Malware Analysis Report

2025-04-14 03:22

Sample ID 240612-t2dlka1gpd
Target a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118
SHA256 b203ac4ff7c8f426ef750c4c86225375bdf2463be04e9954d1aa0152b6069699
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b203ac4ff7c8f426ef750c4c86225375bdf2463be04e9954d1aa0152b6069699

Threat Level: No (potentially) malicious behavior was detected

The file a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 16:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 16:32

Reported

2024-06-12 16:35

Platform

win7-20240220-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dd7d3301fe06c4699f0051b57d470f7000000000200000000001066000000010000200000004a1c50a1f8da973f1d82ddc30a5656f5171e4b00cf19795f4f17d09a51abb6c1000000000e8000000002000020000000e78beb8ce6a6c182f833e534eedf2d2ad59838dbd0505568554279675bf8cf9220000000f9b686e141f9c9651329f70d8cf0d5f4a927aba7705929a497f196c7f7b5628f4000000037bd52ef53dd559fb3ca11020b95d3f1786852aaf025c97adf7678e9942d6d8fb9dcb099f0833ab93f688696a742664945f34f2c700dfeec861a751769871a99 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dd7d3301fe06c4699f0051b57d470f7000000000200000000001066000000010000200000002e9119defdeca432d61c80dd9380843c37a1c601f69bf005e56900d0c721d67e000000000e8000000002000020000000de9cc477482374a03577979830d1c13cd26a92bf1efe9c146ad3895ee5913bf590000000c900de694442c84bf382b9c3c74641087d50b88cbf0c3727809de42c57e7fe34323b1dae0641ca0f6c5aafca3daebe05d2584e62093d41a1c18bc1d17cf3aa10aed5dfa90d6d5a50ecba257e1bd99cc11406b4291ce88a46b6b6db3ab716dae006729cecf6d9391f0f90e93b0cb4b0b1dbe727157af7d498c073b7e941ff3f27faaf5b497a05c89af9542cf13540cbda4000000071b120698806d96ceb0c52891309882f8fc5e46fdeb95b394720256d33243c2de66d966e1ab1a803ddf281bf3f0f0d35ddc238b5a33f1a6e712890a5937a0739 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371839" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0fb3257e6bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6964BA71-28D9-11EF-8B56-EE69C2CE6029} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 90.156.132.125:443 masterhost.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 88.212.202.52:80 counter.yadro.ru tcp
RU 88.212.202.52:80 counter.yadro.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab12A8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar12FB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6eb38bb7a30e3b82daeed7a28a87c5a
SHA1 1cd0d99138b3f5115ce61a1450e4689b812232da
SHA256 a4addba0684a77c123ca42e57f734cb35a762a3065dc31c20cb933002a780ee3
SHA512 5772a8ddf5eb1dbe582bb816e15f9cb59fee5f543696a402777fb6d9074df295eab843cb1f08609da0765dd8d8552c203b9e3f0bd4f09f8bee42c27d02b66b60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 299a479abf797468d6c1452ca88fe3b3
SHA1 aaf48f1e5660cde107cedbf87e3305a8c8b0042d
SHA256 1ef2f630f618c43ac146d642a4c34d06f98b05e7fd6c13e778e6c7a38ee24014
SHA512 4907aa6b71db4e399d2e525ba5c5c3ae174f0a12939ed6daf896a5b1f61277c8705035c438bff891d761d2af43ad9b65624e9de7234faa3bc91975b21b001436

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5229e21b26389b5c75875140420cf85f
SHA1 b6b33fd173ee6ecffaf903e1a6b9bd5b184dd7e2
SHA256 e0dcae5f93b6b4025a76b4473d20b8e36bdeea354f4345f463635f08faa24662
SHA512 b23e86457662e3bb71e3c8db638d201cf4bd0bd5a8af7f63df7a709478cc97f4d4164c29b9ae765d16e276f5ecb43320b96eb04edb2f92fedcda3afcdfbd1086

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4384c467547a68c75ba9bd4a867802ba
SHA1 90cadcaca7dfa3d48e816ea419febd15390235f1
SHA256 b04e791afb1323cd5a80a497e30a0a1444fb4928105a090bd91462c69df1beae
SHA512 94ee7774c98bdd9b9f8223405da3333886e22e2ab0afd13c9e8f5e0af95f78dd6ee5a1adaf36b574d13beb539e57087ff6827a266f67a65697ac55e6001f6dd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acd48f53e597ea23120af14e3a7f8b3b
SHA1 f475fed671e46cd3b53ac632f1ba3de6109c3512
SHA256 af65676b664cd218a8c41b0635634c12d68a678ee2e0c387d1fb27652f3d9b65
SHA512 1d3c2bbb80ef219e707b4e74e1b95d6e1a4ceb199ff6f3749b4219993b96a7c2c6e47a809a9edf87070cbd3391a20fac36e96f58fef64a7e009b349241e0db1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6649c6416b57cdf9865fceaca2f5affb
SHA1 17d23ba9f5a77804051b5f0eb8de9a3b5365bdcb
SHA256 4c6808c8dfa2bd31f33a93f31f222af9d379f8af884a77e460915bdda9b5a654
SHA512 d292b59556480d1975bfb4334e890be08a159a2325d57f844c1611f1305f05477b5aa34e7e7f32be5f6734b76abac21ec314e44c178a24c61a75aa90d83dae78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8813cfa0a8d0ab9da0067a2a6e681b9d
SHA1 597019bf67da11db4a2af532006c44e4968a1e88
SHA256 03b00b4df67b534021def9dfbb3578e9d0ff470a39ce3f8d6afacea0f9152e22
SHA512 29963e26dc9aa1b0dfa2c94db53adb38bf945a43c36b9da4eaece7988cbff6d6e8eca88f071197ecd7a526042c39644074fe0ca39074b889ba91d5233b4a3561

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a6735ef3b45653ab87e9a00b2a08c33
SHA1 976f20036df946a06368119782200bd12a607b61
SHA256 4ad76d1421ef382d6ef0106dd5987e5e2d736364264eea64d215dddb2d27245e
SHA512 30914861265353c5f784216fcd0b3ffe8742686a5d52d5c950cec4ed50d79affb40c51f6f8b9e28e762756dd02ae54f7643e6287d898b87bf1a82cea67267822

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 94cb4a0415749e1f7c4899e1c104b6b7
SHA1 d3a95848cea1283301e52dc1d40ee48858b67e65
SHA256 821cb23c85432519cc595150d76448e4ff4c50781389c81675d222a02a66fed9
SHA512 89f71d66b0fe28977d4302d14b7da1bbd5226aeccd8ceec91cec6c16653da8edf7d1624ae15a6691c7e8968f17201e1b63c1610aad449c3a481095454ae3a040

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82955a665000567e81ade91f75695dcc
SHA1 40d08411f17b54c6a9840cf4395ad438108c025a
SHA256 04a858fb89f6ec0eb8714d61e8345e97be928552a4f0bce14e90c93db7d9544c
SHA512 d94805844f8798086d4a1da805a67e3b23de75b6901c884d4dc2a205f84cc045d92abd7862d51b25e24d5f6010cebb7d75d4886f4705f948e412726c87392c0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83762ef84a0b628f5f74ac17eaa92caf
SHA1 51bf3e41e9c9ecfeade37b8edbbef5f42032d71e
SHA256 21895298229ebd872b6283af448f5c011534015e2b717fbaec0a94c541c9a43e
SHA512 8b4f157c4557d99a559ed17d706f020b23b31e938b09dc3815f3505d7e798900d635c4e43a0b98d3735f2605ae209bb6d28b068d88ec9ef1687b4dace20f0557

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 811ccbc42981ab0b9a31a24fe25f9afc
SHA1 59aa32e74a7fa9ec74cf642e5f08042d048f69dd
SHA256 138ad3ce0363c4a85d72e8497b676324697027024e728d1c83ff5cd4512250f0
SHA512 bee49dfadf89ffe1250a24c74535a62413227ff5c4e528c1dff4963c630a173c8f2bb8473b4ef4a77b0262390c534a9ec6318dbe569767f065a722c7725db0ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6209045f55e9c93e0dc14ec125faff69
SHA1 339d0496ea8ef992dce6de5e8e84e776ad036613
SHA256 0b3ffc2c8a62fd24953894d3218114f287dd52637e28e59d3bd4489a55d51f6c
SHA512 931f1fbf5912571ba3e4e8d28fab9773ce5504873d51803f121f02562083229ae3096fb214d8e3205e139af08e87a981606afee27f10ff81c4b6ecd519152212

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee1faed9c24294b4c2069f27fea1dc1
SHA1 c8fdd79f5e21bb633197c07bd0317fafbe0ff09e
SHA256 f01e4ae2afbbca97508c4c47658ecaa37aa97102853e0ad1433b4600289507c1
SHA512 783c98d48fd37ba8a126ba444a3437db3d17a4d3ede5a5fb8ab772eceb0e533f7952a080ed40bc77b4e65de19b918a6c223ac11fd7573e056832f921408cdd17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5c2280176d87db667e3f92744f5948e
SHA1 b0e409bd996b246abccf746632773533f4626a2b
SHA256 797f6afe024c1513e839b277c839a9bb929013d4d098f02d4222f435852c0b51
SHA512 eacc23e51a73145e803e8770268e0d5e774857a98ed146db5f2981ce25552b92dc6da2480beeca0537cba809b4ce415e0642b150c46da6d2c9a2f6363b9839f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba5401004a618c96d42fc6f15f5d57b0
SHA1 0ade08e5c3171499c8c1dd71f63affe09c1ec3ab
SHA256 804023f4f29b82a40d0e276d150739a38bdd61c6a06fb8b51991d14629c50882
SHA512 7460bc108f2f244f20d201d0f0d1ac46e42a638e84a33296f30a9dc000f198e9231ebcc2ac7947c5bced2ae5149affae5e610adf547e129c18fd424de99f50e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6ffb155a7ce140915aa836cda042c03
SHA1 3990ff0494fd91de01dbd5085c9120e7b3fe707a
SHA256 b44240a25dde044fcd497995979c14fc7dad03ca474b190114d7e0682095f26f
SHA512 6479862d60171631ee19e7848fa03eb8976976e498607cf01a1144b4b13f5a120751882d00d6c1a7811a946e636d75d3e3cd1102fb5a9e1c720a77ec8914069c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11c634f07ef0741bc8112e2458c14cc4
SHA1 3740d3d898f6b95dc7d41266169800ff17c42d78
SHA256 3a774cbeff4acbdb04198ca029ea6297f9a0f94ab6c7ed6d477ead57cc61eca1
SHA512 4bc869e72c4b20f1c2040a0f2eb16a30675746e1e5d2c02ac1298d03c5ee0ba11ca0d702a8b170b2c1017ec25d52071c90fbef3300e85037d36dfaca67be29a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b2aa0606ec33ef0f053cdddd655c6f7
SHA1 b2b17b14a90a985d385780d2ec450ee6b095350b
SHA256 85b39201d97ca6727079f3201652a34b7ef0f9b43a38719f2de148568104e11b
SHA512 5b501a10886bed67ec84bcb035e933895ab0c9111724d321a012cb0188a6f302ffb62837dd18ed565261e303a741e450109ecafea9c3d718ab73a1bda606061a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66ff9a23e9382c400be22a379254a9c5
SHA1 341c6fa97ee2bb71d0d20d2d080aad7b1e99b267
SHA256 4a19fbfd6be6efcf1d07ac86f87b0bdb1022b6fddb00360a4a373e57fae77a07
SHA512 6c9865f819cf1b15cba999a87b351971bf62a3c6082f21ae436e5cd94781c4c49211b3d466dd2a86916560dc5f5cdf32709e75dc9aa16891975d0ec5422288ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee9a6e2a509c55446f997a7009eef981
SHA1 938d47655bcd49464679a707f808aeb57c286880
SHA256 ec285a3e560e4dd1dc2fff9fff182032ca73071f6fea1c3cdb2b39fc30a27219
SHA512 05dc8630abfeba097cd7db206ace33c0db928f487b6193c41982adde9618c4e2d77f6af15ed53b03646a0457f748805d8169c1a4796ce1021f95a9fe2af08227

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd9156e53b35d50f217c6b8e62b6e6ee
SHA1 c1f24960386d8c3791f740b3649d9313175598ee
SHA256 8c71c4644368ea6ea8a9f5ef25f4cd4825cbd97c16bf0bb63b85713873f790b7
SHA512 c9ea9be026d152e026ca6396674fa45f48fb0c5f3995514c637d4272f01d66cb08249f2addad77905915942f693089ab5ccb9f29a8492c8ff673d0bb0c0fa7ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2a9aa21e6e0307d7b770c2ee0827ef2
SHA1 fb6a2dc3f699fde0adf6cf4f00d99ff24bc8ba43
SHA256 db2a4a0b9e5fedf43c63406b817e218a71b122bb9436318900ca80582f29612f
SHA512 9f169f1f756f7ee65c6635038167151a2dff06513367130fa1fd66bf226f29e56437985b1dcc2edc64dd1fe2ba7f00ff9769b3ce37ff60e1d328ea4430238cea

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 16:32

Reported

2024-06-12 16:35

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 636 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 ads.serveuser.com udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 bs.yandex.ru udp
RU 93.158.134.90:445 bs.yandex.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 masterhost.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:80 counter.yadro.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 90.156.132.125:80 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 g.bing.com udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
RU 77.88.21.90:445 bs.yandex.ru tcp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 87.250.250.90:445 bs.yandex.ru tcp
RU 213.180.193.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 bs.yandex.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:445 mc.yandex.ru tcp
RU 77.88.21.119:445 mc.yandex.ru tcp
RU 93.158.134.119:445 mc.yandex.ru tcp
RU 87.250.251.119:445 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abb390875eabb3e110ee427b4b1f6ab6
SHA1 892f9a7691e314696dad5921a925587673618d2e
SHA256 9bfe2f8bf268854144fea3409c0dd544647cd3c6eac3c58323e5aa160fda04ed
SHA512 f61030a56de81efc73c7403d2f8ec5c7f7d10a45e4b3bb0c59e63185e7160a5ab7ad00e9fcac7f42a0ac70f4eeb81ade70db5e33d588e4c86942bfd653cbbd62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e0798f802e2c979725ded58c308da88c
SHA1 1cae0fec4e3eccf1c17ab08dd0936fde18ff747d
SHA256 80195426348920df0a8303a5a3ec1606d5e1244968225ea00b08a0ff73375e8c
SHA512 bf3fdcb595766982be5aa1a2fbb3079bfec7fdf8eb3d513cef1a30cd513d9aababe7a23cac63b7f42ee473ab5dfae5ebea9900c8b7f2413ff718ec7168987d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 360c168d10683677d75a6c18e1d0580d
SHA1 efeebf9e1ff7c0d07eb44d4009ca5716f4ea4318
SHA256 91d75df1290cf0992b2026f0f784b6e1aa038669728f37c5a657ea3db161e8d1
SHA512 801dac3f1e41ffba7523515ae53d3655cb7927649901f45abf2e205fb28ebbaea49fedc291c9c01ad88f500c6e707383e02abb5d4f1d40d8862152936017025f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bff6142718b663ecd8ff26db3003f747
SHA1 6c4d2a3d5118d405859b94d5e6c5db1dd182932c
SHA256 1f98b8c8adb5c2d5daa96b5eb9e23491a9cd7d9b5ebef2d2329647b21b364935
SHA512 cc78ad6c9a4d3b349df545bdc7ee7648086d19f50769e356f9f999ec68edbc673730bb7c4c825068273fdf31d1220d70c646733f7bb47e5c33ef02e78d06d1e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 84b28e8ffed9fa0b8f6a91b5b31b308d
SHA1 efaf4dff37c34966c481eef0caf7dacee9e2a78c
SHA256 cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c
SHA512 a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9