Malware Analysis Report

2025-04-14 03:17

Sample ID 240613-dez82ssbjb
Target a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118
SHA256 d4cdfbd5785b62177c013440b86391bbd8701e94c149f438190b323409e2709e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d4cdfbd5785b62177c013440b86391bbd8701e94c149f438190b323409e2709e

Threat Level: No (potentially) malicious behavior was detected

The file a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:56

Reported

2024-06-13 02:58

Platform

win7-20240221-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78C295D1-2930-11EF-8A7C-66DD11CD6629} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0353d4e3dbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409231" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000704a58ae95b2174ca1b8777b979abd8d000000000200000000001066000000010000200000008526d936e6e222b6d6ce347fd3fdb5d460f40cea655df66456dec944bf40343c000000000e80000000020000200000003ffbdecdf4eee45803cc4f71f5c9063363a1acc664f2b2ebb4a34af590852a3f20000000fe82c9679719d0bd0480ca49408e1e295db13011e308a8b7d36101968441f4af4000000079f2a77481282f3138bcd76aeba2e2cdd242d1e690a3aa4feb20887a7c3c52602374a301f2f779e7d87c3270f30c7835488eb21c513ef4def69b0cf0493ad960 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000704a58ae95b2174ca1b8777b979abd8d00000000020000000000106600000001000020000000252a4e96ca62863a60e2ee51922a3c44006d532be5f539bff06c0dec0ba53b14000000000e80000000020000200000000954240b18b37138c3ee636ec559bb51d71fc6db942643e1bbc28b2115ab870290000000bd0c8929f6947587d6dfe9524c114d9924893966578e81425c92a367199ca8c0ce05d7bf980a1504cf6f48811afabfeffefdd42ac744e131f8f6a907f88b9932abe336499138fe5a8da1d48e353d39502010281b6dbe137ff2b8bce5077e667d19a45b839ff91e442cc9c3739d58c2e77ebc56a20101e03685ee357552d810e32742383b50c6a17d79f5159bb7c5e28740000000a275465eed9899623e25a4df0fc23d21e6a68b99216f13ed546946f6d63f583e167bf129a6e79dcf290fcc509f700c5232e8cde8b327fbf16cfc8656c6bb1cb6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.yaporn.club udp
US 8.8.8.8:53 vwijf.com udp
US 8.8.8.8:53 yaporn.club udp
US 104.18.10.96:443 vwijf.com tcp
US 104.18.10.96:443 vwijf.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 ww25.yaporn.club udp
US 199.59.243.226:80 ww25.yaporn.club tcp
US 199.59.243.226:80 ww25.yaporn.club tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE93.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarEA6.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarF88.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e928aaaba4ce452fb927c66d0f4c885f
SHA1 73ff867875e5b2e2d35dcbcb6f6d4906641a2116
SHA256 080bbd4249704d636a9a96b95e8d13ddd92232405e996b239d804b1cc37cf31f
SHA512 ba649998b413d186233718ecc77bd5e24ee344aab531897968279be1d690f6f345f45413f5f045318aa1c5e8c6d44b758f2279dd282903798e8672edf3ebfc2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 c09d96399a4bce5edfadc6f883ef951c
SHA1 68800d268f18bc4518e2dae1d40e45274e0e7481
SHA256 15d2ef086478d4a1012c5f171e5cc7ecb2413c18d7318cfd31127d31a6f06037
SHA512 7aeefaacfe21873151d9e550a44260cf0734f0269ea0eb5ed97bb8654d7855fef5588fa46c7d27eeda9ba76a45492f75fe76c7cedd992830b5424a41f63b72aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e39b4aabd36dd9192a37d48a851898cf
SHA1 e62f81fd52d00e17409813cf3cc80b7b6cb46535
SHA256 e2268c7bfda7203aaf04a30f8e57954ac45ba10ebbc06c5b86154b0f931fdb26
SHA512 a2bc72efdc0b4555560f330f05ed91544b18258f1e81780ca76b48d2b343a7735258e814d74d21a6de283d89fb660c2dcd1e5a9667def3883364db1b83d9dafd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CEC5B0E4CCB695208492C64784C4129A

MD5 f7770117dbd684837a9aa2f48dea2dfd
SHA1 0ab4f6e41d245feee125b3abeeb86642b4524741
SHA256 ad54a65debae5a2820ec8272ece415e80be5a53531adb000c36c30ffc8f6df00
SHA512 8bd6f9de8bb50a32598f8d28754e18aaa3e65083e10350994d858c78b4ed190aaf31909ef3c24a8fe0bb57858b642d2251e61a2e6b9c50eb639f945928d58654

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CEC5B0E4CCB695208492C64784C4129A

MD5 d4e4572b54a321affcac4c8d9b2fca57
SHA1 bc8ea90657ace88d6cd0f93df5b63aa8a4330e50
SHA256 f4d2bf6f726c0cc54d18dfe83f0d594b97ab4ca756bacde6a3e26b0c3260b777
SHA512 36a70dbbda1db8f46b7c6e96108d4368f512d87780c71cf5fd2b38a20b6008fedff9504b11b59ee29a51461d66e211f2e0763f3c7c28c2557226acc28c3d80f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbf270966e6fa7b7a7e7528a17f984d9
SHA1 ea6e48b66eab7bba77434d950e5fa9b3e1574d95
SHA256 641a89dd50cd4e965497b52c79775c957779f0d7a629f429c8ce3341d9dbc8e3
SHA512 60289fc2eccba9a1d0705f8c8d860f1102b236a88073a41e38a5ee20942f4923bcb6203d8eb3dcf5cba3276496cb04028fd27d319a694bc58856e6e3625986be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 456f2923f49e9926c5927755530343bc
SHA1 f1078a0320f5e6da160266b99093bdff48f0632c
SHA256 785e1b66e752096919741c11ac69cda457fc44cf3c26de12685813ed103c8e81
SHA512 70fda13e6f440b2bb29073a1dd37bf482f108dfd18a3b1d3cfff44e0d9d12a3d6d83f2622dfe63a5a2fcbda3284137eb93ba952b5ef3bc48c59f8c42da0bb009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeb490f2b757d186005f551dad992f2b
SHA1 7c6780403e82ead0e7c668575dbb5a614df8bd40
SHA256 8bd25e5aba52fcdc30c3e2dd217ab3c0d4905e263f99048331ab1eb61fe13b25
SHA512 05663e2286e775abb189384ee6bf67ece41cdb77efbe99e14e4d14a5527d307ed972f595c484816a14d907d93ef66bbae6d202ac72238465ed1a53a43a13561a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3677cfea5e8ff92ffde77956624ff421
SHA1 81afad367bbc305f0ae2497635bbf73b24810bee
SHA256 ce501411cafda648792877107fc36aefe6c65858d1ee10524c0d5dad0ebf28ec
SHA512 f8aff3ddb82cfef7869bbace5217977f59980766e38b1e47d43b96724b169a62aba70615767d385e2a6a2e3a1980da56fa8eb67c9a077160cf236b31b4094d2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 271e1e10850ea31e32f8850469b66114
SHA1 fc70d7835d00b3c5cd6b612a83d9cc070cb41fc1
SHA256 1a3d27be3cecad099be4a31196f5decf6497c72739989db6319588cdde5d2b38
SHA512 135db11d6b2115885c94f75121209c8eba875fcd1540030726d9515e528123d2e849844575dae744220e2c5a4f309fe5ec1ad839fbdbc35b0cf8127797da8bbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05e18809096634132d12af102aa37e14
SHA1 fd2d8a3edfab93351da7669cc2a299e22212a038
SHA256 a927411e7db9ac8f59174c7fc540c930a6a1c49ff7030e204d840e4f9e969c4a
SHA512 3f8aae9effc9e4b9d9397a3feb8a0b5065a7e5fb4ba8293c6ab282b5c83528978faf034b5d982b47e9095657f15ef32b992d88b82221986ae2f0bd7ae896d748

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d137db9121402649d84e7ee800ab0eb
SHA1 14fe541eed40cb6794b93d80f696722b16727aec
SHA256 153cab1cc6a1fb5d7806cddca9a0ceddac8215bd4612e09b3f52443789518b2e
SHA512 0599cb1000d1f8c23a24b95a665d70ded6ed358ce66f21caa44b179711d47037e98cd83b2ae39db5b8ef813c2707d3f5882fd703d17b4dd2b913b65f6aab43ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5e7b174a674621bfb7181d8045c01ff
SHA1 83200fe7558582fca07de64e8ff80f52b808226c
SHA256 fc07810a6e5e2bf446543900a252144d8e9b1346c0074db4ef70eda50e9660f9
SHA512 fb5dfc147ba4e4ecd4fbe90ff1bdd03b85eef42a714f3d8935bbe09cb8458c33f5caec001829241634be131c8a526b1460c09c85c91bfb5d6ee855c56d74fd38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f05942aa78a23772581b1dea34820f7
SHA1 39f68b7dc3e37cedee32e70edd96b1bc3a30ccaa
SHA256 ff22b887b3ddbc32905d1754dfdc4a042952739e1ed56756e18e4ad325c25927
SHA512 4aaf45e14274a836a86b9d19c53453b23d7f4010228aecae53f4647b6ebdfd50637d45d642378927985849e92a5265340bb73b36bd778c777745170d9ba13782

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd4a79c399f91faf3b98923d5b24ed83
SHA1 64e6292510d5423f86227debc6a5cb834d4efad8
SHA256 4677daec538e7b1e4de953aab2061066879a6f735e1523ce421496adde4b7de6
SHA512 2916108ffb78f8898a26f585922c9a6dd5801054328b9a7281780cb5c194376c9f62ba7b01f0d766a3de024f8ae6a47a0fe1e8e293d91f03b3b65215a133cae6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07138e741db5b32a36750390cda20de6
SHA1 7591552679816e5daab18794779666921961cef6
SHA256 200ed817533dfd43c22ae487419c8fd7d33fdb2c5042d7461d9d0401adb565b1
SHA512 72da564bad87c5cfda1d1cf10823c52558940d7acab42599b4d97fe5270bbd20179f01c3fd9f2f8698bb73e0cc102b8bd476fb7bb6e293fef888274f748559f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edea9ab188e8d6727ea7a6fdc81aa6f7
SHA1 082084a0b224cd33f610eefbb58c3ff5cc9f9acc
SHA256 bd02a466e2ccc063ed9d0b5f34d551c0c34a286df1710f84fdd80296354b3fa3
SHA512 d34ea1ae1ea3f5f5bcaf99dd162543334eacf13cbfb3e8a4b96bd93e697bde66daa5d605363e5f5aeb0636aad38e7aca80bfca25103fe67a47d7489a03d98a86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3ad651df3f1a65107088990364c93459
SHA1 812b20fa25be33026be3865b3cbbd7c4848e6ff4
SHA256 bd0a35d2d196c431de315ccfb50c4f5a61741af23ac790a06749346113d2706e
SHA512 9faeecc8eab9f3a6c7bd5062941c7ce8de4b88b6d06cad2c46a539fee8d57df90643dd8442378535cdb95aa60a5cb011a24a2c35ffa80f013c2b637e11ceebf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58937666aaa2234c3f4fe91319ba4778
SHA1 30e5f97744b57dedaff9907322fded93b1eeb853
SHA256 8eb69137cff2663213247a383fb070188e2ced8df262573522974b816802b18d
SHA512 e1f83ca5950b12b3a920ce6273f7f8025e3b5a675a5c052159ab19a349d43b806ccabee5a94337234e7eaabe600550bd18b6874ca31b9001a0e55296e5f63616

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93332abe850c1e6d3b802d2351a3d749
SHA1 c8cb84466dfff328169b9d4acf0ba4920f003044
SHA256 1919609d9fb4b8ff1f73ce17b73695755d74f680cbd38b911988337f26683dee
SHA512 9cb4e5daf0dccfa57cffd17176dbfde7c7f6931ef48940404644a8449d07810c0109a76c51f98c395bc64c7a472dff353ea4928d8b3c9141a7e845ad3979c888

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 880a2d81e8aeac9507ede981e208673c
SHA1 19fcc1a1e09c8b61afdc0ce248fc994f0bf704fb
SHA256 aed3b9918a699f069331a195cc0d227862afff3ec146634873c39db9eff73122
SHA512 ff0a35b3992e9986c7a57b01dfde91bafeb88070bd4c84864fc319cc2d76f8b318787fb7f018619f3aa81a7b359cc9ae1612636c6c737704e3f49d834c74df4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32ef7d71c0a77d37a41bf5451ce621b2
SHA1 dda40ce6ca6bd0ee543f200eed0d348d83c3685f
SHA256 6d1599d2938e8712ee55fda2e9b8971703e33beba4b2eb80f221d72c139c8938
SHA512 da2737d8d7b4e3943dd4ae1fc966dd4c7b62be0548dda8ba3e2c84990c91c82fe5289f99a348425fcaa31349943853a195099a06860d9d301cf03c372fda1e2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 486db924679a4429de68c2a2fa3c4009
SHA1 ffcb9831abe5c0876c5a83905220d8b2045cc8d5
SHA256 1eb43e52d94cca8f010c0ad0f25b62b38c092ebc641abfbc3f27b3cb284ddf37
SHA512 9e42a11c0d8311561724f9b3e75644472d4be2c69a84f79ecd599a5d7f73608e38d5aff2ebb5dcf2ecec1d7871d456952bb4298b84ab4e16b439132b9cd18b15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae213869f1028fc94734b2f29448bb22
SHA1 a2e46e5d6d0b0a691872965f8b804d9929706afe
SHA256 528408d156e747dc6465c49c4b9fd813526064d5990c079881d51b9b0d3b4312
SHA512 6f0d75067e3e2f18ff9f6027e9e7f37ad7f7d013794f698654215eaab830eff7bc06743f7b69710f523fc6d2c3d5dace3e6710220cd75897b0cd4b17d6b02ff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 adfbd78b595a92e225e5cf4fcf858df1
SHA1 676260d00f8ce56bcda47bd3e1c46d4928c44b6c
SHA256 b2b4d3b179bfcd11f3e724a2b4b93719d86b763dfe390613254c45a2682e611f
SHA512 a79d6a2e5c23c9420cfa3a1f302f41ea3bd8187b00f172012078d6cb4aa4f269ab37c896495e66565848ebc4265d12d5d153a53f47a16968a4b8cc40b3aedeb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3d4bebe70efed904499320b991e4793
SHA1 696ba81951fb599efeec51a165110abe7924cac4
SHA256 a9d8bfe77105f2df7a500da7dbd051ffcf1435e9619f1c1868550f4036fd2d58
SHA512 df7de6d7b1f16b33ac6d4a82c918c8b6607a100e9eacf33f0b0ce4b61fa553e94908c1f76b30d6fcffbf3631d4cf1f15e8e14ec1e97af1bf5472e44d19c9c5a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb54eb5b3cc89cfc6d33b41cfd82e8a3
SHA1 7204104b8b0614063f9ffe3e8292c3873a8b0576
SHA256 5d5a9adfd5b6ae850faa80cf53aa7eb4478f28ff8580fc72e676f871153f7759
SHA512 8627ab1d8a5b338f871ef731fdf45f567abccca5b019c9d1d157407aba8dd9973377165936ae41f71969ae048add3911a3d5186037f19ad3700a44e58bc0c93b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59af1cd6bbd0e93388c2a47c9d8262b6
SHA1 ba82cad6f44eec0d3f11de9219a702c3589bec93
SHA256 ad4a917a1ade3e819275a15d594ffdd505f262428f8f4ba72b095c818eae748f
SHA512 62661aba0d7ed9b7459a4e526b8de3daa962eacca921403faa1e60fcb8bcd650463f64a166925ca3f3e0e28deb42f4a2b34a14302d5952928a01b44352bb4b89

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:56

Reported

2024-06-13 02:58

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1748 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1748 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc47d446f8,0x7ffc47d44708,0x7ffc47d44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.yaporn.club udp
US 8.8.8.8:53 yaporn.club udp
US 8.8.8.8:53 vwijf.com udp
US 104.18.10.96:443 vwijf.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 apps.identrust.com udp
US 103.224.212.210:443 yaporn.club tcp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 96.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 ww25.yaporn.club udp
US 199.59.243.226:80 ww25.yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 210.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_1748_IEAMAKFWPJGRXATW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c594393cd113bb2687ac8efa54f78d0c
SHA1 b1375e63656bbb105a63834643ac3ce0543ccb31
SHA256 fe7e3cdc331db7247ea57314d1bc11db5cf45e8f774d6218b90ada866d421af3
SHA512 f40e3c5e6e21b834af922cbe2629069531e3c8dac58865ef50c08f3827605eca1c131494e6d41610fb391aec36c958f8ea12b6d3d6ac1fb9cd6f1704e6784554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2d049cfb8d44b0519bcd421afdffd16
SHA1 b166832d209c75b34f3c1cf293c60dd4c636a84a
SHA256 4952d46e420eac8207369112d624816445adc6cc7366064ede1c718a41c80564
SHA512 cbfbc4d9f3f0423a91138431dff1d6f7ec6598ff917bc42b6959599aeaae01eb5d42bb0711e5db251f9c5cfeeef501c66e3c1b87a44243d0781017aeaf40f2be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b3a4201929f3203e86179e509681b95
SHA1 94e597b5eb14506aa4b9a0f4b21d4b196842313e
SHA256 729e3223ac67bd8d101e7da7f130264c8fcb40d9ce22f9b937ed220a2e9e20a5
SHA512 d506a76128f551e63b648f71992bf12684d3148559c29f1030f3b3e00c4ccf563e6777664f6a7379245f55153fd6cf88b7e73064dd9f903c31c33adb39c85de8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af208c6bb14127eea0541bed38bd0a06
SHA1 c5f4da6f0726b3f85cd81f2b4ec5aade4915baa9
SHA256 fdc65b15d14ebfe8c39ae462afbdd24f95e471d3d72c93e1bd71b64dc5c46c42
SHA512 d6fa99f77819d99a717d9a107004562136d4fe4cb5e3f045c317a87419e93be2b4f630f53165d3ea508cf18eed04a88fa527cb78bb82f71bd3740e1e032b7727