Malware Analysis Report

2025-01-18 02:23

Sample ID 240613-bj2lkascqk
Target a34eef585de492f96d2553f4c0202a17_JaffaCakes118
SHA256 4f70dfa551aac1951633dae6691c137d896b95bd6a036a3c27f780bd4923e702
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4f70dfa551aac1951633dae6691c137d896b95bd6a036a3c27f780bd4923e702

Threat Level: No (potentially) malicious behavior was detected

The file a34eef585de492f96d2553f4c0202a17_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:11

Reported

2024-06-13 01:13

Platform

win7-20240221-en

Max time kernel

137s

Max time network

126s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34eef585de492f96d2553f4c0202a17_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424402943" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c252da682cc1934c9cd2f57cee5a31a80000000002000000000010660000000100002000000017ec348fb5fe55abb68b586ed10e24e5fd4414defe1d36989be92d2adba92660000000000e8000000002000020000000f561a4c1618d597e6f2d9653ca6590edd763ee625b134b3355e668a2e7433126900000006a2bc5637878eee0e99d6c437a8441b9f2403595d2ecef8e1828cd144bf0f4ca22dd36545ffc38be09fd1df2c6c35aed3f8acfbe39d9762c6d86eacf2456c7b8c43f9fedd81bbac3544cd3b13bb96dd87ab89e2d7e8b7d3ad93e32bdaf86ec327a1ec99dde50feb41b2f4456484aac39ab16bf8e243ff34fbd0b261d3823f419082b35f7e44d0791767c9ea70eab915840000000d11ea5742e4e367e3b1342d8888c57728330d22ff5a884b94a16fe532e08ef5c204401fcea1c66a25b970309abe8d717095b82f192137015974ecbced6082d20 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4E14781-2921-11EF-83C2-E25BC60B6402} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06b25e92ebdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c252da682cc1934c9cd2f57cee5a31a800000000020000000000106600000001000020000000cdcad02a1d84192ca6d75da66facdb469b631847310b7e69237fb2514b296cfa000000000e800000000200002000000066ab400e3db040d32bb037abf9da3f1b4652a13d3633381848694a56e34f1fd62000000014f6f3151e54eea76c4b5c1fac5ec5bf277c9e3b7d21a42fc4d6f9ea999f3c34400000000b46f9150e00f1a97611334b4608513bb5dbd92627c0bb0cc6c28102ab923fc26cc01672e24446195ae1fba38d19ce602a26b94bf6d51bb432f39633e179873b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34eef585de492f96d2553f4c0202a17_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.canadianhuntingdogs.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 allfontshere.press udp
US 8.8.8.8:53 coinhive.com udp
US 151.101.66.137:80 code.jquery.com tcp
US 151.101.66.137:80 code.jquery.com tcp
US 104.18.10.207:80 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:80 maxcdn.bootstrapcdn.com tcp
US 172.67.165.117:443 coinhive.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
US 172.67.165.117:443 coinhive.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
US 15.197.192.55:80 allfontshere.press tcp
US 15.197.192.55:80 allfontshere.press tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
NL 212.32.237.92:80 www.canadianhuntingdogs.com tcp
US 104.18.10.207:80 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:80 maxcdn.bootstrapcdn.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4917bd60e104df67fc8d0d2870b2b439
SHA1 317bded9bc3756e716876e925e51618811754def
SHA256 9ad59ea8e30769081f5f15a3ff614fb80bc48462531da56c3bc72672660ec8dc
SHA512 6cc9f95f69e10b9ded8ce23e9e63b8a94f240c990b0b89b6eda14904c9778cf586d92ee5206ca9736748804c1e23e201cfa62cbcf6d44a89c4d97614035d01c7

C:\Users\Admin\AppData\Local\Temp\Tar1DCF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab1DCD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1F6C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a9a46ae5605eb63acc9d0a514a82537a
SHA1 ae5976f5b6ab119ada104c98d1e39876b3e605b3
SHA256 76dbf49b50a57effab1882cb58e441e592f3f5e169745484a59b394a0912b199
SHA512 74c052ea3e12632b10290c2e693ff1ff82db8619010e4dc87a1b5d59421407938758cbd59bbe2f0bf4d1a21585dd442f8340f2e5b6e66cdda4667c3f52e480e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b53b61dcc62666f47bdf763776947fab
SHA1 7f12cfa2da2740aa4794ad76f58b744b956e24cc
SHA256 96d57da3c44d36553486d4d5cb17ee7c9895a6c620f43dd76e676df54c0716a6
SHA512 a9100f0e6ac73b53cf1ba791205abca4b30cd610945231d0ef4de141ede8fda2195dbd14dacb92ae087a97675ec1f20cc3a28c21344b8cfd711449b9edc59991

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 497440a8353dd869b0aeeee0989b0a46
SHA1 e451d2de22d1da7fd6ce5733c52cfb31cc64409e
SHA256 5815c3f6ee096062deaab9e9357c65ae297992fd694d3e8e853b56eb5c74c71c
SHA512 a4302d7153703d9920347f4faa0bf33891e4f51ef905f60df571cf2e9f236b48703f2f326487b015ac73165127fc484987a1cbe71443c648d14bba5da587f3d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fce769fd15a029112e9dc56195c173cb
SHA1 73d3a3a0d0272b09754e02a7b1dc6e6c467229cc
SHA256 ee610433f7317004ef14386244feee696de5b03828fefc0e30205b1cbd69c079
SHA512 f17611f7297063c23e344e20ed8e93991d5c2e7c4994a8f6368e235bff62cb139c61ca4ba05f36ef2a82efa5f3a89e567a58dcab745dce6bfd4c3877712ca727

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2115d53b002b3247949056d72edb79a
SHA1 bcfd2c3fd28f2a7a3d97a2d6c504910d53f9f696
SHA256 3ef9677a65e8b2dbf2834798215a56709f15a8c9a23881048028761671fd8c43
SHA512 56f2f74cf7fc37e47d9e4c7b0cc5d6005dd7f36534a86bbbd17b114152e2f6a3d07abf08cea58f74200bf67c234b7ac1788b0ca288cad1e11e2fa0058bf35d9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a81185ffc0acfcf623e7c711b851bc02
SHA1 d772dca82b7c1fc6cb8190dc7de0bb77ca8c097d
SHA256 6f2560204755ee18597bd977784d2f37fba365825ab40a49e10e44cae8076ebc
SHA512 34354dbdd8c79ece93cadd08c8697552588bdde24437ba3d5b52e07f703d8c88add0bd431c272aa0d5f4c549968e0026875fa8245bbeefafcb14664cfe5cc9e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2914b53d0e24a21052e1c2b0fdf0bd48
SHA1 85695cda1448f150d9dc2b08cefc56ea43a847da
SHA256 eb5b1a8bde47091c8d104dea9153ba7192f8c26734363c365b5b1f6580b28681
SHA512 81d5d17eed95d76203f6d3ae29a2f2c2290ebbf818370bee508bcf2d6e4b30e7f1491436b51d61a1814f2dde24b0a9a9600e21f0a2b804a9a7283a7513383cb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c250ad1e1dfd4274c4a2843f03b47911
SHA1 0f1e7a2f58524d1aac60d42b4ce831edf6d0fdc5
SHA256 e2d46412cffda14c0474a6786d738a89f77fb251f79611f8afd42225b581fc0c
SHA512 2111494234bfc8fa2ddf8ff0e195633f3b14441ce76ff2dda37baed4a01516121d780e67bf89f68a00abef4e853b009e8869dc5ee0178daefa98a8087f0070c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e0ef08ed171c09407802a629805100f
SHA1 7ae641db798483f689cbd954ba2217f8dd9cad44
SHA256 4b6cd75ae37886f98d0038a677b57f91018e4fd1debaa1645908cff7d0c7b5e8
SHA512 f83cd937861928bbdcc11f833089fa99bb7e85987e4c1ae329a3c40cc73a2d443c218e03bebf988b027cbe19704d0c7a33c9342e5eb589752ff85433f954a34b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35575f007702394219588f6744fe53cb
SHA1 77f12fbadd068e504ca9096dc9bd06199109a03e
SHA256 b559034ceedbada1d90564cc68399803e10d9edd4cdfdc2d5926b090b59497e0
SHA512 a8e4ce543a853a6f097eadc5f0ce02f3270d2bc62c1d57b4575f98f48baba829f9acbd15c043ce73ce3e2f370889554c863168c6e00ee729546ab275c5b5cb4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7defb9a09349a873eed84292714d61a8
SHA1 296cd0107318ff4fb1cb54eab6a73a5a4dc2e8d5
SHA256 4356cca06d7c3b4a0a6e9d6bc366f9456b6c298ac451ee97aa409c497e2c0b3d
SHA512 5651dd78e4b9d3b2a5dd62ea35232d3c3dfd972da8b535cde05784e4d358843b415f971fe3dd17fa39db244905ac9fc1f1e415af355e34d447c9fa29398a36d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd9cfa3d8f4d985c5db4ba406b2a62df
SHA1 b206bf41f6bf806f01c5ed6bc968e58af4f0b71d
SHA256 dddf58d963262a38cf41259b51d3d03ecc24fcac3b83d7124924b7ea2e1c41f9
SHA512 6d3517485b57cd66b27e692447e5d262aacf73c24152303b638b2c702a59d8ebe18863c561c86b5705be327c2873e24085dc112c08a497b3b85f2f181533b0eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb6149152a5311ec2ae8261222f19608
SHA1 6d1c3e1f10f5a414d2323ae9a95a9713d86d7f7c
SHA256 14de0c42069b46a3c7c47b5dfb80b32628d7c9eabe07d9091d28a88515197cd6
SHA512 8642b0adf6cf5c468cf271b7de24ad9484156cccfd69ab2a329f4b0ac0ec5d014b05281982598fe352524b94d6a27231ef171b0292f6dd13233e7a7f156c35dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a91de68d6ad972547684a56c7b08b71f
SHA1 2927c8f8d5a4f88cdf891d35d2f9ecc3612b3419
SHA256 64b52782311ba6cf89e67f00b07e2774a9aa8fac4fcc4894fc81e0e5d4b4d886
SHA512 ad8513f5f4a23c33d02eb38b2e2362cbab667454072cc819abeb7484f57776974248e4fca60c8cebf3f01f562273dba4d995f66fd76261955b189a8e7c507259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6426a71967fd1cc15c0172c5faff198c
SHA1 1584d1efb1ce7fcefa782c34d9f0369748f75664
SHA256 0fe10f213942fd90e459411b9c1147b8e39666aa18e78e5c4355cd6e1f60bf48
SHA512 a35b33ee3e9be4b6e8d20073d08607885e8160fb592e22b9fba72b86abbbe813c523395c7056e04e9b2adc8a7df664110feb248bd2a62a7b58f42be952cff6d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ae38334aafdd6def715b7d9a35f6dbd
SHA1 dbbf1ff721c958e1ed4d20881e2f27ad35748de8
SHA256 2e4e5ba7a11bc409a0468783650bccac8ee1c8500ebd8bf514aae54a0fe6f8b1
SHA512 74ffc751f698d57410829999b1cb22f2f76c4bf16bf55ab40f521315a388f519cb87e98f2a710d5389c078ba0685226df21eb65151a73da9d4f79d0cfdead513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9d7bf515629656fa086b02d1f996a03
SHA1 6b4972363ecc4e236ca544721e26ba0ede6f5125
SHA256 0b7992f5fcc40bd0645747686ae09f99b8167e9f49ef9204b7d1e96230892873
SHA512 84342088b8faefad4bd9c9d90a3b2e2cbf2ecf68c2f5614a439558c679f4f86b13d0f02673b9f695430ad52620d1e49b9a28867da164ca9129656fa48ea29248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ca1d3323fd1cb25b786e0674527fed6
SHA1 eabed4850d96228a999c47e35a0a139d9adb6596
SHA256 314762115f8e6064fed07d80b481c7bbcf9e93584d7dcf79b05022658a9a73f8
SHA512 42b944ad384b2f5d65bdcf7e6c428dae2869c8a66bec34c68845bd7d21dd2fdea52a4f10faa6c27d59f0cd5a87a57c9d2a0160be7aa507db5a659ce1908088a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7175bea8e31d8149b49888630b815b9a
SHA1 1caaf0cf5d7db4109b48e2a09f5acf0904979935
SHA256 3f6b8885886a210bbb215f715ba7e46b3ec7c690da5129ffbbe59038735cb5e5
SHA512 731e373377d72e9a72c3fbb436125fccefcd0d366dc7ef7ca29e33caa31dffbf956f887099d6c8c20b9c22592cde1aa6c04274c659ecb3bd10f542433a15ee7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01c5e328070c1c4b7e54aa52875441d9
SHA1 c8de26a4f11527e54ef3cd16029cf0fcf3fd3d17
SHA256 e06e4d1b2e801efe9c5168ff24f70bc16d9df28870a5c76c782d3a4fc5f76369
SHA512 93670f77a4a6e105e959a289efafa5d5581dfd2bdef5c8b32101933d05b033a93431dc0aa395bb892d8f5f468ca5477a775ad4bf1987f398ca5d6153f5fcbcab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c44b03bf5a84c32982f7c75b525fd28
SHA1 087935a79570f71793c088f8022908464ebf3258
SHA256 7a9fb5c679c9ccc9cea1a9616c9fc6b98b2061f3d9af5d0b1cf8485173099b50
SHA512 bda2f730270889ebdbb2601b18a1a618e3b16dc18590e2cdeea9cc54aeb6d75510f5117b048d79df52c070ca4e5c858b44d019b350d406e8aa7f8bf0b8fdcb11

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:11

Reported

2024-06-13 01:13

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34eef585de492f96d2553f4c0202a17_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 404 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34eef585de492f96d2553f4c0202a17_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e5e046f8,0x7ff9e5e04708,0x7ff9e5e04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11442058660443404692,1158694157248152522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4388 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.canadianhuntingdogs.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.canadianhuntingdogs.com udp
US 8.8.8.8:53 www.canadianhuntingdogs.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_404_RQRVXOYRHRVSBIBX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f781e9c3e98206697a61c4230027e580
SHA1 f41838d3cc9f0cd33d68d2f3790cb40a94b44e0d
SHA256 56e9eb8b2c7f8efaea04924524694f9cdb2f34217c806d5a9c924a57404467bb
SHA512 2bb2830e10d9cbb3a67a417fbe62d386eae553c7439c777c10d21e55ec28d033142b3cba1e4240b9ad63f6dea582977220e503b1f4f90974df2b5e2f79dadc85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7cf4c4fef65f8f4260938cafe1d6f1b0
SHA1 4ab404489c5127d1e095af53d20846ac2dd005d0
SHA256 bf2b75e5c721ffa63bc9bd70bac373f6babc00db65ef2f29488de06f3134c1f2
SHA512 941ddd021bb3ec1afdfbe47a2ad48e2a58ab24ad337e34ce45c567af8a1eff862bd3dbff109ff3f0b3335a65150bd0c2bd490a3791fa33e8074d9e1acd097013

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93ed04c1b012794f33d16f87b5849e7d
SHA1 d2a0aea3f272048c5d8890b7a0a209c19bdbca41
SHA256 e78fa6632595b622955dc309043e0cad498dfd96d6ddbca933241651f3a3ab2c
SHA512 fe3aadb8da4c04961a5d5c783932fd4da614acab4cc0ff65b916ac9a14b5e63ae0013cfe55ee3ddf393a42e5336ee73e24b76b96fc6342a91a4329f5344cf56b