aae9682fc03efe11bfe2d3249a6f3ed

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:06

Reported

2024-06-12 23:08

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4476 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0ef46f8,0x7ffed0ef4708,0x7ffed0ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ylx-4.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
SK 185.66.200.221:445 ylx-4.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 137.196.17.2.in-addr.arpa udp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 ylx-4.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.18.71:80 s10.histats.com tcp
GB 142.250.180.1:445 1.bp.blogspot.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 54.39.156.32:443 s4.histats.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:139 1.bp.blogspot.com tcp
US 8.8.8.8:53 71.18.20.104.in-addr.arpa udp
US 8.8.8.8:53 32.156.39.54.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:445 3.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:139 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:445 4.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:139 4.bp.blogspot.com tcp
GB 142.250.180.1:445 4.bp.blogspot.com tcp
GB 142.250.180.1:139 4.bp.blogspot.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 142.250.180.1:445 4.bp.blogspot.com tcp
GB 142.250.180.1:139 4.bp.blogspot.com tcp
GB 142.250.180.1:445 4.bp.blogspot.com tcp
GB 142.250.180.1:139 4.bp.blogspot.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_4476_KZHZVSZFSVAXFJDO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca8ef4b8535f163d5f3f7d43a7a8239d
SHA1 9c84b76634d439bc95b044a5cab449283af6bb14
SHA256 226ad8f1448cfbd139d20abe39fd11cf7aaad63bd1983e0cc550c68b6ea5e161
SHA512 ca31b17a6f6cc586b4a7abe294bd22b52fa565f303a6c24f4db59bb46b8f478ad27f7b253685520bfbacf779e21f7838b95e9ff3f9adc4c6ac288a5a566e5c03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 610a65ba4f81b5c54def21c9609910ff
SHA1 5d43e2882b4afd49208a9b8c4030b2268c0c2f1f
SHA256 070e3383007b7c7b8fa42971ce0808fdc81926608f0dada83d822fee824d05bb
SHA512 87e83550df5fea9670e252775177e767244e32eae571790c20886c0b954ec17b56dae809f83956eab52c67b98100db6e61be3972a8baecfd7b2fb4edf589e64b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6e57ec45a4292fddfb8529f97060a2e
SHA1 e5a200d3ed4bf67084db2efeb677b1fb442d2669
SHA256 cb46bed2de36167e4283e32e3c0683be22afd9b4be55de96ddff3f72ba6ecdbd
SHA512 6e470912ffd83be0490df71381270e0738252e0abcbf5ef00b6221b11149bbe2921318b9111adc21ba517db91b157808e9895b906812391fe8b17726eee54d34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c056563ae334ef7355e99da45f42ad98
SHA1 9b6d4a06fd3c06ef4fb3b677eb50e32e9651fb7b
SHA256 466963f3f0e189620ddac461b9708dc185501dc58203dc15a29352ff5aa0f851
SHA512 eef0e8b588ebb12853115a35d7765738c48a0adf6b35ff0ead37f375f3618c90fc9ac76dbd07aa98b8002abec7c5b468364bebbdd0139cc2f9adfb9a8d793664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d2f5baa9c573e0d30a1c79dc9d5681f
SHA1 0456cc471afccecc4397b0d227ad65d554e21bc6
SHA256 c9b27cf2d8ad045c6c5e28b6905cefa8dc8007a717fb5e511c9e317ad51307d0
SHA512 b357ca5131f116ae90ce888bd4a9221198d8e90371591648a10ac58396aa448a3dcbf2d1496cea363e694bd1fed5efaa675698b808b8808bbcd87e38bfb65aff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\02868cf7-7ebe-48b9-be71-6c40d7fec2fc.tmp

MD5 d1d3f2979c887173824a3f616638a0b4
SHA1 c3183218b844fb8a5e6b7dbc0b855098a7c82d8c
SHA256 8d17332da2d8f0223bbf77190a2cc33df9e2dff3c36c3cbecc71045ceccfbc7f
SHA512 cf2721d3be7205835b1f617e9f7b8ca796041c28c693ed3887a435a514d23a352f9af72e56da93ed909755e51cf0a790077cf36fa61588342a3635d5bf0965eb