Analysis Overview
SHA256
31f24e362237b1a1ebe302a486fcf4caa2728643e2385faa3e346cddf4bb4daa
Threat Level: No (potentially) malicious behavior was detected
The file a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer Phishing Filter
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:12
Platform
win7-20240221-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c078db9fdabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000020154e39d113a64eb85e8ea5957207a5000000000200000000001066000000010000200000004a1515c4580062bdc6d3ea161d0ba29d444cf485945aca9085bfa95a14279adb000000000e8000000002000020000000a08db503fbdaa1667251aaa27f33306f9fddd326f919da6dc97ee5bcdd5399fb200000007b82199ec4273aca0ff896cfc385a7dfda93fdd082bd8ae12a1be5fc33009db3400000005e43c8801b44f090ff5de486c5b431908be2288fd6f181bce378bbf552caf9b8c784fc66f9af2e9d6fcb24a52e04452c720388677a879badbd160b8fc14d974f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80caeeb1dabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB387DF1-28CD-11EF-8356-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000020154e39d113a64eb85e8ea5957207a500000000020000000000106600000001000020000000698971d2f21c331cbb11d4230b78e6403c7bbfeba7f07ea5be79e29726ffb25a000000000e80000000020000200000001ca2d62287e0b3ce3f23c3d4012395f95480a785dcdb248e33c3d31a6e37aa1a90000000cd6c3487ec2e05b9eba815e38ce989def71421fa8654336f56194f6b434a49969787bfd70d2f6aaf8d65c5ca482d81dbfcbe2cf7eaf1ea9fe346496e7ae30ea11a85daee739d73365de0d6b8801bf918156aff90c1852e513aee3868da407aab0b2ba1606afac450a34b8a9304293c0f446b64c42b71541fe44b22fc11b94fd2b3cb420080ea4960e6c0bed9980a927f40000000b566c0c4a9cf44a36f5e4cc39ec813f0880c7d39c9de56c0684bbea5f86d257a60239db27986ca9fbb98a9ce5d0dcc4a7c0b925f91b8beea9a968b54c23a7339 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366876" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 18.172.112.90:80 | static.mackeeper.com | tcp |
| US | 18.172.112.90:80 | static.mackeeper.com | tcp |
| US | 18.172.112.90:80 | static.mackeeper.com | tcp |
| US | 18.172.112.90:80 | static.mackeeper.com | tcp |
| US | 18.172.112.90:80 | static.mackeeper.com | tcp |
| US | 18.172.112.90:80 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 18.244.18.41:443 | event.mackeeper.com | tcp |
| US | 18.244.18.41:443 | event.mackeeper.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\cookie[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Cab13A0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar13B6.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar14BA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77462a648b93edd806c58677b195a0a4 |
| SHA1 | d4bc7325996bdcaca07a9ec61be8d1b243ee833e |
| SHA256 | 3e7769fe8b07b9739cb6f22075ee18d80de406773e8af4f86be8c55cc9514b7b |
| SHA512 | 644e3e44c3354c9e4b91f281eeb460bd358f896a6d115a4df4d940e152535115821b3b3d12b411cf2c5fdbefce4bd3499ac08489326c0e3bf75790eae9baae0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1262c4843b65d5c4a627d2c11e3d2ae4 |
| SHA1 | e0307ab86dcdcbeb518a1fd7b5ff42de0d6a3d69 |
| SHA256 | 631c6f90f793bdf1a41f96c447c4cf0a940241f00e5bc2f963a5efc4cb8ae82c |
| SHA512 | f0e7e0bc0bafb767c01c3958eae79e7808e3ac6e93eaf51e88a03dcc857d1cebf3b30b86052c33329103dbc7f7690fe09bd616426c1dd58869ad278ced7ad7b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | a435eaead940560203445c2d8dbc3e32 |
| SHA1 | 3d3617e51264626a5d2c06f1c46c1017e5333db7 |
| SHA256 | 52c3f42ccf20f74b05e6c04bd6fa496dbcfb8402dcc242405bff8670e6a3e7d3 |
| SHA512 | 46082c20357016e43893a805f0c5e3a6d833699edcf1652d41b4b7f467d0689210643c3d7d5e7a3b46c932bd76e5204f710ad88d0d5ccd61fdc8d39d5b8c14a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ce3e481dab5eef5e78c86da61b12a1c |
| SHA1 | c0e7b74a29f745f95bb9151753ed8bf4287907b3 |
| SHA256 | 6e919b79be007c8be0aafbeb5d4c3e263f459cd7bed50354b7038f06acf50274 |
| SHA512 | 9a40d7f51ea5174dd269084e718de558f44b6113399bba845e21ad8da1668016d55685f82cba158791955070d681262d6bb39d9f7fa350d4107393dad483bf64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 504f0a82f99fc8ddf4781e2b3814f14a |
| SHA1 | b7d4a2d85e3ef4c9a77dd344cde5cb704a2a9b5e |
| SHA256 | 8555152bff0e2662c08a34fae54950b2325be0281ead2b3911c4c5b7abccbccc |
| SHA512 | 5ae2d18f9248cc44c51897fb27356a0795d427de8848139b07268cb11ae40428652a58384d08688c88d385e7a64b75bb84dcc490ec8ad43320270f0d71543223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aff09470b4c4c6f8d5db1a559dbc3bf |
| SHA1 | 7fc09c28e0d8a0ad61b8c61a7453df2cac722d04 |
| SHA256 | f7c5e8aab0b631bb67d7c1fb8d267460ea6fdbf6f88c159c854f53a2fd242147 |
| SHA512 | 305a86c5bc9baae2df5088e1492d5ce9d731b12c030aa574d2db63a0756bdb8551e2d666eed4bba59639919a4a53d9773443fee1a9685ed059e389df144df51e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 79a72d1f0d3aedb0a047c06d095ba5d0 |
| SHA1 | fdd4b89ae4c9dac4ff2472a2295af868f769952b |
| SHA256 | 2c2f77e5d5974d00dc146b5ac76a72a80548a9d53d7fa840d2d8681cee0805fa |
| SHA512 | 4e51f1073aeaa731d2cde6f7b069b7f8586acb0d32b0e649ca646eca487ee86db8b1d8a748afb9a242ecbcee5500c7073ee43cb807e6fb2dc814e4943e8d5598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 18c6e5d809bd2e2d3e970fd6461742b3 |
| SHA1 | 2199e65018cb865f681ec6772feca27f1106463e |
| SHA256 | 4260963ec95ad42f7fe8eb6430d19c9d50f7161d5b339f55f8c661c2824fc2ea |
| SHA512 | 39a95f1c414187d289803ad52c0ee81019a46e93edbb7e14b388e0ac73bd86d276a7a4937c86e7fff46cf87b899931152197de6fafd039b5582c72df39dc52c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 5565f32a192373ece59d8398beadb2a2 |
| SHA1 | 51f78cd07e923edf9c604d9d96b96429eb0a7643 |
| SHA256 | 9efb3e8defa02038a46ebc0032a50498a8da6b13c03c5a5fb3888bc187e7bcba |
| SHA512 | 7ec7836866e2f561c628e2732dda2c82eb386d1d327f2c7a062465da8e82016bd7a9e127699585b2110a9bcc3a7991014fdcf9796f456c61b96fd8898aee45d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 1bf4d60af2793323988192d68ccb7c1f |
| SHA1 | 5b20ce5287e48460532a07802fb155cd19499f8c |
| SHA256 | f00cc0d7815365a5a0253eb01c125121c70ce33ff16856f034aa0da9eff58e1d |
| SHA512 | cece782bd2a530eca216ce2e2e391e8fdfa87d58fe810d2db90cfb07dcfc0d5057c51607c7e325bd6fa4b998fe95ea9f9205ed63ec7dbacb6b76d455757cb513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 760cd3d40f345d36f7facbc6511b5e86 |
| SHA1 | efaba60746570e85a5ecff762bb519311fba7150 |
| SHA256 | 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359 |
| SHA512 | 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae15f919a3fb8e08f79a7636b6c534dc |
| SHA1 | 52c08b481bc9c77c766e27338580a30494281332 |
| SHA256 | 62983c14c49a240571423a776328996b67192e3d3bef691ec7afd4eef0767ce8 |
| SHA512 | c9588643b98259802d334049bbd459b16d6d47e78a47e1c68d0703a43608a1679b13063d546b8b7f24688cf4e6c0b60ba53baa7a3bd1c2067f9b42d85a6d0405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 512f0055dec5af1c44bcf320742d981f |
| SHA1 | 222c6ac2231883d886efb486f8a71026e33c1913 |
| SHA256 | 240d19912693061adac3bba4d33a79e821badeb92a7d6b052558cd7699d68734 |
| SHA512 | 49bb1ebff0cf4ad4593ee66baf5778b9a236a23042ea0f8c502d600671d752d17878be17e2107966c6f75f1dfe47ca88bb9861af54a9b48af68f8ad07b52d23a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceab5b506b9c39bf6049912e29deb916 |
| SHA1 | a6c566ca8bde1ca0ceacd280e0dbdb5a06b48a98 |
| SHA256 | ecf2baefacd3fc09d9c2cbde077ed8451ec2a88b440853e3d5e1283dd7a9ba96 |
| SHA512 | c8b2064957cfcbdccfc698854c9c0d94ef9fe89f66788827cf4bc1367394a48acd951521f4511961f3877416445b092ca7724d1953f3916ff2b242977b79c0c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06850b933628810d060c40abd002c32b |
| SHA1 | c7bd774a00a49d51f100d2e446f4a6923605cdbe |
| SHA256 | fc860f40948fd03c9a7109a2a85ee178a88dc4228cbfb46c6fe542fc44ed0d1d |
| SHA512 | 28bba9e3f8384611b3236ebdf8a59dd9623e4b7af31aba0164784dda9baebe0c38bc862361bbcbfd9ab8b54fa7c612442583f47808e22af6e9bfd7a3faffc896 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eef28ed3066f261e38c4b2b13e9dd6c4 |
| SHA1 | 4b48d79d964d20c23f20e712cec49c04d128cfb8 |
| SHA256 | d0c981cdcf73fb771245c37cdfa0f1c990175b817f10671c21422274464c7a27 |
| SHA512 | 7ab2e57b5b3467455ebf91577495b9a076226d471d976b820d42ba3d3f77f7b9dbea875013a941d516615e7d6f15564231d844fc181c4893504419396369c3f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8842bb9d75d7288ae9a33dbbdd2e3bc9 |
| SHA1 | abf2dabffb445b21a37a3d12e529150ae89ab43b |
| SHA256 | 20b830fd2ed608be657954303704fea72411fa757d0284197461a891df1475dc |
| SHA512 | 749aa79d743110fd7df351bdc2bfc3bd493845ac63fb465380ab1a0e07e10392d3d1cd4f32206f63fb2fac70e9601552839b63097fdfa249319b18d2d8ca7d91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6dfa61d9aeac5bc0164bb1f8275b763 |
| SHA1 | d1c53a17e5c789a9de9e0f4e03ce98dc97f2b1a9 |
| SHA256 | 9d7ce75db56c966e22b0194bcbb023515c2e6efbd9abc57a5ed4905db9103049 |
| SHA512 | 73756457ab306f2f3f637b4e34df704f46c1606cee7061ed6a6630cde3c1dd2ac058d0d8082091c40cc6955bdb0f0d45247d9f038e19e62229046237000f5de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db61aad4923b58046b8f02a47bbba601 |
| SHA1 | 969afa9a10d141564705c5412106cd9469ce8ee3 |
| SHA256 | 7fda8fe2aec4401e0241e0cc31d03433a623e3adc90cefb2fbbea1d4a0548938 |
| SHA512 | 46e190df2ae1c446a38fbeda292a5d07cee968f10ad0e528da2c73b77fb487d0a80c5ec7d0b898947994fd8e6e95106a7522844cebbccd0665e84e79fa19f325 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6112a5a3bffa54ec6ee91c988bb58b3 |
| SHA1 | 4ffb8af4184e22f40f4342c0a04077661f94b7cc |
| SHA256 | 8d3fe308b1cc5a8e05caba9ec2697feb28ef87557a8a8fe97244db2f01c8cbcf |
| SHA512 | cb0e78b0aecdd6bc093cf1271c9cf51fb2a9c34fb49ee04e8bc7fe42f45d2e614a0e1137a32a5c7a218f0ca796ae5b71b64fa366592487bd91f6d178c2303a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438de9a34989a48d0a408985f356aca1 |
| SHA1 | 5145a6bcb95d195464c57faa6bebdb55686a9e7d |
| SHA256 | cefeb4dd8bb84b43c2b43823d552dc88cfc7da0f0feca78556b033c941487914 |
| SHA512 | 0c7a293ff9577e807c478b77505f54165a1f81bc1845855c140e02d68d5e9f1ba633d5c62bd538de5d880e01a028db4295e2d21cecc48ab04dea3e2311362c39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fade6e83e5525621d0e320c4ea49d57a |
| SHA1 | a34de6d10e4292831449b1152391337a9959564c |
| SHA256 | ae27b040df83e52ed49cce31a8cf35c7d1ace121285a1aff4749b1d62a3aa09c |
| SHA512 | 633907fd10c17a35caffb29a43c07391e07952aef7ca89bcba657ca73cf0753d126a9f784ea9978cc2ac4db1a551fa23e558858b76a4c7660e7ac58898f8cee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 80832fc1ed9629a002da8c217614958b |
| SHA1 | e5ff1a1b3a3954dbb80b3cd2ec092b81deb8197c |
| SHA256 | a962684fcf23fa0cdd8dbd5cc26d7509f9ca1178b959999860350bf01015f50f |
| SHA512 | a555c03994273e5d64cffd2e77b1684dab34a4cef5943b5f578866c00ab9859d63517cf28ffd6fc1b6bd397abe7a6066fa2d16877b5c6e2381b6afe54898660b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b75dee6900907a6d8276de8e09af18ca |
| SHA1 | 92a7de495c3b1462db50298aa04ffb1c8076033c |
| SHA256 | 01a1cecb85a0435cfee2bffc64bbd21ff6fdbfed71230c6afd9632f326721acf |
| SHA512 | 6fd55107267e0fe5db87b9282df97e9abbd7e64701901652369242dc988a523e59dba0b4febdf2e68faee139ce9443cb4b144ac6b07420a4250c2c2b11b8f3d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9e72869060483fc8bcd1cdd889ec1c8 |
| SHA1 | 7364e7c274d87f2787ca23e6d8745f8dd5cd9211 |
| SHA256 | 496defdf53afe34a16e06292232de44e76387e51fead7626d712d9e6ac3660c2 |
| SHA512 | e82dcad9f06bd55a35d80000372099c44924abc92f6c4db9b4eabdf53ce504521d2f82d8dfe250e0fd59a8a4733739dfbb76bf0b6a91ce251af6942ef8b25120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb58678ddd2c1b81c33147123dc72449 |
| SHA1 | 857494461e21711a6f60b3068f3743fa45836270 |
| SHA256 | 7b50c12bbcd2044c8c62d85fbca42bfeb82ac9695bf72f8becd0deea520d2544 |
| SHA512 | e780dc96001f329ce67302ce82cfab92ad0ac2c64ccec76c029f7a650e1bff4b277643a075ff765476992e528eac1652a3fc25aafc97a3d2780763784b32aa9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6247f01ffe6e8ad75a74864ff20f383 |
| SHA1 | c87a5528bf4131a7ff8b40a3704fc09ae2b022a4 |
| SHA256 | 264d5665278b3715c308dd3882c04d457ed62e1079f4317887f0c9f44c8f1118 |
| SHA512 | 20fb86f8ddd34521287cd7982da7faf8495b63761ab548d46bf29546d2ef2f46096f39f7d9766e30d8e3584e9c00cdeaac1f76a6134956a404e26a68f96165ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a53fb507c294c2f41b0dcc6981cbfaf |
| SHA1 | 167dc70132bfe81db618271304b7302d5ef06b5a |
| SHA256 | 8355fb14f157f619d540f6169bb68b5e0199ddf9bd2c7bba5ad2d84fc32bb77d |
| SHA512 | c6e0098db9db895f4282cee2d0bc5f37a28dac4b018154c02247024d0cab5cf12b68f8741f22eb4e6da257e67e44542a1db6bdbb7a62c5c3c645c5aac08504b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 64a3034d668b1da0423b05b8f375f46e |
| SHA1 | 45045882fcea09fa19e2fc3a195e2607b4bcca07 |
| SHA256 | ef18bf4900313f5e0c6e3b4afb1f7ca60e18998c61ca43d1417c7dc4d1295bbd |
| SHA512 | 25da7ff73411e9b3854f819b9e2109de6344cf23c3abe9d1637d2237dcacb48ad28117adac7d8adcd8dade65be29e52bc83c5099a62378db3ff2bfc2352fc71a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ee41b97851f91acba6c2ae0e6363dcc |
| SHA1 | 212ad4a3ad287dfc98ce60d67dba0f1b87627fc8 |
| SHA256 | 861ceb08b8a146ceda04074a3fd846db96678f7ae53f5169a5a92d4748a56046 |
| SHA512 | f8113715f5dccd403dffcb11a13708a4097d6b473aa368438d9d7746e6ed5630e41d5c17a42d789fb3b72d8d632aab2ff502510975dbf903a4d9446c6304e5ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da3165a07cb1b4b8c3d9060825e0694b |
| SHA1 | b3d5b6f98bf454542d381d952388c9547465465a |
| SHA256 | b96edaf317f03ded20f372c4fd8d970855cc40e05337273945fc7181516e15d4 |
| SHA512 | 809c6281ecae1293660cc613ce50fa7d4b2328beba31f807dcd49198b190fd56b2edf789b5afd9696a1887aa65c75c3967c712b8f9cad6f825263b81d93a6f2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c38456d26c5827034549c01f9ba7effe |
| SHA1 | 0429bad61697b16a1b117c78a586b8eb7c23b5bb |
| SHA256 | 4e8392f9f7fab88505acf74783f2016d272fe8d5b3250a7ab2eacf6e5d77d2d8 |
| SHA512 | f65b862346ce86120b10fef8806c54ab3283bdc1ba987d4a4ab5c6d82fb1d79030a9d733c850121e45f9601583fb92f3e221c4d7d0f9dc87c9c4bf464260267a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:12
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1232_OJGMLMZURXVOQRXE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39dafdb3629b16fef576fbaba1315581 |
| SHA1 | 5db85a3269cc9fd3c0f2ed2841b9f7228332c953 |
| SHA256 | 3202f252ba84a012d05a2b5864e0abbaf7feecabc14cd07b5a0f946985f63c72 |
| SHA512 | 20dd6500459e494985b546a9a8c4cba3888fd7d66982376712ada288a8d6ef336c26f1bb91f02d69aee1c6a47dfe92d36547082bfff6319d118e755a17f9b6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc6d7f55095e6fef6170e3131bc9eed7 |
| SHA1 | d14ab8e8ec2d939facee8de9883f7dd09fe8f031 |
| SHA256 | b558708ec4118a476986993b370cf87233cfeb1ccc9ea98f6fc4bdb33bdbf4fc |
| SHA512 | c2736d4284e5781a4cadc5fbd9833468a4efc4df45bdf2d8c9133a5990a3e7957ad12c9106ceaccb0342a832b0de35dc8b3359242ee99eeef0b057b8984dc2d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6580e0978c8f794ff3955f47c704aa5 |
| SHA1 | b724d9155a72c348d2599d896257d28b4592d9b5 |
| SHA256 | 72ca03a53462f152478a07bb125a5fc80fe6b6b224db93437352b080603b4aa5 |
| SHA512 | a72ef27494720a80e94d06ca5b64e5b69128293cb77741c8b595bbbd8753e28a5f14e7754e6171eb4cacd95c2cf736a62926ecb1541a5f1ae1cd452f1a8b795a |